Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zwSBYTJx7afmOcUORSjFcFs8W2o.roa
File:                     zwSBYTJx7afmOcUORSjFcFs8W2o.roa (raw, json)
Hash identifier:          g7b1kCrg03SzLBGEtrHCPjlfWvMXkPIzZu+vpzR9OzI=
Subject key identifier:   CF:04:81:61:32:71:ED:A7:E6:39:C5:0E:45:28:C5:70:5B:3C:5B:6A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF010DD4CDA33BE178C70858A16DBEC6E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zwSBYTJx7afmOcUORSjFcFs8W2o.roa
Signing time:             Sun 03 May 2026 22:58:50 +0000
ROA not before:           Sun 03 May 2026 22:58:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209800
IP address blocks:        2.27.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f0:10:dd:4c:da:33:be:17:8c:70:85:8a:16:db:ec:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  3 22:58:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf0481613271eda7e639c50e4528c5705b3c5b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:73:82:c4:0d:04:0d:26:da:76:0f:da:d9:65:
                    2a:45:db:4c:65:37:6a:38:58:18:74:c0:8a:50:93:
                    16:66:36:a0:c6:78:dd:14:18:a9:8f:09:8d:f9:bc:
                    95:a1:63:2d:20:77:cc:6f:f8:ec:78:1a:02:bd:4b:
                    86:e1:0f:2e:d1:c8:26:8e:7d:86:bb:4d:14:b8:a3:
                    a9:bd:ac:29:f2:55:b1:54:1b:7b:10:4a:c9:6f:78:
                    21:3c:ad:53:1b:0c:91:a2:aa:78:9a:8b:f2:c7:47:
                    27:3a:64:e9:0e:ef:3b:10:f5:d2:b7:ec:85:d0:33:
                    61:10:c4:50:75:d9:88:9d:4a:bc:6f:5e:62:a2:7b:
                    3a:96:1e:a6:3d:5d:b2:a0:89:fb:56:c7:cf:b6:06:
                    29:34:0f:a2:5b:15:5c:37:27:a2:1c:76:4d:49:32:
                    37:ef:41:15:36:83:a8:bc:f3:2e:c0:25:d0:43:d7:
                    dc:6e:51:95:2c:4f:c6:94:49:27:de:c9:b4:81:51:
                    86:34:81:19:bf:b6:6d:2e:af:47:fb:08:24:c5:26:
                    57:db:e9:5d:f3:fd:89:91:ad:11:17:83:2e:58:75:
                    26:ba:9c:35:28:c7:4f:f2:11:96:fb:3f:f6:f8:94:
                    4e:69:91:82:ca:b5:ea:11:aa:03:19:71:78:58:3c:
                    41:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:04:81:61:32:71:ED:A7:E6:39:C5:0E:45:28:C5:70:5B:3C:5B:6A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zwSBYTJx7afmOcUORSjFcFs8W2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:28:f4:ef:e1:87:3f:3a:31:c3:d6:4a:06:49:9e:e9:28:ab:
         d7:8a:0f:88:61:a8:62:04:10:e3:c2:a4:25:36:1a:e7:4c:46:
         2b:2f:fe:dc:2b:72:e8:2c:ab:f7:81:81:21:da:8e:5e:3b:90:
         2c:a3:b3:8e:31:44:28:29:0e:cc:7f:12:41:21:9b:06:45:84:
         ba:fb:ae:01:e8:ea:f7:6a:0f:94:cd:52:d0:83:cd:70:76:b9:
         f0:90:16:bd:a1:4a:91:57:b0:03:d7:a1:ee:79:b2:13:bc:6a:
         c6:70:b4:40:31:30:2f:44:21:4f:25:6e:80:c6:90:55:40:ed:
         ad:18:39:77:00:19:c7:53:df:f7:bd:d0:84:a3:92:d9:ba:75:
         37:b1:30:1a:b9:41:e1:9a:c3:a2:e9:04:24:5a:0f:af:e0:ca:
         3e:cb:a7:c2:6c:0a:04:9f:79:9e:38:64:f9:88:d5:9c:c1:f3:
         58:4f:26:1b:5a:8f:7f:42:12:01:64:1d:d4:db:01:1b:5f:bc:
         51:56:ed:0a:68:46:a5:a3:93:d0:fe:9b:e3:1f:c3:31:b6:66:
         3b:b9:99:60:01:a2:57:b9:cf:39:92:14:5e:69:e2:46:34:81:
         87:94:4a:ad:28:d0:4d:bf:b3:b1:c6:55:1e:56:92:1c:6e:77:
         bf:c5:26:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3wEN1M2jO+F4xwhYoW2+xuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAzMjI1ODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA0ODE2MTMyNzFlZGE3ZTYzOWM1MGU0NTI4YzU3MDViM2M1YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXOCxA0EDSbadg/a2WUqRdtMZTdq
OFgYdMCKUJMWZjagxnjdFBipjwmN+byVoWMtIHfMb/jseBoCvUuG4Q8u0cgmjn2G
u00UuKOpvawp8lWxVBt7EErJb3ghPK1TGwyRoqp4movyx0cnOmTpDu87EPXSt+yF
0DNhEMRQddmInUq8b15ions6lh6mPV2yoIn7VsfPtgYpNA+iWxVcNyeiHHZNSTI3
70EVNoOovPMuwCXQQ9fcblGVLE/GlEkn3sm0gVGGNIEZv7ZtLq9H+wgkxSZX2+ld
8/2Jka0RF4MuWHUmupw1KMdP8hGW+z/2+JROaZGCyrXqEaoDGXF4WDxBTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8EgWEyce2n5jnFDkUoxXBbPFtqMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvendTQllUSng3YWZtT2NVT1JTakZjRnM4VzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhumMA0G
CSqGSIb3DQEBCwUAA4IBAQAfKPTv4Yc/OjHD1koGSZ7pKKvXig+IYahiBBDjwqQl
NhrnTEYrL/7cK3LoLKv3gYEh2o5eO5Aso7OOMUQoKQ7MfxJBIZsGRYS6+64B6Or3
ag+UzVLQg81wdrnwkBa9oUqRV7AD16HuebITvGrGcLRAMTAvRCFPJW6AxpBVQO2t
GDl3ABnHU9/3vdCEo5LZunU3sTAauUHhmsOi6QQkWg+v4Mo+y6fCbAoEn3meOGT5
iNWcwfNYTyYbWo9/QhIBZB3U2wEbX7xRVu0KaEalo5PQ/pvjH8MxtmY7uZlgAaJX
uc85khReaeJGNIGHlEqtKNBNv7OxxlUeVpIcbne/xSaN
-----END CERTIFICATE-----