Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2XBUEobH0kSH5Bh1e_pBRZCBA.roa
File:                     5X2XBUEobH0kSH5Bh1e_pBRZCBA.roa (raw, json)
Hash identifier:          /BPZC4KKLuz+aJlitEwmn5DaBUMovlxneBog8bFIS+M=
Subject key identifier:   E5:7D:97:05:41:28:6C:7D:24:48:7E:41:87:57:BF:A4:14:59:08:10
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E1D079A01A0CEA7E1FD9CC54A331782DF
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2XBUEobH0kSH5Bh1e_pBRZCBA.roa
Signing time:             Tue 12 May 2026 16:31:37 +0000
ROA not before:           Tue 12 May 2026 16:31:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147003
IP address blocks:        2.27.128.0/23 maxlen: 24
                          31.77.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:07:9a:01:a0:ce:a7:e1:fd:9c:c5:4a:33:17:82:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 12 16:31:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e57d970541286c7d24487e418757bfa414590810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:29:9a:07:49:8e:c1:fd:68:b7:40:c8:dc:99:
                    93:1e:13:1e:d9:ac:34:e5:fc:f0:cd:d4:05:68:09:
                    70:41:2a:bb:5c:96:41:b6:12:aa:88:ad:48:fa:9d:
                    80:84:6f:52:d1:9a:35:42:e8:03:d4:81:a4:1e:07:
                    a8:5a:72:af:4b:a9:7c:6e:a7:37:b3:ee:55:33:41:
                    eb:7b:3d:24:49:69:fa:6c:db:18:26:62:c0:db:6e:
                    7e:01:9c:da:5c:7d:f3:4d:3f:69:f8:42:cc:22:5f:
                    04:e0:55:6b:44:3e:d9:e7:85:a9:1e:86:0f:f7:38:
                    31:f5:11:52:81:5b:c1:ef:2e:69:e8:d9:8c:2a:89:
                    32:ca:fc:ab:e8:fe:77:bd:8c:dd:19:b1:88:ab:46:
                    0e:c0:46:96:a4:bb:3e:82:a0:18:66:7c:f5:b6:67:
                    2e:b2:1b:72:0d:be:68:0f:a4:a8:bf:e4:3d:de:25:
                    ec:04:68:24:cf:a7:aa:57:c7:7c:cd:1a:d5:7d:cc:
                    e4:0b:48:be:df:00:df:ef:a8:3e:41:15:d6:90:1b:
                    76:5a:03:fb:c7:bb:14:2a:77:34:23:4c:e9:cd:c4:
                    51:f6:1c:52:16:f1:dd:6c:6e:64:ef:ec:e1:5c:ce:
                    dc:9b:50:41:21:c3:91:4b:74:b7:75:9b:a8:12:1c:
                    84:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7D:97:05:41:28:6C:7D:24:48:7E:41:87:57:BF:A4:14:59:08:10
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2XBUEobH0kSH5Bh1e_pBRZCBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.128.0/23
                  31.77.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:2d:2a:ea:3d:d5:3d:cb:b9:54:79:c4:4b:85:51:8d:cf:09:
         2b:72:5e:90:c3:0a:ef:d2:fa:f3:26:a5:4a:98:56:e6:5d:cf:
         cd:8b:28:31:8c:6c:91:5d:be:4f:8b:da:5a:a8:71:24:4f:a4:
         68:71:21:60:5a:e3:d9:ae:de:da:8a:a3:d9:a2:48:cc:b9:d1:
         12:1d:7b:93:7e:6a:dc:a7:b4:a5:93:f6:31:7d:32:6c:c1:9c:
         8e:24:7d:af:b8:62:09:47:dd:d1:40:55:26:c8:96:c5:99:03:
         67:4d:79:ff:45:17:94:c5:cf:b0:e3:97:58:ef:c9:03:7d:92:
         e7:34:9e:6c:a8:9e:a5:bd:3d:66:3a:51:4b:d7:81:36:bb:6e:
         23:c1:bd:7b:ca:15:13:1f:a2:77:ba:d8:6d:cc:9e:55:da:1a:
         5a:de:a8:85:47:6f:46:23:05:dc:a7:99:e7:0d:0d:50:ab:99:
         37:13:0d:52:e7:e7:5e:af:4b:32:a2:fb:93:f5:16:c2:6f:d4:
         f1:f2:83:3e:d8:cf:4f:64:5f:f7:34:a9:a2:9b:2d:99:16:e0:
         96:a1:e8:f2:09:cd:50:1f:ac:8c:92:78:09:dc:3d:09:2a:13:
         d9:3f:17:a0:2e:09:6e:85:95:b0:60:c6:74:1b:3c:8a:b1:4f:
         68:98:d4:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4dB5oBoM6n4f2cxUozF4LfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEyMTYzMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdkOTcwNTQxMjg2YzdkMjQ0ODdlNDE4NzU3YmZhNDE0NTkwODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwymaB0mOwf1ot0DI3JmTHhMe2aw0
5fzwzdQFaAlwQSq7XJZBthKqiK1I+p2AhG9S0Zo1QugD1IGkHgeoWnKvS6l8bqc3
s+5VM0Hrez0kSWn6bNsYJmLA225+AZzaXH3zTT9p+ELMIl8E4FVrRD7Z54WpHoYP
9zgx9RFSgVvB7y5p6NmMKokyyvyr6P53vYzdGbGIq0YOwEaWpLs+gqAYZnz1tmcu
shtyDb5oD6Sov+Q93iXsBGgkz6eqV8d8zRrVfczkC0i+3wDf76g+QRXWkBt2WgP7
x7sUKnc0I0zpzcRR9hxSFvHdbG5k7+zhXM7cm1BBIcORS3S3dZuoEhyE1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOV9lwVBKGx9JEh+QYdXv6QUWQgQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNVgyWEJVRW9iSDBrU0g1QmgxZV9wQlJaQ0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBAhuAAwQB
H02yMA0GCSqGSIb3DQEBCwUAA4IBAQBgLSrqPdU9y7lUecRLhVGNzwkrcl6Qwwrv
0vrzJqVKmFbmXc/NiygxjGyRXb5Pi9paqHEkT6RocSFgWuPZrt7aiqPZokjMudES
HXuTfmrcp7Slk/YxfTJswZyOJH2vuGIJR93RQFUmyJbFmQNnTXn/RReUxc+w45dY
78kDfZLnNJ5sqJ6lvT1mOlFL14E2u24jwb17yhUTH6J3uthtzJ5V2hpa3qiFR29G
IwXcp5nnDQ1Qq5k3Ew1S5+der0syovuT9RbCb9Tx8oM+2M9PZF/3NKmimy2ZFuCW
oejyCc1QH6yMkngJ3D0JKhPZPxegLgluhZWwYMZ0GzyKsU9omNT3
-----END CERTIFICATE-----