Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6cHVKTEHqzLybNkyMFZN21_tOCk.roa
File:                     6cHVKTEHqzLybNkyMFZN21_tOCk.roa (raw, json)
Hash identifier:          wZFyWqJAGGEQlbNKSPgXndqPq+q9j4cW1dK0hj3IwOA=
Subject key identifier:   E9:C1:D5:29:31:07:AB:32:F2:6C:D9:32:30:56:4D:DB:5F:ED:38:29
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DFA18A7785C099BD6D1E08264F58222A8
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6cHVKTEHqzLybNkyMFZN21_tOCk.roa
Signing time:             Tue 05 May 2026 21:43:32 +0000
ROA not before:           Tue 05 May 2026 21:43:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60068
IP address blocks:        2.27.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fa:18:a7:78:5c:09:9b:d6:d1:e0:82:64:f5:82:22:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  5 21:43:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9c1d5293107ab32f26cd93230564ddb5fed3829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:22:54:1d:f0:eb:25:da:80:0b:c0:1e:98:1a:
                    ba:db:cf:08:b0:b5:c0:8f:ba:a0:ea:cf:7b:f8:f0:
                    1a:5d:f5:8c:1c:31:02:74:e7:ec:24:d4:35:e3:0a:
                    c8:d6:0f:f0:4f:4d:14:37:c1:38:c7:73:06:2f:f5:
                    78:e3:5b:f6:e8:56:89:54:a2:13:99:26:1c:a9:2b:
                    c2:f4:29:15:84:00:d1:30:87:d2:44:ad:ed:5f:36:
                    ba:2e:2f:fb:6e:bb:46:8b:9a:30:8a:83:79:6a:07:
                    41:75:73:26:5a:65:cb:49:85:31:a6:67:f2:ff:e0:
                    75:1b:48:7d:2e:0d:f0:24:95:a1:ad:d6:1a:ca:5f:
                    e0:fb:df:b1:0a:89:44:cd:3c:e5:a9:12:f3:ba:71:
                    a4:1d:23:b2:24:84:0d:8a:85:20:a4:c0:61:20:a6:
                    63:08:45:0e:75:6b:b3:d9:3a:80:57:ac:57:1c:a8:
                    eb:36:34:3a:3b:c3:9e:eb:7d:65:60:74:50:d7:23:
                    87:8d:fb:91:71:b8:15:97:f9:62:70:8d:f5:ac:67:
                    43:9d:87:7b:2c:12:3f:05:c1:15:ec:17:01:39:05:
                    d9:1e:72:cc:4d:2b:dc:6e:94:89:20:d7:b0:d4:e8:
                    a6:5c:8e:16:5e:57:a9:ae:c6:eb:a1:5c:6a:03:3a:
                    13:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:C1:D5:29:31:07:AB:32:F2:6C:D9:32:30:56:4D:DB:5F:ED:38:29
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6cHVKTEHqzLybNkyMFZN21_tOCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:eb:30:b8:84:90:dc:97:e2:33:9e:44:ab:2b:b3:0e:28:c5:
         6e:63:26:83:7e:a5:45:cb:29:66:78:e4:48:34:da:a8:1a:aa:
         07:4c:4d:43:d6:9d:d0:36:12:fd:65:1d:49:f3:54:17:ae:3c:
         9a:8f:1f:7c:4a:c1:68:d7:31:c4:cb:c9:0d:77:02:c3:6d:cf:
         e2:7e:ae:ad:16:34:af:89:2d:61:ed:62:01:e7:a9:98:7e:38:
         64:d9:1e:8d:af:da:97:90:d4:00:cf:3e:8b:3b:a7:51:3d:6f:
         1f:d0:73:16:75:6d:8a:ac:6b:b3:1d:7f:3d:62:60:90:83:4e:
         4c:c7:38:ba:61:42:a4:02:a8:92:63:d8:10:28:08:e8:fa:ce:
         c2:1f:d0:74:48:84:7b:62:e3:00:62:df:04:a1:46:cb:d6:48:
         59:ca:25:8e:2b:d7:c0:7b:e6:0b:c3:bc:3b:19:1e:96:af:5b:
         7e:03:fd:86:c9:a6:fc:59:81:ce:dd:20:af:97:e2:fd:11:18:
         ec:50:21:a0:30:d1:d4:d0:dd:ac:91:96:dc:9a:5b:3c:a4:5b:
         43:84:f1:09:bf:d3:b2:25:f9:01:cf:96:e4:19:53:26:11:0e:
         9d:13:67:7e:44:a9:36:07:6c:24:a6:9d:57:76:d4:82:80:6d:
         b6:0d:5b:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ36GKd4XAmb1tHggmT1giKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA1MjE0MzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWMxZDUyOTMxMDdhYjMyZjI2Y2Q5MzIzMDU2NGRkYjVmZWQzODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiJUHfDrJdqAC8AemBq6288IsLXA
j7qg6s97+PAaXfWMHDECdOfsJNQ14wrI1g/wT00UN8E4x3MGL/V441v26FaJVKIT
mSYcqSvC9CkVhADRMIfSRK3tXza6Li/7brtGi5owioN5agdBdXMmWmXLSYUxpmfy
/+B1G0h9Lg3wJJWhrdYayl/g+9+xColEzTzlqRLzunGkHSOyJIQNioUgpMBhIKZj
CEUOdWuz2TqAV6xXHKjrNjQ6O8Oe631lYHRQ1yOHjfuRcbgVl/licI31rGdDnYd7
LBI/BcEV7BcBOQXZHnLMTSvcbpSJINew1OimXI4WXleprsbroVxqAzoTEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnB1SkxB6sy8mzZMjBWTdtf7TgpMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNmNIVktURUhxekx5Yk5reU1GWk4yMV90T0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtnMA0G
CSqGSIb3DQEBCwUAA4IBAQCD6zC4hJDcl+IznkSrK7MOKMVuYyaDfqVFyylmeORI
NNqoGqoHTE1D1p3QNhL9ZR1J81QXrjyajx98SsFo1zHEy8kNdwLDbc/ifq6tFjSv
iS1h7WIB56mYfjhk2R6Nr9qXkNQAzz6LO6dRPW8f0HMWdW2KrGuzHX89YmCQg05M
xzi6YUKkAqiSY9gQKAjo+s7CH9B0SIR7YuMAYt8EoUbL1khZyiWOK9fAe+YLw7w7
GR6Wr1t+A/2Gyab8WYHO3SCvl+L9ERjsUCGgMNHU0N2skZbcmls8pFtDhPEJv9Oy
JfkBz5bkGVMmEQ6dE2d+RKk2B2wkpp1XdtSCgG22DVte
-----END CERTIFICATE-----