Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BF7Llj5DnyvFqMvyvqKLYbkSTS8.roa
File:                     BF7Llj5DnyvFqMvyvqKLYbkSTS8.roa (raw, json)
Hash identifier:          KV9MT4qLMXKT8kZ3TvBbm/L/cs5ab6LQbgMin70ZAuQ=
Subject key identifier:   04:5E:CB:96:3E:43:9F:2B:C5:A8:CB:F2:BE:A2:8B:61:B9:12:4D:2F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E09864FA4FA35A1587976B4462BA30845
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BF7Llj5DnyvFqMvyvqKLYbkSTS8.roa
Signing time:             Fri 08 May 2026 21:37:37 +0000
ROA not before:           Fri 08 May 2026 21:37:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        2.26.157.0/24 maxlen: 24
                          2.27.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:09:86:4f:a4:fa:35:a1:58:79:76:b4:46:2b:a3:08:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  8 21:37:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=045ecb963e439f2bc5a8cbf2bea28b61b9124d2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:62:e3:bb:66:1a:fb:df:70:d4:48:c5:48:13:
                    8e:1c:b3:91:54:f0:de:63:1e:b5:c1:86:29:9c:0f:
                    1a:36:02:39:fb:be:31:56:fb:01:ab:b5:07:7c:b8:
                    5a:20:ba:57:a8:0c:02:c2:43:ab:91:e1:0f:c3:7a:
                    88:f5:ba:45:c0:1d:b6:80:b7:fa:fb:dd:e1:de:a0:
                    58:1c:e3:de:57:51:62:7d:51:b7:b0:53:b5:bc:9e:
                    a5:2d:f5:dd:a5:a8:d8:c3:61:0c:df:ca:ae:e0:a7:
                    2e:0e:3d:aa:e3:96:2e:3e:c1:2c:68:74:4a:31:ee:
                    d3:39:bb:05:67:58:58:c8:e7:82:79:39:a2:59:56:
                    e5:57:96:be:76:06:17:8d:f6:77:27:12:4c:da:7d:
                    19:94:ad:be:15:85:2c:34:61:d2:8d:ab:6d:33:f8:
                    95:bc:a8:9b:d5:fa:6b:cc:2d:e3:5f:f1:0b:29:26:
                    a8:e1:c3:08:15:78:d7:54:3a:ee:93:ab:1f:e0:b6:
                    76:5d:8f:4a:82:cf:27:8d:d1:22:ad:b4:67:e2:e5:
                    63:d6:09:7b:9d:0a:cf:ac:f0:0e:65:bd:17:7d:cc:
                    02:cf:15:cd:2e:65:8d:22:c7:a0:bc:87:b4:e5:20:
                    dd:1a:c9:03:72:da:5b:70:70:4a:a4:b6:74:ac:31:
                    62:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5E:CB:96:3E:43:9F:2B:C5:A8:CB:F2:BE:A2:8B:61:B9:12:4D:2F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BF7Llj5DnyvFqMvyvqKLYbkSTS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.157.0/24
                  2.27.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:11:96:a2:5d:3a:d5:1f:f9:f8:46:c9:72:98:b4:e4:d3:87:
         cf:c2:e6:47:b5:bd:f6:1f:fa:c8:74:f3:29:57:0f:5b:b1:5c:
         d2:f1:2a:26:b8:0f:b5:b5:8a:9f:ba:f2:3d:24:38:a7:ff:a9:
         76:8e:83:00:be:27:84:4d:61:a5:fe:cc:12:ac:21:d1:dd:28:
         f7:75:3a:1e:a2:52:d8:33:55:ec:25:1f:0e:35:cd:f0:0b:97:
         19:cc:d9:45:84:c0:f0:78:21:ce:72:e0:30:35:58:f1:2f:e0:
         e1:78:1e:24:19:76:fb:fc:34:05:69:9b:7d:f1:b1:27:8b:21:
         9f:96:4e:b5:d8:e9:c5:f6:a7:eb:ba:fb:e6:c6:42:11:2a:1c:
         be:4a:89:3c:c4:8c:78:e2:08:e9:57:5c:16:17:65:a1:89:dc:
         3f:33:e8:d8:81:76:09:11:94:c7:c4:4e:38:72:75:fc:6b:e3:
         d8:2f:b0:8e:6b:3b:cc:38:d1:ef:50:40:dc:1f:a6:5a:06:d2:
         50:1e:27:44:c2:ae:fd:0b:35:19:b5:0c:88:ec:a4:85:97:4d:
         5d:b8:59:cc:cc:3d:3d:59:c3:cc:a4:36:3a:46:c1:fa:66:16:
         cf:44:ab:fb:8d:f2:3b:fa:e6:5a:d6:00:e6:82:71:95:35:c8:
         79:67:a5:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4Jhk+k+jWhWHl2tEYrowhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA4MjEzNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDVlY2I5NjNlNDM5ZjJiYzVhOGNiZjJiZWEyOGI2MWI5MTI0ZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmLju2Ya+99w1EjFSBOOHLORVPDe
Yx61wYYpnA8aNgI5+74xVvsBq7UHfLhaILpXqAwCwkOrkeEPw3qI9bpFwB22gLf6
+93h3qBYHOPeV1FifVG3sFO1vJ6lLfXdpajYw2EM38qu4KcuDj2q45YuPsEsaHRK
Me7TObsFZ1hYyOeCeTmiWVblV5a+dgYXjfZ3JxJM2n0ZlK2+FYUsNGHSjattM/iV
vKib1fprzC3jX/ELKSao4cMIFXjXVDruk6sf4LZ2XY9Kgs8njdEirbRn4uVj1gl7
nQrPrPAOZb0XfcwCzxXNLmWNIsegvIe05SDdGskDctpbcHBKpLZ0rDFi0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFARey5Y+Q58rxajL8r6ii2G5Ek0vMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQkY3TGxqNURueXZGcU12eXZxS0xZYmtTVFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqdAwQA
AhtnMA0GCSqGSIb3DQEBCwUAA4IBAQCREZaiXTrVH/n4RslymLTk04fPwuZHtb32
H/rIdPMpVw9bsVzS8SomuA+1tYqfuvI9JDin/6l2joMAvieETWGl/swSrCHR3Sj3
dToeolLYM1XsJR8ONc3wC5cZzNlFhMDweCHOcuAwNVjxL+DheB4kGXb7/DQFaZt9
8bEniyGflk612OnF9qfruvvmxkIRKhy+Sok8xIx44gjpV1wWF2Whidw/M+jYgXYJ
EZTHxE44cnX8a+PYL7COazvMONHvUEDcH6ZaBtJQHidEwq79CzUZtQyI7KSFl01d
uFnMzD09WcPMpDY6RsH6ZhbPRKv7jfI7+uZa1gDmgnGVNch5Z6UR
-----END CERTIFICATE-----