Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/66AYwxRs3WakYeX9H9ZybRqkYFc.roa
File:                     66AYwxRs3WakYeX9H9ZybRqkYFc.roa (raw, json)
Hash identifier:          f1NVUzz2oJhfM49GNmSPfMEtZJKXWA+wONMoi5ty6xs=
Subject key identifier:   EB:A0:18:C3:14:6C:DD:66:A4:61:E5:FD:1F:D6:72:6D:1A:A4:60:57
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E137FB8A0E09E3DEA06CE44D566BDF5F9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/66AYwxRs3WakYeX9H9ZybRqkYFc.roa
Signing time:             Sun 10 May 2026 20:06:37 +0000
ROA not before:           Sun 10 May 2026 20:06:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9457
IP address blocks:        2.26.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:7f:b8:a0:e0:9e:3d:ea:06:ce:44:d5:66:bd:f5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 10 20:06:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eba018c3146cdd66a461e5fd1fd6726d1aa46057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d8:90:30:bc:05:50:0f:67:c1:f3:eb:03:b6:
                    fa:9f:ab:74:79:29:26:17:41:6c:13:e5:57:46:30:
                    bd:b3:3c:ec:a3:19:f0:01:8d:ee:8d:3f:45:a6:a2:
                    24:bd:40:ae:fc:e1:57:e2:f7:4f:b3:32:dd:bd:8b:
                    3a:73:b0:54:11:0a:f7:a8:c3:bc:dc:ca:bd:ba:3f:
                    d5:7f:05:47:39:33:44:d4:8f:20:ee:2a:a9:94:04:
                    6e:c2:31:38:c6:5b:ce:65:38:70:e8:e9:e1:f4:95:
                    ee:3b:63:9b:6d:c1:a9:0c:07:ad:63:94:ca:df:ab:
                    53:ba:94:9d:67:ad:2d:cf:ad:99:89:9d:6b:37:e3:
                    b1:1e:c5:2e:d5:dc:81:56:3f:b0:b9:03:fc:b4:67:
                    a2:e4:bf:e0:7f:f0:a1:23:c1:55:2c:b1:e5:c8:17:
                    30:75:d5:c4:80:a3:f3:4c:5f:50:78:26:ef:87:4f:
                    2d:64:34:cf:af:4f:77:b7:87:17:3c:e0:7c:23:d9:
                    61:22:cb:cb:0f:96:da:e1:8f:33:30:03:fa:b4:bf:
                    61:53:0d:c5:9d:ea:39:41:60:9c:ed:e1:4f:34:d2:
                    aa:20:9c:ae:91:b2:98:e2:a8:5e:c9:c1:10:0a:1e:
                    49:ac:0a:86:a2:6f:29:c7:05:ff:53:05:a5:ed:5f:
                    e8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A0:18:C3:14:6C:DD:66:A4:61:E5:FD:1F:D6:72:6D:1A:A4:60:57
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/66AYwxRs3WakYeX9H9ZybRqkYFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e5:f5:21:91:2f:35:dd:86:9d:92:37:74:23:f4:6e:11:76:
         1a:ec:c3:19:da:7d:8a:73:b9:ab:3e:43:fb:c1:d6:cf:22:af:
         ab:9b:ea:4d:fd:1a:2e:e7:7b:f9:d0:83:80:61:ba:be:34:20:
         1a:b6:a0:9c:66:4a:ee:78:4c:df:05:50:6d:38:7f:3a:37:fc:
         72:70:57:1d:d9:0a:a2:4e:d9:5f:fc:ef:60:62:ce:5e:e8:38:
         09:0c:94:07:27:0c:9b:2b:91:b3:df:d3:10:11:e3:af:d5:95:
         81:25:f6:3d:c4:93:b9:0b:52:24:05:f3:4c:7d:ef:54:a9:ba:
         62:f8:b3:9a:a2:c7:ce:ee:6e:a8:c1:1d:18:76:14:82:7e:bc:
         af:ec:f3:b3:74:a5:8a:f9:f6:aa:f7:c0:1c:d3:5e:cc:ab:18:
         a0:3f:e3:99:0e:7d:69:d2:a4:30:6a:d2:bd:21:09:49:3e:ba:
         98:15:4e:7b:c7:05:a2:6d:96:56:9f:6f:7e:9a:2a:ec:2e:62:
         dc:61:f3:16:36:32:b5:6b:22:54:74:f9:46:5e:58:b0:23:eb:
         6c:88:c9:26:4f:60:9b:7a:72:73:a6:85:0a:98:2c:66:ff:9c:
         3d:67:18:81:88:16:bc:be:8e:f2:e3:7a:fa:69:fc:f4:d6:42:
         cf:36:12:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Tf7ig4J496gbORNVmvfX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEwMjAwNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmEwMThjMzE0NmNkZDY2YTQ2MWU1ZmQxZmQ2NzI2ZDFhYTQ2MDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdiQMLwFUA9nwfPrA7b6n6t0eSkm
F0FsE+VXRjC9szzsoxnwAY3ujT9FpqIkvUCu/OFX4vdPszLdvYs6c7BUEQr3qMO8
3Mq9uj/VfwVHOTNE1I8g7iqplARuwjE4xlvOZThw6Onh9JXuO2ObbcGpDAetY5TK
36tTupSdZ60tz62ZiZ1rN+OxHsUu1dyBVj+wuQP8tGei5L/gf/ChI8FVLLHlyBcw
ddXEgKPzTF9QeCbvh08tZDTPr093t4cXPOB8I9lhIsvLD5ba4Y8zMAP6tL9hUw3F
neo5QWCc7eFPNNKqIJyukbKY4qheycEQCh5JrAqGom8pxwX/UwWl7V/o1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOugGMMUbN1mpGHl/R/Wcm0apGBXMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNjZBWXd4UnMzV2FrWWVYOUg5WnliUnFrWUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqfMA0G
CSqGSIb3DQEBCwUAA4IBAQCm5fUhkS813Yadkjd0I/RuEXYa7MMZ2n2Kc7mrPkP7
wdbPIq+rm+pN/Rou53v50IOAYbq+NCAatqCcZkrueEzfBVBtOH86N/xycFcd2Qqi
Ttlf/O9gYs5e6DgJDJQHJwybK5Gz39MQEeOv1ZWBJfY9xJO5C1IkBfNMfe9Uqbpi
+LOaosfO7m6owR0YdhSCfryv7POzdKWK+faq98Ac017MqxigP+OZDn1p0qQwatK9
IQlJPrqYFU57xwWibZZWn29+mirsLmLcYfMWNjK1ayJUdPlGXliwI+tsiMkmT2Cb
enJzpoUKmCxm/5w9ZxiBiBa8vo7y43r6afz01kLPNhJK
-----END CERTIFICATE-----