Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xwCbfFee8_YiiJgPiUKJKhuN0fI.roa
File:                     xwCbfFee8_YiiJgPiUKJKhuN0fI.roa (raw, json)
Hash identifier:          GvI4KEGFoFMRuZVzRYcqx4SmNLs36nLVZIMh9rbuVCo=
Subject key identifier:   C7:00:9B:7C:57:9E:F3:F6:22:88:98:0F:89:42:89:2A:1B:8D:D1:F2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DC5E3B4F2BB2FCF69F0648C26EBD426ED
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xwCbfFee8_YiiJgPiUKJKhuN0fI.roa
Signing time:             Sat 25 Apr 2026 18:25:27 +0000
ROA not before:           Sat 25 Apr 2026 18:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214937
IP address blocks:        2.27.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c5:e3:b4:f2:bb:2f:cf:69:f0:64:8c:26:eb:d4:26:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 25 18:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7009b7c579ef3f62288980f8942892a1b8dd1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:a1:88:11:3f:07:5d:94:e9:b8:4d:74:6f:
                    49:42:ff:23:15:a8:dd:1c:b0:1a:3e:93:13:d2:21:
                    23:d4:77:b3:b8:e4:d4:b7:79:28:8a:00:66:a4:07:
                    4d:82:7c:2c:8d:2d:71:1e:e6:96:b0:d0:59:93:fc:
                    76:90:c5:ff:5b:98:2b:4d:f9:ce:ed:6a:5a:02:7a:
                    08:b0:d2:fd:1d:cb:b6:6b:27:d6:c3:77:d2:58:23:
                    95:30:8f:b7:3e:c4:1f:4a:9d:ca:a4:9a:77:fd:7e:
                    ef:23:89:64:95:ae:04:f3:93:9c:49:4d:3a:f6:cc:
                    98:41:49:ac:28:8d:c9:c3:8c:f3:f0:0e:f5:4b:57:
                    0d:b6:b3:7a:3f:13:17:5f:e9:03:ed:d4:25:7d:d6:
                    63:68:e8:78:36:ec:81:61:ab:3c:cd:19:17:b7:06:
                    41:29:4d:68:89:86:22:07:02:4e:4d:ef:71:23:4e:
                    d7:15:83:61:bd:05:57:c3:81:cb:93:f3:45:4c:5b:
                    f8:6e:a3:63:f8:37:d0:f7:ad:9e:ad:d7:c8:35:e3:
                    80:85:8d:7a:1e:41:15:83:67:8c:84:cf:d9:24:ab:
                    a6:4a:23:31:f6:28:d8:f6:5b:10:db:be:ee:c2:78:
                    41:13:a7:62:f3:14:25:eb:67:60:2f:03:e1:f0:e8:
                    ed:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:00:9B:7C:57:9E:F3:F6:22:88:98:0F:89:42:89:2A:1B:8D:D1:F2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xwCbfFee8_YiiJgPiUKJKhuN0fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:d2:c0:5f:ec:1d:13:c8:e6:dd:a6:e9:eb:2c:ae:bb:13:a0:
         f7:40:46:8a:1e:b4:32:39:52:40:3c:11:3b:da:01:8c:ef:23:
         18:aa:f8:13:45:e2:75:07:f8:70:81:4e:2a:ad:4f:03:10:80:
         17:f2:35:5a:0b:5b:00:7f:db:4f:cd:78:e9:2a:ab:ad:00:43:
         47:1e:1d:57:20:a2:21:85:83:fb:3a:55:76:26:0e:31:4f:9f:
         81:d3:8b:2c:7f:09:c3:8d:26:35:7b:67:0a:0f:6d:e7:ab:6b:
         fa:78:fa:7f:f0:6e:c5:05:68:45:5b:4e:d0:1b:8c:d6:e1:7f:
         65:b6:52:b2:a8:91:28:8a:7a:81:68:e9:15:7b:07:c5:36:37:
         73:c4:4b:bf:88:ed:b8:a9:ef:dc:87:b8:6c:42:2c:ef:aa:5c:
         9a:37:28:ff:bf:a3:20:3f:0f:5c:83:fe:75:12:12:ea:0e:84:
         14:46:67:bd:6d:07:8c:6c:ec:fa:bc:2f:e8:b5:ee:0a:c6:b7:
         16:2e:e4:3a:f0:2b:80:e3:40:03:ff:0b:92:9a:56:0b:4a:64:
         46:74:95:59:7b:76:80:f6:69:b4:8a:4f:45:ef:0e:bb:c1:29:
         ab:42:f6:d9:0b:3e:18:64:2c:c8:cf:66:af:c2:46:db:ae:1c:
         91:71:13:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3F47Tyuy/PafBkjCbr1CbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI1MTgyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzAwOWI3YzU3OWVmM2Y2MjI4ODk4MGY4OTQyODkyYTFiOGRkMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYmhiBE/B12U6bhNdG9JQv8jFajd
HLAaPpMT0iEj1HezuOTUt3koigBmpAdNgnwsjS1xHuaWsNBZk/x2kMX/W5grTfnO
7WpaAnoIsNL9Hcu2ayfWw3fSWCOVMI+3PsQfSp3KpJp3/X7vI4lkla4E85OcSU06
9syYQUmsKI3Jw4zz8A71S1cNtrN6PxMXX+kD7dQlfdZjaOh4NuyBYas8zRkXtwZB
KU1oiYYiBwJOTe9xI07XFYNhvQVXw4HLk/NFTFv4bqNj+DfQ962erdfINeOAhY16
HkEVg2eMhM/ZJKumSiMx9ijY9lsQ277uwnhBE6di8xQl62dgLwPh8OjtYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcAm3xXnvP2IoiYD4lCiSobjdHyMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveHdDYmZGZWU4X1lpaUpnUGlVS0pLaHVOMGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAht9MA0G
CSqGSIb3DQEBCwUAA4IBAQBJ0sBf7B0TyObdpunrLK67E6D3QEaKHrQyOVJAPBE7
2gGM7yMYqvgTReJ1B/hwgU4qrU8DEIAX8jVaC1sAf9tPzXjpKqutAENHHh1XIKIh
hYP7OlV2Jg4xT5+B04ssfwnDjSY1e2cKD23nq2v6ePp/8G7FBWhFW07QG4zW4X9l
tlKyqJEoinqBaOkVewfFNjdzxEu/iO24qe/ch7hsQizvqlyaNyj/v6MgPw9cg/51
EhLqDoQURme9bQeMbOz6vC/ote4KxrcWLuQ68CuA40AD/wuSmlYLSmRGdJVZe3aA
9mm0ik9F7w67wSmrQvbZCz4YZCzIz2avwkbbrhyRcRP0
-----END CERTIFICATE-----