Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FhkvFdy1G9mFueHou9FckflrfaA.roa
File:                     FhkvFdy1G9mFueHou9FckflrfaA.roa (raw, json)
Hash identifier:          gHTLT2BrYnP1hIB9q9Yr5iOoE0BjS0QCoylcpItIu5Y=
Subject key identifier:   16:19:2F:15:DC:B5:1B:D9:85:B9:E1:E8:BB:D1:5C:91:F9:6B:7D:A0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E08CC757EE65373EE9C67BCA9054D6FBD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FhkvFdy1G9mFueHou9FckflrfaA.roa
Signing time:             Fri 08 May 2026 18:14:37 +0000
ROA not before:           Fri 08 May 2026 18:14:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        2.27.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:cc:75:7e:e6:53:73:ee:9c:67:bc:a9:05:4d:6f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  8 18:14:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16192f15dcb51bd985b9e1e8bbd15c91f96b7da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ee:6f:da:7f:49:68:f6:26:99:f8:6c:b7:33:
                    6d:92:5d:bd:e6:9b:cc:29:42:0f:00:33:71:99:ab:
                    a4:2b:d7:ea:40:00:2a:8e:4c:4b:ec:ef:71:63:99:
                    1f:48:97:d1:52:16:c7:9e:d2:83:59:fd:d1:31:2d:
                    cb:d3:ca:21:a2:af:d5:29:ad:27:0a:b5:5f:32:74:
                    38:58:88:d8:c0:89:1b:4b:1a:3d:de:8c:8a:6b:ee:
                    22:a4:75:1f:4f:aa:fb:13:ec:69:6e:dc:39:0f:b6:
                    7b:bd:41:23:42:71:d5:6f:8a:51:c6:a3:b6:58:7a:
                    e4:da:bc:e5:08:8b:b9:10:3d:d2:48:1a:b4:ff:3b:
                    c9:43:b6:ba:f2:f5:de:09:ec:62:6a:17:36:11:47:
                    58:7e:df:4b:41:68:96:d6:1a:3b:e7:8a:dc:e0:f1:
                    d8:a7:b4:39:80:55:80:8a:e3:c7:b1:93:57:9f:52:
                    f6:79:03:09:cb:fc:66:e3:2e:50:1b:13:4c:e3:23:
                    1b:d1:ac:4a:ae:fb:13:df:c7:45:b6:34:16:98:d0:
                    9d:8a:ec:76:fe:27:45:29:4e:48:6b:2b:a0:61:a4:
                    b3:5c:c1:e0:7b:18:49:c7:21:cf:76:cc:9b:0e:8c:
                    0b:41:94:dc:74:32:6c:26:b9:93:33:39:18:c2:f6:
                    4b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:19:2F:15:DC:B5:1B:D9:85:B9:E1:E8:BB:D1:5C:91:F9:6B:7D:A0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FhkvFdy1G9mFueHou9FckflrfaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:58:02:3c:6d:55:f3:5a:2a:c4:43:b9:92:0c:91:24:1c:23:
         b0:3a:45:af:61:3b:cc:66:30:55:63:8f:6e:12:72:df:04:bd:
         60:49:4a:15:b5:f8:01:4c:27:fc:86:1b:1c:73:50:91:92:12:
         69:19:c7:87:50:0e:51:3f:59:02:1f:b0:82:cc:27:4a:82:4c:
         aa:30:b7:5e:ff:a3:51:c7:6a:34:2e:84:0b:81:91:b4:ce:5c:
         a6:e6:82:e0:5f:02:a9:4a:81:f3:c2:f8:59:c2:8d:d2:b4:87:
         08:ba:04:e3:77:41:9f:42:9c:c3:d7:bc:50:2d:8b:f2:4f:d7:
         c4:c7:ad:d4:2f:66:34:d5:6a:a9:31:1f:30:7b:82:c6:03:69:
         48:94:ab:92:f3:d8:d4:ff:d9:50:64:5b:54:7c:77:01:ab:4e:
         a0:7c:b3:d6:2f:75:84:24:e3:5e:1e:cc:60:c7:2a:e4:b3:cf:
         71:0a:d0:d8:a0:88:70:fe:b4:18:c7:b0:cb:43:1c:d1:60:f5:
         c2:00:f8:09:51:92:af:d7:e8:c8:0c:cb:c5:eb:cb:6f:32:09:
         91:31:dd:29:35:5d:48:59:68:03:c9:58:fd:a4:d5:55:dd:ae:
         a2:73:d7:c5:68:f5:26:41:52:23:5c:b8:f7:8f:b9:7c:6e:bf:
         56:39:f8:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4IzHV+5lNz7pxnvKkFTW+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA4MTgxNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjE5MmYxNWRjYjUxYmQ5ODViOWUxZThiYmQxNWM5MWY5NmI3ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu5v2n9JaPYmmfhstzNtkl295pvM
KUIPADNxmaukK9fqQAAqjkxL7O9xY5kfSJfRUhbHntKDWf3RMS3L08ohoq/VKa0n
CrVfMnQ4WIjYwIkbSxo93oyKa+4ipHUfT6r7E+xpbtw5D7Z7vUEjQnHVb4pRxqO2
WHrk2rzlCIu5ED3SSBq0/zvJQ7a68vXeCexiahc2EUdYft9LQWiW1ho754rc4PHY
p7Q5gFWAiuPHsZNXn1L2eQMJy/xm4y5QGxNM4yMb0axKrvsT38dFtjQWmNCdiux2
/idFKU5IayugYaSzXMHgexhJxyHPdsybDowLQZTcdDJsJrmTMzkYwvZL8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYZLxXctRvZhbnh6LvRXJH5a32gMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRmhrdkZkeTFHOW1GdWVIb3U5RmNrZmxyZmFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhufMA0G
CSqGSIb3DQEBCwUAA4IBAQCPWAI8bVXzWirEQ7mSDJEkHCOwOkWvYTvMZjBVY49u
EnLfBL1gSUoVtfgBTCf8hhscc1CRkhJpGceHUA5RP1kCH7CCzCdKgkyqMLde/6NR
x2o0LoQLgZG0zlym5oLgXwKpSoHzwvhZwo3StIcIugTjd0GfQpzD17xQLYvyT9fE
x63UL2Y01WqpMR8we4LGA2lIlKuS89jU/9lQZFtUfHcBq06gfLPWL3WEJONeHsxg
xyrks89xCtDYoIhw/rQYx7DLQxzRYPXCAPgJUZKv1+jIDMvF68tvMgmRMd0pNV1I
WWgDyVj9pNVV3a6ic9fFaPUmQVIjXLj3j7l8br9WOfjP
-----END CERTIFICATE-----