Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/sWfqkNHPcPkhA5a8aSQtoMjSk1g.roa
File:                     sWfqkNHPcPkhA5a8aSQtoMjSk1g.roa (raw, json)
Hash identifier:          g17baIMwzbfRDSr/hcX2JdloXizpSVyiXSiXvc7mu2Y=
Subject key identifier:   B1:67:EA:90:D1:CF:70:F9:21:03:96:BC:69:24:2D:A0:C8:D2:93:58
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       019D2006A2F05947C573F80D8760072B30CF
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/sWfqkNHPcPkhA5a8aSQtoMjSk1g.roa
Signing time:             Tue 24 Mar 2026 13:26:39 +0000
ROA not before:           Tue 24 Mar 2026 13:26:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202798
IP address blocks:        2.189.56.0/24 maxlen: 24
                          2.189.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:06:a2:f0:59:47:c5:73:f8:0d:87:60:07:2b:30:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Mar 24 13:26:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b167ea90d1cf70f9210396bc69242da0c8d29358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e0:fa:d2:a4:d1:60:ef:85:0f:80:af:7d:a6:
                    a7:7f:c4:ca:d4:be:10:bb:1b:c9:21:e0:73:f0:b1:
                    71:a3:a8:7f:ce:df:2b:f9:81:bc:5b:c4:4b:36:8b:
                    1c:d8:a5:f1:97:0a:22:80:4b:dc:28:27:af:29:7c:
                    67:98:32:94:89:51:4c:86:2a:e1:38:f0:e8:de:3e:
                    82:cd:9a:c2:ef:94:ce:2c:4b:43:03:60:00:bb:07:
                    65:ea:fe:09:da:b4:be:a6:89:60:58:57:6d:e1:23:
                    bb:24:cf:fe:c0:41:af:ef:84:02:13:0e:2a:32:74:
                    3f:4b:34:25:ad:65:ef:57:e4:ca:ae:b6:68:97:bd:
                    15:75:47:56:b0:94:81:66:13:07:dc:cf:07:27:1b:
                    44:60:70:66:90:d6:48:41:98:e8:74:a0:ec:38:1d:
                    17:1a:37:57:74:e5:db:d1:0e:a8:54:b0:5b:ab:c7:
                    98:55:ed:e5:61:63:50:aa:d7:45:04:34:f6:1f:ca:
                    8f:d8:b5:70:0f:f2:86:92:4c:ab:ed:c2:e9:14:d6:
                    b0:e7:25:04:ab:32:7f:f6:35:11:d1:83:a1:12:e3:
                    e8:1d:3a:2d:b5:1a:72:b6:e7:3e:b8:0a:55:79:b2:
                    ff:98:2e:ef:32:ce:41:4c:85:3f:fe:a5:f8:8f:2c:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:67:EA:90:D1:CF:70:F9:21:03:96:BC:69:24:2D:A0:C8:D2:93:58
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/sWfqkNHPcPkhA5a8aSQtoMjSk1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.56.0/24
                  2.189.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ac:07:8e:f9:b5:91:ed:8b:57:c4:45:8a:04:e0:42:23:dc:
         c2:9c:c1:5e:fd:4f:52:19:4f:d0:0f:a5:46:42:07:c6:4d:4c:
         f7:4f:e9:38:21:db:3b:13:3b:a3:d7:e7:62:60:5f:f8:2b:8e:
         8b:86:5d:e4:88:5e:b7:9b:61:3d:2a:e2:59:c4:d0:0d:98:ca:
         39:48:a6:b7:a5:44:ba:d3:dc:b6:77:28:a4:20:a8:29:5b:05:
         15:b6:10:51:2e:ef:3e:a0:07:a4:e1:35:08:a3:e8:d8:d6:00:
         ac:ef:91:0f:4e:88:fd:a0:fd:ef:4c:4a:f7:26:c4:b5:cc:09:
         d8:65:ee:9a:83:fb:97:18:1a:a5:a7:07:a9:c6:fc:ab:1d:76:
         10:b1:f0:3f:c3:a3:15:ef:a3:ac:d3:4e:ee:5a:84:a2:fe:39:
         9b:86:dc:30:72:aa:de:c3:83:1e:a8:9a:b8:8b:3e:0a:da:54:
         b7:1a:90:09:0b:07:39:5c:91:b3:85:bc:0a:39:1c:92:ce:3b:
         bb:bf:24:c4:d4:e2:59:dd:79:72:10:cf:34:8b:a9:7f:56:42:
         9e:51:2d:e3:f1:b2:a9:64:50:0d:53:b6:9c:9b:4f:99:76:d1:
         55:0a:6e:dc:c6:2c:2b:f7:43:65:f4:90:91:f6:ef:0b:9e:31:
         da:82:23:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0gBqLwWUfFc/gNh2AHKzDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjYwMzI0MTMyNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTY3ZWE5MGQxY2Y3MGY5MjEwMzk2YmM2OTI0MmRhMGM4ZDI5MzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeD60qTRYO+FD4Cvfaanf8TK1L4Q
uxvJIeBz8LFxo6h/zt8r+YG8W8RLNosc2KXxlwoigEvcKCevKXxnmDKUiVFMhirh
OPDo3j6CzZrC75TOLEtDA2AAuwdl6v4J2rS+polgWFdt4SO7JM/+wEGv74QCEw4q
MnQ/SzQlrWXvV+TKrrZol70VdUdWsJSBZhMH3M8HJxtEYHBmkNZIQZjodKDsOB0X
GjdXdOXb0Q6oVLBbq8eYVe3lYWNQqtdFBDT2H8qP2LVwD/KGkkyr7cLpFNaw5yUE
qzJ/9jUR0YOhEuPoHTottRpytuc+uApVebL/mC7vMs5BTIU//qX4jywq0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFn6pDRz3D5IQOWvGkkLaDI0pNYMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvc1dmcWtOSFBjUGtoQTVhOGFTUXRvTWpTazFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAr04AwQA
Ar06MA0GCSqGSIb3DQEBCwUAA4IBAQAvrAeO+bWR7YtXxEWKBOBCI9zCnMFe/U9S
GU/QD6VGQgfGTUz3T+k4Ids7Ezuj1+diYF/4K46Lhl3kiF63m2E9KuJZxNANmMo5
SKa3pUS609y2dyikIKgpWwUVthBRLu8+oAek4TUIo+jY1gCs75EPToj9oP3vTEr3
JsS1zAnYZe6ag/uXGBqlpwepxvyrHXYQsfA/w6MV76Os007uWoSi/jmbhtwwcqre
w4MeqJq4iz4K2lS3GpAJCwc5XJGzhbwKORySzju7vyTE1OJZ3XlyEM80i6l/VkKe
US3j8bKpZFANU7acm0+ZdtFVCm7cxiwr90Nl9JCR9u8LnjHagiP7
-----END CERTIFICATE-----