Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y7LBNg--gWpW7YONMPqtgMXzIzE.roa
File:                     y7LBNg--gWpW7YONMPqtgMXzIzE.roa (raw, json)
Hash identifier:          ceVAFBg8a9fMpBsWW/DIAdCSwFM9VwD+6JWIno9PDJY=
Subject key identifier:   CB:B2:C1:36:0F:BE:81:6A:56:ED:83:8D:30:FA:AD:80:C5:F3:23:31
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DFEB8991C906CF498E394755C4610F94E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y7LBNg--gWpW7YONMPqtgMXzIzE.roa
Signing time:             Wed 06 May 2026 19:16:43 +0000
ROA not before:           Wed 06 May 2026 19:16:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199783
IP address blocks:        2.26.164.0/24 maxlen: 24
                          31.77.215.0/24 maxlen: 24
                          31.77.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:b8:99:1c:90:6c:f4:98:e3:94:75:5c:46:10:f9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  6 19:16:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbb2c1360fbe816a56ed838d30faad80c5f32331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f4:5a:23:ab:d6:1f:00:83:ee:59:0f:3f:fe:
                    2b:4b:8b:b7:ba:b4:6d:63:70:86:22:55:7f:44:bf:
                    95:d7:7d:7c:1f:e0:8c:fa:cb:02:37:36:03:32:50:
                    95:32:89:e3:f5:80:e9:95:14:57:ee:7d:2a:30:cc:
                    15:d4:df:b5:71:19:1c:42:98:51:bd:a4:98:03:bd:
                    7d:05:bb:6d:e3:92:33:fc:4a:e4:d1:b1:46:d4:b1:
                    ca:c4:3f:f2:08:f7:ce:c7:5c:c4:33:b5:53:a0:c3:
                    9c:3e:8b:ea:00:7c:bc:3d:d8:03:7c:5f:c2:ca:79:
                    71:94:26:ea:16:b1:32:c0:eb:3f:7a:cf:40:42:02:
                    6d:3a:2d:20:db:41:5f:76:ba:93:70:73:35:a1:cb:
                    0b:e8:0e:84:e2:ec:0f:78:45:82:68:cb:e8:cd:56:
                    8e:49:00:dc:25:ff:c1:3e:5a:b7:cc:e0:85:e7:cc:
                    70:ef:d2:7b:0f:57:b2:0f:87:8f:6c:c7:35:9b:fe:
                    e7:95:59:b2:64:0f:25:d2:cc:90:48:81:30:bb:dd:
                    3a:0e:01:80:67:97:6d:a3:d5:ec:7c:94:e9:dd:6a:
                    ab:bf:58:ba:a8:a1:32:7d:de:8d:a5:eb:80:f7:5d:
                    c8:05:24:78:67:27:f0:7b:29:07:cf:1f:fa:2c:8b:
                    d1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B2:C1:36:0F:BE:81:6A:56:ED:83:8D:30:FA:AD:80:C5:F3:23:31
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y7LBNg--gWpW7YONMPqtgMXzIzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.164.0/24
                  31.77.215.0/24
                  31.77.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:c7:07:d8:9f:85:b6:6b:9d:b5:12:a5:20:b9:e8:52:55:f9:
         83:ae:de:93:9e:3f:b6:1a:2e:77:d3:ec:d3:11:a2:1c:96:f7:
         a0:2d:57:1b:43:ed:d9:0a:ad:2d:2d:02:88:09:21:a7:fe:32:
         ff:dd:5b:c0:e4:17:5e:c2:ef:8d:74:5e:56:8a:0b:d2:89:6c:
         f3:62:92:6a:ae:be:08:06:3b:e8:b4:68:a9:8a:da:7f:58:30:
         39:ce:4c:ee:d6:c9:28:64:16:83:4c:6b:6a:c1:1e:fc:83:1c:
         a9:f9:e6:13:e0:3e:55:52:cc:14:9c:fc:77:14:09:f9:58:bd:
         ab:0e:0b:ee:47:8f:61:a8:ca:57:bc:74:ca:be:45:f8:21:50:
         e1:b0:b0:34:a2:f7:25:42:d6:b2:9a:53:69:b5:8b:6f:12:aa:
         d4:ed:04:0b:a7:58:0e:e8:ca:e3:46:24:0d:58:f6:38:04:f3:
         0c:fb:85:fc:ba:61:8b:96:13:34:11:01:7a:ba:0e:67:92:f5:
         d3:d6:a3:22:9b:8d:c3:17:87:ac:9a:b2:7f:45:d1:b1:2a:31:
         d2:7e:43:7f:9a:8a:03:de:c2:f9:a8:c9:38:79:2c:51:00:21:
         07:b2:14:79:95:f5:c3:f0:2d:9d:f9:1d:0e:16:7e:b5:0e:c4:
         3f:81:9c:9d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3+uJkckGz0mOOUdVxGEPlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA2MTkxNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmIyYzEzNjBmYmU4MTZhNTZlZDgzOGQzMGZhYWQ4MGM1ZjMyMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPRaI6vWHwCD7lkPP/4rS4u3urRt
Y3CGIlV/RL+V1318H+CM+ssCNzYDMlCVMonj9YDplRRX7n0qMMwV1N+1cRkcQphR
vaSYA719Bbtt45Iz/Erk0bFG1LHKxD/yCPfOx1zEM7VToMOcPovqAHy8PdgDfF/C
ynlxlCbqFrEywOs/es9AQgJtOi0g20FfdrqTcHM1ocsL6A6E4uwPeEWCaMvozVaO
SQDcJf/BPlq3zOCF58xw79J7D1eyD4ePbMc1m/7nlVmyZA8l0syQSIEwu906DgGA
Z5dto9XsfJTp3Wqrv1i6qKEyfd6NpeuA913IBSR4ZyfweykHzx/6LIvReQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMuywTYPvoFqVu2DjTD6rYDF8yMxMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveTdMQk5nLS1nV3BXN1lPTk1QcXRnTVh6SXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAhqkAwQA
H03XAwQAH03bMA0GCSqGSIb3DQEBCwUAA4IBAQCVxwfYn4W2a521EqUguehSVfmD
rt6Tnj+2Gi530+zTEaIclvegLVcbQ+3ZCq0tLQKICSGn/jL/3VvA5Bdewu+NdF5W
igvSiWzzYpJqrr4IBjvotGipitp/WDA5zkzu1skoZBaDTGtqwR78gxyp+eYT4D5V
UswUnPx3FAn5WL2rDgvuR49hqMpXvHTKvkX4IVDhsLA0ovclQtaymlNptYtvEqrU
7QQLp1gO6MrjRiQNWPY4BPMM+4X8umGLlhM0EQF6ug5nkvXT1qMim43DF4esmrJ/
RdGxKjHSfkN/mooD3sL5qMk4eSxRACEHshR5lfXD8C2d+R0OFn61DsQ/gZyd
-----END CERTIFICATE-----