Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ymanNHLIsThRbd-Le1zORclZ5p8.roa
File:                     ymanNHLIsThRbd-Le1zORclZ5p8.roa (raw, json)
Hash identifier:          uAz46KRIBpJXW49E+RYXC9I7hRzx5bY/8N9FXx5Y424=
Subject key identifier:   CA:66:A7:34:72:C8:B1:38:51:6D:DF:8B:7B:5C:CE:45:C9:59:E6:9F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D01B85334C17F84C12E6439E50ADBD23B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ymanNHLIsThRbd-Le1zORclZ5p8.roa
Signing time:             Wed 18 Mar 2026 16:12:30 +0000
ROA not before:           Wed 18 Mar 2026 16:12:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        2.27.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:b8:53:34:c1:7f:84:c1:2e:64:39:e5:0a:db:d2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 18 16:12:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca66a73472c8b138516ddf8b7b5cce45c959e69f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9a:98:b9:dc:57:25:fd:f1:a2:84:f6:dc:e7:
                    bb:b7:b1:67:ac:a3:63:e1:06:1b:af:8e:74:43:77:
                    f1:ab:84:15:34:4e:b2:eb:ca:71:e5:a8:6d:b7:17:
                    4f:ad:00:e6:8c:1e:e9:8d:bb:28:7d:ed:ec:40:8b:
                    8e:16:c9:6d:0f:02:9e:4a:42:5e:c5:a9:e5:2d:5f:
                    a0:85:8b:61:62:93:5f:24:b0:48:d4:5e:92:dc:63:
                    b5:ba:b8:22:34:ad:70:dc:91:98:c4:6a:89:e5:68:
                    21:b9:c9:57:7f:9a:0c:30:1a:68:19:c2:92:6b:19:
                    53:9b:4e:01:7b:fe:15:21:8b:37:70:7a:c9:cf:93:
                    bb:40:ad:e6:8f:66:0d:63:5d:41:be:b4:9a:a7:20:
                    05:1a:cb:64:f3:dd:d4:19:8f:b1:c7:62:ca:87:ce:
                    3f:27:80:be:fa:ef:a6:7d:8f:3d:e8:c5:d6:0a:f9:
                    5f:c6:d1:0f:b7:27:aa:c7:7b:eb:24:9c:fd:e6:0f:
                    ab:9f:51:20:d1:70:1a:71:57:cf:33:80:d0:7d:9b:
                    7f:cc:16:d4:cb:55:df:d9:fb:da:9f:70:46:09:3a:
                    46:68:32:92:e7:a8:ae:0e:ca:e9:90:81:87:36:5b:
                    fc:93:65:03:d2:81:a2:24:bf:d1:8c:29:07:64:b7:
                    14:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:66:A7:34:72:C8:B1:38:51:6D:DF:8B:7B:5C:CE:45:C9:59:E6:9F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ymanNHLIsThRbd-Le1zORclZ5p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:94:08:35:af:b5:7f:fb:4f:44:ae:69:0e:12:88:9b:9e:b1:
         71:aa:74:99:ad:b0:8f:99:d9:ef:39:f5:e5:43:20:69:c0:4a:
         7e:32:42:e8:5c:e1:0a:3d:90:45:e3:de:27:59:5b:68:3e:36:
         6f:3d:00:d8:fc:95:b3:e6:a8:d4:df:39:c1:53:3d:38:07:76:
         39:01:44:ae:b4:a2:30:1b:62:6a:a8:83:b5:cf:4d:2c:f4:ed:
         98:86:53:74:26:2f:58:4a:cd:76:d4:ba:92:48:26:aa:e6:25:
         f5:fe:8a:6d:18:e1:a0:61:3e:12:37:6d:bb:17:8c:88:26:a2:
         74:52:ae:dd:3f:bf:17:c4:49:64:d6:dd:d5:a5:83:bc:bb:18:
         9d:71:e0:f7:ea:69:7e:14:96:53:79:ac:2f:f7:65:e8:19:12:
         c2:84:77:63:0b:ad:f3:a8:73:73:9a:28:82:08:f1:57:dc:73:
         56:b9:0e:bf:17:5f:92:62:86:ee:6d:5f:bd:68:c7:cb:91:ec:
         44:2f:88:46:97:a8:0c:ac:bd:30:62:71:ab:14:dd:6c:64:ab:
         c5:99:ff:62:0e:71:db:11:00:9b:01:71:c8:b1:e1:9f:b1:ed:
         41:0c:c7:58:04:17:ae:73:ac:89:1c:a1:cc:5e:ae:dc:87:9a:
         1f:9b:d5:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BuFM0wX+EwS5kOeUK29I7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE4MTYxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY2YTczNDcyYzhiMTM4NTE2ZGRmOGI3YjVjY2U0NWM5NTllNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5qYudxXJf3xooT23Oe7t7FnrKNj
4QYbr450Q3fxq4QVNE6y68px5ahttxdPrQDmjB7pjbsofe3sQIuOFsltDwKeSkJe
xanlLV+ghYthYpNfJLBI1F6S3GO1urgiNK1w3JGYxGqJ5WghuclXf5oMMBpoGcKS
axlTm04Be/4VIYs3cHrJz5O7QK3mj2YNY11BvrSapyAFGstk893UGY+xx2LKh84/
J4C++u+mfY896MXWCvlfxtEPtyeqx3vrJJz95g+rn1Eg0XAacVfPM4DQfZt/zBbU
y1Xf2fvan3BGCTpGaDKS56iuDsrpkIGHNlv8k2UD0oGiJL/RjCkHZLcU5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpmpzRyyLE4UW3fi3tczkXJWeafMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveW1hbk5ITElzVGhSYmQtTGUxek9SY2xaNXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhvuMA0G
CSqGSIb3DQEBCwUAA4IBAQADlAg1r7V/+09ErmkOEoibnrFxqnSZrbCPmdnvOfXl
QyBpwEp+MkLoXOEKPZBF494nWVtoPjZvPQDY/JWz5qjU3znBUz04B3Y5AUSutKIw
G2JqqIO1z00s9O2YhlN0Ji9YSs121LqSSCaq5iX1/optGOGgYT4SN227F4yIJqJ0
Uq7dP78XxElk1t3VpYO8uxidceD36ml+FJZTeawv92XoGRLChHdjC63zqHNzmiiC
CPFX3HNWuQ6/F1+SYobubV+9aMfLkexEL4hGl6gMrL0wYnGrFN1sZKvFmf9iDnHb
EQCbAXHIseGfse1BDMdYBBeuc6yJHKHMXq7ch5ofm9W0
-----END CERTIFICATE-----