Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Nhie3SK-GexOd0zDRnm5aw1VR4.roa
File:                     1Nhie3SK-GexOd0zDRnm5aw1VR4.roa (raw, json)
Hash identifier:          G8gfODDhYppBDJ4OtK6UUleBh1ByBeb7aS6vMpzCuBw=
Subject key identifier:   D4:D8:62:7B:74:8A:F8:67:B1:39:DD:33:0D:19:E6:E5:AC:35:55:1E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D2094534EAFA48BBC22FB07045F95ACA9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Nhie3SK-GexOd0zDRnm5aw1VR4.roa
Signing time:             Tue 24 Mar 2026 16:01:24 +0000
ROA not before:           Tue 24 Mar 2026 16:01:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        2.27.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:94:53:4e:af:a4:8b:bc:22:fb:07:04:5f:95:ac:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 24 16:01:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4d8627b748af867b139dd330d19e6e5ac35551e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:db:ae:d3:ad:28:85:21:3c:63:98:53:d4:5b:
                    6e:a7:8c:f6:ca:0e:a3:09:aa:f4:63:b8:fb:0e:20:
                    ea:94:22:ad:4b:5a:94:a6:2b:df:0b:86:d6:64:17:
                    9f:ff:f0:2e:63:f8:97:7f:1a:70:d2:c8:1c:81:f8:
                    50:64:97:9f:b5:81:55:2e:d6:76:b0:d4:8b:29:28:
                    c3:c9:61:22:1e:b0:10:c3:1c:28:1d:47:08:86:03:
                    7d:8a:5d:da:84:4b:e4:d6:2a:b7:cd:49:3e:00:3b:
                    5e:c7:0e:3d:73:95:7c:ba:2f:9d:12:99:2f:62:82:
                    bd:0c:ac:09:44:91:ca:0e:f1:70:be:8f:f6:01:e0:
                    96:50:3c:97:aa:f0:3b:35:3b:95:ac:6c:9b:60:45:
                    9b:d2:f9:ec:fb:f3:3b:4e:5f:bc:54:05:07:57:96:
                    1c:b9:c3:9e:cb:6a:70:9d:04:67:3e:59:72:cd:8e:
                    d2:6a:dd:d9:a1:aa:fb:5f:08:41:cc:63:af:08:88:
                    5a:76:3b:fd:79:d2:c8:7e:d8:e4:6b:da:b6:c9:f1:
                    bc:07:18:9e:87:f6:9c:64:a2:28:a0:18:9b:fe:e6:
                    16:32:86:45:02:76:0a:05:df:b3:16:12:fe:b9:62:
                    90:53:17:25:f0:07:82:ac:ae:cb:65:8d:1e:3e:51:
                    4b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D8:62:7B:74:8A:F8:67:B1:39:DD:33:0D:19:E6:E5:AC:35:55:1E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1Nhie3SK-GexOd0zDRnm5aw1VR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a4:9a:07:52:71:81:f7:58:2f:2f:f4:8a:2e:ae:6a:a9:77:
         a6:7b:dd:d5:a3:9e:9a:72:86:4b:fc:2e:7e:ec:07:7e:63:9f:
         fc:48:c2:9a:05:cb:c1:49:df:27:e8:5d:44:aa:18:80:fa:3c:
         2a:fe:2a:57:3c:ad:25:a2:7d:cd:e0:ac:e4:9e:51:8e:cf:d8:
         52:d9:09:26:f8:e9:38:5d:3c:dd:d0:b6:47:ff:b5:af:01:03:
         19:11:ea:21:51:34:43:36:20:be:d1:1f:5a:a8:84:8d:e1:8b:
         56:5e:01:7c:61:7f:86:c2:2f:f5:c1:38:5c:e6:58:2c:29:24:
         e1:21:11:4c:e9:35:20:e2:43:d0:1e:1e:21:5d:d2:b0:4e:f9:
         25:14:33:60:27:64:16:1a:24:96:54:13:22:80:82:41:3f:11:
         d4:43:66:6e:21:02:e1:06:e0:d7:fd:66:7a:3b:13:53:d4:43:
         3c:a7:9c:17:60:37:98:1c:50:7c:52:d9:79:b7:59:5c:5e:eb:
         8e:d9:23:c8:8f:2a:74:ca:9f:a2:4e:a6:a8:12:d8:fd:9a:66:
         c1:d9:36:3e:16:5d:9e:73:8f:14:f2:61:2f:17:32:1c:95:05:
         fe:88:73:7a:90:28:be:91:1a:03:4f:4a:cd:9a:ba:d2:17:cf:
         c0:f7:4d:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0glFNOr6SLvCL7BwRflaypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI0MTYwMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQ4NjI3Yjc0OGFmODY3YjEzOWRkMzMwZDE5ZTZlNWFjMzU1NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNuu060ohSE8Y5hT1Ftup4z2yg6j
Car0Y7j7DiDqlCKtS1qUpivfC4bWZBef//AuY/iXfxpw0sgcgfhQZJeftYFVLtZ2
sNSLKSjDyWEiHrAQwxwoHUcIhgN9il3ahEvk1iq3zUk+ADtexw49c5V8ui+dEpkv
YoK9DKwJRJHKDvFwvo/2AeCWUDyXqvA7NTuVrGybYEWb0vns+/M7Tl+8VAUHV5Yc
ucOey2pwnQRnPllyzY7Sat3Zoar7XwhBzGOvCIhadjv9edLIftjka9q2yfG8Bxie
h/acZKIooBib/uYWMoZFAnYKBd+zFhL+uWKQUxcl8AeCrK7LZY0ePlFLrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTYYnt0ivhnsTndMw0Z5uWsNVUeMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMU5oaWUzU0stR2V4T2QwekRSbm01YXcxVlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtoMA0G
CSqGSIb3DQEBCwUAA4IBAQBIpJoHUnGB91gvL/SKLq5qqXeme93Vo56acoZL/C5+
7Ad+Y5/8SMKaBcvBSd8n6F1EqhiA+jwq/ipXPK0lon3N4KzknlGOz9hS2Qkm+Ok4
XTzd0LZH/7WvAQMZEeohUTRDNiC+0R9aqISN4YtWXgF8YX+Gwi/1wThc5lgsKSTh
IRFM6TUg4kPQHh4hXdKwTvklFDNgJ2QWGiSWVBMigIJBPxHUQ2ZuIQLhBuDX/WZ6
OxNT1EM8p5wXYDeYHFB8Utl5t1lcXuuO2SPIjyp0yp+iTqaoEtj9mmbB2TY+Fl2e
c48U8mEvFzIclQX+iHN6kCi+kRoDT0rNmrrSF8/A903u
-----END CERTIFICATE-----