Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QlSkoVK5L3p9Jt1PsWrlN0T4avc.roa
File:                     QlSkoVK5L3p9Jt1PsWrlN0T4avc.roa (raw, json)
Hash identifier:          JURiyblDjtbuLVLxmBh9fo/gD9as04kEWm2bbnXndXo=
Subject key identifier:   42:54:A4:A1:52:B9:2F:7A:7D:26:DD:4F:B1:6A:E5:37:44:F8:6A:F7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D2AE58685D4BD9EC630D77262A037763C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QlSkoVK5L3p9Jt1PsWrlN0T4avc.roa
Signing time:             Thu 26 Mar 2026 16:06:18 +0000
ROA not before:           Thu 26 Mar 2026 16:06:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        2.27.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:e5:86:85:d4:bd:9e:c6:30:d7:72:62:a0:37:76:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 26 16:06:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4254a4a152b92f7a7d26dd4fb16ae53744f86af7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:89:4b:0f:5c:ca:d7:71:a9:f7:36:18:55:4a:
                    37:82:09:c7:4f:de:7c:fa:b2:e6:e6:46:21:71:53:
                    b4:c3:c2:f2:dd:79:1c:db:2b:6f:fe:e5:b5:27:f4:
                    81:70:9f:6c:8b:c0:ba:61:b3:62:6f:b0:bd:e7:02:
                    e9:b2:b1:22:9e:13:05:3a:e0:64:90:ee:a6:c3:0f:
                    cd:1e:08:5a:c3:fe:45:80:c5:75:56:01:ec:08:ea:
                    1c:fa:a2:4c:76:a3:8c:0d:bd:22:6c:44:89:b4:3d:
                    a7:8a:95:3e:ba:64:25:9e:86:b8:bd:24:d7:13:b5:
                    10:f2:79:d1:f2:83:d1:c5:8a:0e:e3:1e:81:2a:f0:
                    98:b1:fb:11:e0:f3:f7:79:9e:02:6b:3e:12:d6:e2:
                    5d:3f:f7:86:cc:d7:74:95:c9:6e:05:c5:12:03:e1:
                    66:96:fb:45:f3:9d:50:27:52:1d:9c:b6:b5:7f:c6:
                    e7:ea:4f:25:8e:27:1c:6b:4b:44:68:e0:e8:f5:61:
                    13:8d:8f:4c:9f:f1:6a:3e:73:97:53:13:e4:ae:c5:
                    5d:d9:fa:81:c5:e3:bd:c9:ca:5c:7e:48:e8:fc:c4:
                    cf:a3:4d:ae:48:ae:c6:d7:c4:5e:e9:8e:fc:ed:cc:
                    a0:b3:4c:cc:9a:19:85:d8:5d:ff:94:61:f9:01:ae:
                    54:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:54:A4:A1:52:B9:2F:7A:7D:26:DD:4F:B1:6A:E5:37:44:F8:6A:F7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QlSkoVK5L3p9Jt1PsWrlN0T4avc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:cb:56:cc:17:5a:4c:aa:51:b8:c7:f6:bd:d7:fd:a1:3d:86:
         79:1b:66:88:56:86:fd:b6:7e:49:a5:1b:dc:d1:1f:bd:cd:18:
         43:67:6e:99:cf:6f:68:43:48:a0:bb:c1:e7:04:54:e6:a9:ae:
         33:ee:de:1b:c1:13:43:9b:ec:6c:5f:46:9a:ed:e3:57:ab:8d:
         bf:6e:51:08:8f:c4:8e:47:6c:59:2f:40:b0:29:c6:fc:c3:e2:
         98:93:26:e3:c6:50:9f:d2:34:4a:ee:97:e1:ed:35:28:75:c8:
         12:4c:cc:bf:9d:0a:2b:6c:83:a5:db:0f:09:db:73:93:8d:80:
         be:fc:09:25:9a:a5:d1:79:09:cd:50:a3:ec:e6:cd:ec:8c:38:
         9a:9e:f4:2f:b7:2d:dd:54:54:3c:28:e3:b0:cb:ad:fa:45:f5:
         0c:7e:33:30:57:0a:67:fd:cc:02:23:42:b1:f8:80:d5:db:5f:
         94:b2:4a:53:7b:f5:2c:73:e7:12:b3:1a:a0:d4:c8:ca:34:27:
         f8:b2:17:bc:49:4b:56:9a:66:99:bd:fc:53:ee:cd:02:97:64:
         29:5d:93:0c:13:d9:79:2b:42:bc:03:39:c8:ea:f5:52:ab:2f:
         15:85:33:c2:33:c0:45:ff:3c:17:64:2b:24:17:74:9c:31:68:
         8c:3e:11:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0q5YaF1L2exjDXcmKgN3Y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI2MTYwNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjU0YTRhMTUyYjkyZjdhN2QyNmRkNGZiMTZhZTUzNzQ0Zjg2YWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIlLD1zK13Gp9zYYVUo3ggnHT958
+rLm5kYhcVO0w8Ly3Xkc2ytv/uW1J/SBcJ9si8C6YbNib7C95wLpsrEinhMFOuBk
kO6mww/NHghaw/5FgMV1VgHsCOoc+qJMdqOMDb0ibESJtD2nipU+umQlnoa4vSTX
E7UQ8nnR8oPRxYoO4x6BKvCYsfsR4PP3eZ4Caz4S1uJdP/eGzNd0lcluBcUSA+Fm
lvtF851QJ1IdnLa1f8bn6k8ljicca0tEaODo9WETjY9Mn/FqPnOXUxPkrsVd2fqB
xeO9ycpcfkjo/MTPo02uSK7G18Re6Y787cygs0zMmhmF2F3/lGH5Aa5UnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJUpKFSuS96fSbdT7Fq5TdE+Gr3MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUWxTa29WSzVMM3A5SnQxUHNXcmxOMFQ0YXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtgMA0G
CSqGSIb3DQEBCwUAA4IBAQAyy1bMF1pMqlG4x/a91/2hPYZ5G2aIVob9tn5JpRvc
0R+9zRhDZ26Zz29oQ0igu8HnBFTmqa4z7t4bwRNDm+xsX0aa7eNXq42/blEIj8SO
R2xZL0CwKcb8w+KYkybjxlCf0jRK7pfh7TUodcgSTMy/nQorbIOl2w8J23OTjYC+
/AklmqXReQnNUKPs5s3sjDianvQvty3dVFQ8KOOwy636RfUMfjMwVwpn/cwCI0Kx
+IDV21+UskpTe/Usc+cSsxqg1MjKNCf4she8SUtWmmaZvfxT7s0Cl2QpXZMME9l5
K0K8AznI6vVSqy8VhTPCM8BF/zwXZCskF3ScMWiMPhGk
-----END CERTIFICATE-----