Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/Y3QKQzEPDmZm8PJypZh9nJ9wgpY.roa
File:                     Y3QKQzEPDmZm8PJypZh9nJ9wgpY.roa (raw, json)
Hash identifier:          uGJeMzvWRvF44ZA525KqGwzFGcmEAKAT9aDouXzGutU=
Subject key identifier:   63:74:0A:43:31:0F:0E:66:66:F0:F2:72:A5:98:7D:9C:9F:70:82:96
Certificate issuer:       /CN=5fc4a898765c3038b15a0d3597243941da3c096c
Certificate serial:       019CF750224B511C14C26B7D443C7988DE19
Authority key identifier: 5F:C4:A8:98:76:5C:30:38:B1:5A:0D:35:97:24:39:41:DA:3C:09:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8SomHZcMDixWg01lyQ5Qdo8CWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/Y3QKQzEPDmZm8PJypZh9nJ9wgpY.roa
Signing time:             Mon 16 Mar 2026 15:42:29 +0000
ROA not before:           Mon 16 Mar 2026 15:42:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6075
IP address blocks:        192.28.124.0/24 maxlen: 24
                          192.28.125.0/24 maxlen: 24
                          192.28.126.0/24 maxlen: 24
                          192.28.127.0/24 maxlen: 24
                          192.28.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/X8SomHZcMDixWg01lyQ5Qdo8CWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/X8SomHZcMDixWg01lyQ5Qdo8CWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8SomHZcMDixWg01lyQ5Qdo8CWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:50:22:4b:51:1c:14:c2:6b:7d:44:3c:79:88:de:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc4a898765c3038b15a0d3597243941da3c096c
        Validity
            Not Before: Mar 16 15:42:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63740a43310f0e6666f0f272a5987d9c9f708296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:54:e3:e5:a2:35:22:a3:6c:65:bb:c3:8e:83:
                    f8:fc:11:7a:06:73:40:00:f5:2c:cb:8f:14:19:0d:
                    27:81:2a:90:0d:b1:1d:b1:21:b5:50:12:7f:38:a8:
                    fd:92:6e:32:87:cd:83:17:33:af:e5:ea:54:27:48:
                    c6:41:b3:eb:80:3c:ae:fa:09:18:3b:33:fb:07:36:
                    20:da:1c:0b:16:e1:c4:f3:cb:f8:22:ca:e7:de:21:
                    2e:43:ab:20:02:e0:d6:bf:29:f9:1b:1a:bf:71:e9:
                    82:c2:bc:89:e2:6a:4b:14:1d:a1:bc:1a:3d:04:8a:
                    bd:9d:8d:d6:6b:b9:4c:1e:df:b2:5c:fc:38:5e:48:
                    0c:f4:97:1a:37:fb:4d:fe:5b:2e:b3:6f:90:0f:7d:
                    88:0e:53:65:23:0b:41:80:79:57:c0:43:eb:3c:40:
                    e2:6e:c2:ac:89:44:04:0e:ec:ca:38:34:1a:05:d1:
                    67:e2:74:b9:7d:c1:5e:30:d6:12:5b:75:5b:70:95:
                    f5:93:f5:cc:e5:f0:7b:e1:3a:14:96:ab:75:2c:99:
                    55:b6:99:53:86:37:b8:14:9a:70:e8:5b:41:72:d4:
                    17:eb:12:dd:17:df:b8:ce:cf:ae:59:62:2d:19:d7:
                    16:3a:cf:1c:73:41:9d:35:a1:9f:af:ea:29:e4:ce:
                    0f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:74:0A:43:31:0F:0E:66:66:F0:F2:72:A5:98:7D:9C:9F:70:82:96
            X509v3 Authority Key Identifier:
                keyid:5F:C4:A8:98:76:5C:30:38:B1:5A:0D:35:97:24:39:41:DA:3C:09:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8SomHZcMDixWg01lyQ5Qdo8CWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/Y3QKQzEPDmZm8PJypZh9nJ9wgpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1c2977-42ed-4501-b424-9d9b0245d108/1/X8SomHZcMDixWg01lyQ5Qdo8CWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.28.124.0-192.28.128.255

    Signature Algorithm: sha256WithRSAEncryption
         1b:53:27:ff:84:78:5a:e8:ed:51:7c:db:1b:3d:4e:2f:83:ef:
         82:fd:2f:a9:27:6c:95:51:83:71:52:75:23:85:a4:dd:1f:1a:
         cf:47:20:71:d1:70:cd:54:17:d8:ab:02:f2:75:50:45:2e:db:
         c1:af:e7:91:e8:a8:9a:4e:17:9e:05:ac:0e:63:95:32:99:0a:
         b4:ee:96:ce:d0:62:c9:c2:3a:87:ec:1d:41:4f:7d:22:9a:59:
         45:3a:96:da:b7:18:d2:46:ba:59:bf:0a:03:10:60:8c:79:b0:
         9c:dd:b4:22:8e:4f:e3:40:1d:19:6e:01:6f:32:6e:c8:85:75:
         8e:7d:e5:b2:59:e8:c9:a1:1d:0e:9f:65:a9:10:6f:51:53:65:
         0e:44:e5:c3:38:d6:04:d7:03:ea:16:01:6e:11:dc:8d:d1:33:
         aa:a6:94:44:a7:f3:f1:92:d7:0f:b6:45:1e:cd:d9:1c:90:1c:
         82:d4:00:e7:5e:06:b4:42:8f:2c:a7:26:74:56:18:b4:06:6d:
         e5:22:f7:94:99:d2:99:29:05:95:3a:2b:ed:0a:5a:fb:30:ec:
         63:ce:71:ef:e9:ca:a3:77:f2:b7:88:c3:45:a5:7f:13:fb:ca:
         0a:91:c3:9f:a8:61:f3:d4:18:26:e2:c9:d7:47:7d:7f:04:a7:
         6e:f6:f7:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZz3UCJLURwUwmt9RDx5iN4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzRhODk4NzY1YzMwMzhiMTVhMGQzNTk3MjQzOTQxZGEz
YzA5NmMwHhcNMjYwMzE2MTU0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzc0MGE0MzMxMGYwZTY2NjZmMGYyNzJhNTk4N2Q5YzlmNzA4Mjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31Tj5aI1IqNsZbvDjoP4/BF6BnNA
APUsy48UGQ0ngSqQDbEdsSG1UBJ/OKj9km4yh82DFzOv5epUJ0jGQbPrgDyu+gkY
OzP7BzYg2hwLFuHE88v4Isrn3iEuQ6sgAuDWvyn5Gxq/cemCwryJ4mpLFB2hvBo9
BIq9nY3Wa7lMHt+yXPw4XkgM9JcaN/tN/lsus2+QD32IDlNlIwtBgHlXwEPrPEDi
bsKsiUQEDuzKODQaBdFn4nS5fcFeMNYSW3VbcJX1k/XM5fB74ToUlqt1LJlVtplT
hje4FJpw6FtBctQX6xLdF9+4zs+uWWItGdcWOs8cc0GdNaGfr+op5M4PcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGN0CkMxDw5mZvDycqWYfZyfcIKWMB8GA1UdIwQY
MBaAFF/EqJh2XDA4sVoNNZckOUHaPAlsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhTb21IWmNNRGl4V2cwMWx5UTVRZG84Q1d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xYzI5NzctNDJlZC00NTAxLWI0MjQt
OWQ5YjAyNDVkMTA4LzEvWTNRS1F6RVBEbVptOFBKeXBaaDluSjl3Z3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xYzI5NzctNDJlZC00NTAxLWI0MjQtOWQ5YjAyNDVkMTA4
LzEvWDhTb21IWmNNRGl4V2cwMWx5UTVRZG84Q1d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALAHHwD
BADAHIAwDQYJKoZIhvcNAQELBQADggEBABtTJ/+EeFro7VF82xs9Ti+D74L9L6kn
bJVRg3FSdSOFpN0fGs9HIHHRcM1UF9irAvJ1UEUu28Gv55HoqJpOF54FrA5jlTKZ
CrTuls7QYsnCOofsHUFPfSKaWUU6ltq3GNJGulm/CgMQYIx5sJzdtCKOT+NAHRlu
AW8ybsiFdY595bJZ6MmhHQ6fZakQb1FTZQ5E5cM41gTXA+oWAW4R3I3RM6qmlESn
8/GS1w+2RR7N2RyQHILUAOdeBrRCjyynJnRWGLQGbeUi95SZ0pkpBZU6K+0KWvsw
7GPOce/pyqN38reIw0WlfxP7ygqRw5+oYfPUGCbiyddHfX8Ep2729+Y=
-----END CERTIFICATE-----