Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N9Dyw6NZHBquJtIZkppnn-leG40.roa
File:                     N9Dyw6NZHBquJtIZkppnn-leG40.roa (raw, json)
Hash identifier:          s9ayo3bBxNzy3WAb8s6eP05LCuiUV122DB6yh09DGzk=
Subject key identifier:   37:D0:F2:C3:A3:59:1C:1A:AE:26:D2:19:92:9A:67:9F:E9:5E:1B:8D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E1E1DEDB311999FBBC5B0966806F0B83D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N9Dyw6NZHBquJtIZkppnn-leG40.roa
Signing time:             Tue 12 May 2026 21:35:38 +0000
ROA not before:           Tue 12 May 2026 21:35:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201949
IP address blocks:        2.26.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1e:1d:ed:b3:11:99:9f:bb:c5:b0:96:68:06:f0:b8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 12 21:35:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37d0f2c3a3591c1aae26d219929a679fe95e1b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:73:a3:8d:ec:ce:b8:62:db:25:33:c7:da:f1:
                    f7:e4:43:8d:c3:8d:78:e2:59:ff:6c:ce:f3:04:4a:
                    81:1b:9e:a6:db:d4:7b:31:3a:4f:c6:da:fa:52:4b:
                    81:7b:66:d5:1f:71:59:22:db:05:c2:30:f0:b3:62:
                    0d:8a:3c:ec:60:2d:af:4b:1c:66:cb:02:80:93:07:
                    cb:74:89:55:00:77:a4:43:35:14:43:6f:12:ff:e9:
                    4f:a1:16:14:c1:ce:e3:54:2f:dc:ae:30:f9:fd:d2:
                    a7:41:0c:61:ab:56:5e:50:8a:c0:da:a5:8e:bf:27:
                    9f:30:ec:65:fe:f5:3b:85:0d:c5:99:c0:4d:89:61:
                    6a:e5:4e:fe:12:dc:03:e4:6b:10:f0:2a:18:a0:73:
                    c2:e0:a9:4c:c8:42:c5:bc:d5:d9:0a:1a:f8:17:36:
                    12:70:34:c9:8e:5f:57:c9:11:69:94:13:6b:fb:f7:
                    5d:2b:c5:00:45:a1:5d:9d:02:3a:f7:db:92:80:ab:
                    07:cf:b6:c7:e2:10:d5:90:7f:ad:2d:d2:30:a6:7d:
                    2a:6c:2b:c8:13:33:40:a2:31:dd:a9:d1:63:1d:40:
                    63:a6:69:86:29:7d:b6:ea:f5:24:c7:fc:7c:28:11:
                    89:23:9c:50:74:0a:79:1d:1b:4f:ad:dd:ef:98:06:
                    8b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D0:F2:C3:A3:59:1C:1A:AE:26:D2:19:92:9A:67:9F:E9:5E:1B:8D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N9Dyw6NZHBquJtIZkppnn-leG40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:ba:99:06:d8:9b:9b:e7:f6:0e:58:06:8c:fd:2e:81:f0:00:
         0b:9d:57:88:ba:67:1d:f5:93:f7:85:aa:93:b7:21:40:eb:17:
         d2:28:01:de:e1:1b:49:8e:43:6a:06:9c:a5:e3:08:48:37:ea:
         4e:89:ce:f9:04:db:02:98:cd:d0:f6:27:9f:0a:b9:0e:7f:0d:
         4a:42:9e:68:81:5d:54:86:ab:93:b3:50:6e:60:8e:8d:c6:26:
         de:ab:16:f9:be:91:92:24:89:33:fb:ca:09:54:f6:72:07:4d:
         a8:b4:56:15:54:a6:5d:de:be:a2:e5:bb:51:e0:80:7c:85:dd:
         a7:f8:10:25:00:26:d4:f4:32:16:bf:1c:ca:6b:6f:2a:7b:c0:
         35:92:4a:7b:f9:67:e0:41:95:c3:5e:ef:d0:96:3e:4d:be:5e:
         d3:c3:1f:d3:11:95:58:74:be:e0:21:cb:13:07:e6:e4:3c:bb:
         a4:ff:b1:1d:0e:4d:06:1f:fb:b1:56:f3:9a:a5:39:77:84:d1:
         ec:f6:0f:cb:bc:6d:fd:48:ff:b9:5e:3a:1f:b8:b0:4a:cc:5a:
         76:8b:fe:e4:83:99:59:fb:df:86:7f:12:d5:a1:1d:1c:dc:46:
         47:89:08:d1:6f:47:55:b3:75:a1:8e:13:42:8b:5f:cc:c5:05:
         11:9b:ef:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4eHe2zEZmfu8WwlmgG8Lg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEyMjEzNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2QwZjJjM2EzNTkxYzFhYWUyNmQyMTk5MjlhNjc5ZmU5NWUxYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHOjjezOuGLbJTPH2vH35EONw414
4ln/bM7zBEqBG56m29R7MTpPxtr6UkuBe2bVH3FZItsFwjDws2INijzsYC2vSxxm
ywKAkwfLdIlVAHekQzUUQ28S/+lPoRYUwc7jVC/crjD5/dKnQQxhq1ZeUIrA2qWO
vyefMOxl/vU7hQ3FmcBNiWFq5U7+EtwD5GsQ8CoYoHPC4KlMyELFvNXZChr4FzYS
cDTJjl9XyRFplBNr+/ddK8UARaFdnQI699uSgKsHz7bH4hDVkH+tLdIwpn0qbCvI
EzNAojHdqdFjHUBjpmmGKX226vUkx/x8KBGJI5xQdAp5HRtPrd3vmAaLvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfQ8sOjWRwaribSGZKaZ5/pXhuNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTjlEeXc2TlpIQnF1SnRJWmtwcG5uLWxlRzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCGupkG2Jub5/YOWAaM/S6B8AALnVeIumcd9ZP3haqT
tyFA6xfSKAHe4RtJjkNqBpyl4whIN+pOic75BNsCmM3Q9iefCrkOfw1KQp5ogV1U
hquTs1BuYI6Nxibeqxb5vpGSJIkz+8oJVPZyB02otFYVVKZd3r6i5btR4IB8hd2n
+BAlACbU9DIWvxzKa28qe8A1kkp7+WfgQZXDXu/Qlj5Nvl7Twx/TEZVYdL7gIcsT
B+bkPLuk/7EdDk0GH/uxVvOapTl3hNHs9g/LvG39SP+5XjofuLBKzFp2i/7kg5lZ
+9+GfxLVoR0c3EZHiQjRb0dVs3WhjhNCi1/MxQURm+8W
-----END CERTIFICATE-----