Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-NnlQKnNvPtC6eHnwif2pcxrtuc.roa
File:                     1-NnlQKnNvPtC6eHnwif2pcxrtuc.roa (raw, json)
Hash identifier:          wXmru1cPvOF3kfQYRaoP4NsuSBt+prhxi7LZU+WAYDA=
Subject key identifier:   F8:D9:E5:40:A9:CD:BC:FB:42:E9:E1:E7:C2:27:F6:A5:CC:6B:B6:E7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D11F204615F4B32E428A089D94D2216C6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-NnlQKnNvPtC6eHnwif2pcxrtuc.roa
Signing time:             Sat 21 Mar 2026 19:49:26 +0000
ROA not before:           Sat 21 Mar 2026 19:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207158
IP address blocks:        2.27.114.0/24 maxlen: 24
                          144.31.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:f2:04:61:5f:4b:32:e4:28:a0:89:d9:4d:22:16:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 21 19:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f8d9e540a9cdbcfb42e9e1e7c227f6a5cc6bb6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e0:c8:d4:c0:f2:14:ec:84:56:74:f6:aa:59:
                    f3:f7:f9:2d:81:37:66:cb:b1:c6:60:d8:18:24:fd:
                    9a:fd:07:20:3c:f8:ef:27:b4:76:ef:54:c2:5f:10:
                    3d:11:91:7f:bc:30:d0:37:34:76:84:55:74:b7:7f:
                    18:0b:24:18:7e:73:5c:13:7b:4c:92:47:c4:21:93:
                    93:fd:e3:dd:09:8b:0f:3d:f8:69:3a:36:fd:3c:d0:
                    5c:bb:ba:e4:23:8a:56:e3:b2:e9:5c:6a:ef:d2:5a:
                    47:32:6c:91:a7:c9:d6:b9:1c:c5:85:c0:b5:20:e9:
                    5a:bb:95:f7:ce:f4:a6:ca:10:58:88:df:0d:1b:86:
                    a8:de:43:56:04:83:a9:ff:70:63:e1:29:ea:94:c7:
                    d7:5b:c6:47:ca:7a:8b:b1:64:5b:16:c8:54:1e:4d:
                    91:a9:60:63:5c:2f:6c:a3:b2:e8:88:ab:a7:9a:63:
                    1b:a6:f2:33:20:f6:ca:83:69:fe:4e:a4:28:49:88:
                    ab:46:ea:d0:aa:cd:6e:03:57:0d:32:74:da:50:c3:
                    71:d2:fe:9a:67:63:8f:f1:48:98:67:9a:a3:c3:e8:
                    00:8d:aa:f7:48:11:e7:12:e4:09:cd:34:d7:a5:9a:
                    00:61:12:e9:a6:56:ab:da:1f:22:c5:c6:7d:0f:00:
                    08:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D9:E5:40:A9:CD:BC:FB:42:E9:E1:E7:C2:27:F6:A5:CC:6B:B6:E7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-NnlQKnNvPtC6eHnwif2pcxrtuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.114.0/24
                  144.31.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:18:1d:7d:ac:c7:6e:cc:41:6a:50:db:8c:5e:f9:ba:c0:13:
         65:ea:b5:b5:34:50:41:c0:86:b1:42:84:89:57:77:5c:32:cf:
         8b:10:4a:96:15:19:e7:31:ab:a2:21:2c:8d:d3:48:e9:fb:3e:
         ba:48:25:80:b9:83:b0:cf:0e:72:cb:d1:3a:04:b9:6c:c4:93:
         c4:c4:f4:26:08:f5:d3:94:64:c8:70:de:e2:0e:58:db:27:f7:
         3d:e8:97:82:0a:ae:6e:09:a8:74:99:90:c9:c5:b0:5c:a5:ca:
         d1:7e:04:f5:8e:56:b9:3e:7b:b2:61:6a:83:e3:0c:f9:0e:2e:
         1e:7d:9d:72:de:86:bc:b2:f2:10:83:92:a5:a0:5a:79:94:67:
         4e:1a:35:a7:87:95:bc:5a:2f:10:04:12:1b:a7:7f:e6:5f:34:
         4d:34:60:20:c7:c1:f7:9a:f7:9a:88:5e:d8:1a:9a:19:ff:27:
         01:ee:6e:1e:bb:21:57:d9:bb:98:75:a0:f6:35:83:f9:f9:93:
         8c:bc:32:90:e3:38:91:ed:bc:b2:03:44:b7:8d:a9:4f:b0:5a:
         bf:1f:fb:4d:51:1d:fb:10:06:c7:69:39:00:24:9c:0c:15:6c:
         68:18:fb:26:06:e9:53:79:3a:17:e3:07:9a:4e:1f:a3:9d:e6:
         38:8d:a0:09
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ0R8gRhX0sy5CigidlNIhbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIxMTk0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGQ5ZTU0MGE5Y2RiY2ZiNDJlOWUxZTdjMjI3ZjZhNWNjNmJiNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjODI1MDyFOyEVnT2qlnz9/ktgTdm
y7HGYNgYJP2a/QcgPPjvJ7R271TCXxA9EZF/vDDQNzR2hFV0t38YCyQYfnNcE3tM
kkfEIZOT/ePdCYsPPfhpOjb9PNBcu7rkI4pW47LpXGrv0lpHMmyRp8nWuRzFhcC1
IOlau5X3zvSmyhBYiN8NG4ao3kNWBIOp/3Bj4SnqlMfXW8ZHynqLsWRbFshUHk2R
qWBjXC9so7LoiKunmmMbpvIzIPbKg2n+TqQoSYirRurQqs1uA1cNMnTaUMNx0v6a
Z2OP8UiYZ5qjw+gAjar3SBHnEuQJzTTXpZoAYRLpplar2h8ixcZ9DwAIUQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPjZ5UCpzbz7Qunh58In9qXMa7bnMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS1ObmxRS25OdlB0QzZlSG53aWYycGN4cnR1Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAIbcgME
AJAfkjANBgkqhkiG9w0BAQsFAAOCAQEAIxgdfazHbsxBalDbjF75usATZeq1tTRQ
QcCGsUKEiVd3XDLPixBKlhUZ5zGroiEsjdNI6fs+ukglgLmDsM8OcsvROgS5bMST
xMT0Jgj105RkyHDe4g5Y2yf3PeiXggqubgmodJmQycWwXKXK0X4E9Y5WuT57smFq
g+MM+Q4uHn2dct6GvLLyEIOSpaBaeZRnTho1p4eVvFovEAQSG6d/5l80TTRgIMfB
95r3mohe2BqaGf8nAe5uHrshV9m7mHWg9jWD+fmTjLwykOM4ke28sgNEt42pT7Ba
vx/7TVEd+xAGx2k5ACScDBVsaBj7JgbpU3k6F+MHmk4fo53mOI2gCQ==
-----END CERTIFICATE-----