Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G59Km0lbefwsyxybce3KiYXaiFc.roa
File:                     G59Km0lbefwsyxybce3KiYXaiFc.roa (raw, json)
Hash identifier:          qmoVZq9R4IsFsAf2O7dZ9X1n3J061fBYhW8jDZb1D60=
Subject key identifier:   1B:9F:4A:9B:49:5B:79:FC:2C:CB:1C:9B:71:ED:CA:89:85:DA:88:57
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D2217D1852F8D65318F85AAC6AD84B58A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G59Km0lbefwsyxybce3KiYXaiFc.roa
Signing time:             Tue 24 Mar 2026 23:04:39 +0000
ROA not before:           Tue 24 Mar 2026 23:04:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209888
IP address blocks:        2.27.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:17:d1:85:2f:8d:65:31:8f:85:aa:c6:ad:84:b5:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 24 23:04:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b9f4a9b495b79fc2ccb1c9b71edca8985da8857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:df:28:f6:6d:7b:ce:e6:a9:d5:64:9c:1f:a8:
                    12:34:45:c8:75:87:a3:9f:ca:1c:1a:bd:21:3e:42:
                    29:bc:cf:61:98:68:98:23:32:47:f3:3b:41:5c:05:
                    1f:76:b4:09:0a:14:d9:96:6f:a5:13:33:49:1d:07:
                    5d:3a:7b:b4:54:ca:67:a4:65:3d:63:b6:ab:90:9c:
                    a2:52:f7:67:9c:45:3e:4d:63:e5:12:09:de:5f:36:
                    9b:25:4b:9a:4d:46:5e:b4:7a:4f:28:25:fd:53:a7:
                    d2:bf:18:b7:b1:2d:3f:e9:24:12:45:78:58:fd:e8:
                    2f:ec:6e:fc:db:b7:8c:7a:2b:4f:a0:25:4f:ba:90:
                    5c:61:c6:90:35:a7:3a:7e:f3:09:20:b8:8b:66:be:
                    77:4a:8d:c3:39:52:d7:4e:d1:08:e0:b1:ae:c3:8c:
                    c9:29:d1:d5:37:3f:6b:06:07:eb:b6:c3:c0:8a:cf:
                    0e:50:21:70:83:bc:49:b9:b3:21:df:68:ed:a4:75:
                    90:88:4a:5a:df:f3:48:d4:16:b4:7a:b5:d1:47:cf:
                    bb:8b:d3:8e:7d:d2:24:ff:79:38:7b:31:d9:6c:cf:
                    99:31:09:09:7e:b4:9a:7f:d2:fc:00:00:20:ea:50:
                    27:83:80:12:df:31:eb:3a:ff:94:46:15:5e:c1:60:
                    cb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:9F:4A:9B:49:5B:79:FC:2C:CB:1C:9B:71:ED:CA:89:85:DA:88:57
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/G59Km0lbefwsyxybce3KiYXaiFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:5e:d6:66:3b:23:ac:bb:16:f5:ea:30:62:33:f1:33:a0:df:
         b3:fd:ba:a7:ae:b2:d2:7e:57:fb:f5:a3:bf:57:49:9f:2a:ac:
         62:81:13:bf:d4:4a:23:f1:26:5f:7b:51:56:8f:8a:ed:5c:46:
         4f:31:9e:a1:ce:b0:e3:82:25:d8:64:8e:b3:e5:2b:b9:b7:90:
         7d:20:8c:a5:9d:cf:06:14:98:8b:26:3d:3b:bf:03:6c:70:68:
         18:66:9f:d6:70:1b:d4:05:86:f0:4c:ad:ac:9c:98:69:02:4c:
         34:86:50:76:b5:d6:5c:3d:4a:5f:6e:bb:7f:c0:7e:c5:60:c5:
         63:3d:62:c6:84:14:24:92:22:8b:c4:1d:b0:49:5b:55:3f:4a:
         20:ff:92:0b:6e:2b:e1:f6:95:8c:c5:1b:1b:ee:b9:d0:98:b4:
         04:99:10:93:19:d6:d6:01:05:2e:11:b9:da:6d:50:f5:74:10:
         1d:6c:5c:ad:71:13:e9:aa:35:df:23:51:2e:9b:f8:43:c1:62:
         05:56:5e:70:e7:46:07:ed:31:5a:d9:b0:78:d8:85:6e:3d:52:
         69:8f:12:ef:63:13:e0:f6:3c:6a:b8:01:e4:d3:d6:18:7b:a8:
         8a:e4:8b:01:ae:a0:a2:c7:ad:9e:56:e3:64:7f:8a:33:01:1a:
         bb:10:b7:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0iF9GFL41lMY+FqsathLWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI0MjMwNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjlmNGE5YjQ5NWI3OWZjMmNjYjFjOWI3MWVkY2E4OTg1ZGE4ODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN8o9m17zuap1WScH6gSNEXIdYej
n8ocGr0hPkIpvM9hmGiYIzJH8ztBXAUfdrQJChTZlm+lEzNJHQddOnu0VMpnpGU9
Y7arkJyiUvdnnEU+TWPlEgneXzabJUuaTUZetHpPKCX9U6fSvxi3sS0/6SQSRXhY
/egv7G7827eMeitPoCVPupBcYcaQNac6fvMJILiLZr53So3DOVLXTtEI4LGuw4zJ
KdHVNz9rBgfrtsPAis8OUCFwg7xJubMh32jtpHWQiEpa3/NI1Ba0erXRR8+7i9OO
fdIk/3k4ezHZbM+ZMQkJfrSaf9L8AAAg6lAng4AS3zHrOv+URhVewWDLSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBufSptJW3n8LMscm3HtyomF2ohXMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRzU5S20wbGJlZndzeXh5YmNlM0tpWVhhaUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtpMA0G
CSqGSIb3DQEBCwUAA4IBAQBiXtZmOyOsuxb16jBiM/EzoN+z/bqnrrLSflf79aO/
V0mfKqxigRO/1Eoj8SZfe1FWj4rtXEZPMZ6hzrDjgiXYZI6z5Su5t5B9IIylnc8G
FJiLJj07vwNscGgYZp/WcBvUBYbwTK2snJhpAkw0hlB2tdZcPUpfbrt/wH7FYMVj
PWLGhBQkkiKLxB2wSVtVP0og/5ILbivh9pWMxRsb7rnQmLQEmRCTGdbWAQUuEbna
bVD1dBAdbFytcRPpqjXfI1Eum/hDwWIFVl5w50YH7TFa2bB42IVuPVJpjxLvYxPg
9jxquAHk09YYe6iK5IsBrqCix62eVuNkf4ozARq7ELcg
-----END CERTIFICATE-----