Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RK5I4vVoY3qNPUG6YE6sjgR4H9I.roa
File:                     RK5I4vVoY3qNPUG6YE6sjgR4H9I.roa (raw, json)
Hash identifier:          6Ah70buIjzVNRDJTaSKhR9incchqbjWP1JXcWHtvmmg=
Subject key identifier:   44:AE:48:E2:F5:68:63:7A:8D:3D:41:BA:60:4E:AC:8E:04:78:1F:D2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E137DE187D9367E8BBFAA05D8313BE2AD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RK5I4vVoY3qNPUG6YE6sjgR4H9I.roa
Signing time:             Sun 10 May 2026 20:04:37 +0000
ROA not before:           Sun 10 May 2026 20:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198474
IP address blocks:        2.27.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:7d:e1:87:d9:36:7e:8b:bf:aa:05:d8:31:3b:e2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 10 20:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44ae48e2f568637a8d3d41ba604eac8e04781fd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f2:23:cd:4f:7a:f0:a9:56:9b:3e:0c:9a:e0:
                    3f:90:b5:b5:6b:e6:b9:40:0d:1e:b8:10:4c:00:8f:
                    a8:91:4c:cd:2e:61:28:ce:d7:07:d0:5f:3e:00:d8:
                    ee:04:b5:dc:19:f7:fd:09:c5:b0:c0:60:3a:c7:97:
                    3f:42:50:03:57:80:14:45:9e:b6:6a:6c:04:3a:9c:
                    c9:38:cb:62:90:eb:cc:62:e1:44:ca:a5:e1:5a:b1:
                    db:35:c4:24:6b:fa:31:0c:cc:88:68:fc:6a:e4:93:
                    75:1d:f4:44:8d:03:f0:6b:79:9c:0c:8e:0c:6c:af:
                    88:48:1d:cf:97:6e:2b:80:69:fc:76:08:ca:ca:d8:
                    6c:9a:ac:ef:5e:aa:7c:f1:20:5b:44:45:a1:c2:ad:
                    2d:54:86:28:8e:1f:7f:db:d7:be:cc:82:f5:51:00:
                    df:6e:58:ee:90:da:02:4c:5c:01:4a:f9:9e:ea:ff:
                    c3:e9:fa:a5:69:38:31:f8:b2:9e:6e:2b:81:6a:85:
                    2f:fe:42:39:e4:c6:92:44:7b:f5:2b:37:2c:e0:f1:
                    4f:e9:7e:65:6f:f2:1d:7c:15:23:91:38:0b:cc:af:
                    d5:b8:18:31:86:15:ba:06:5f:ca:8b:25:55:a9:64:
                    39:58:60:c3:e7:32:e3:9d:74:3e:07:bd:9c:98:3d:
                    87:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AE:48:E2:F5:68:63:7A:8D:3D:41:BA:60:4E:AC:8E:04:78:1F:D2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RK5I4vVoY3qNPUG6YE6sjgR4H9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:5e:b9:49:4a:c1:15:5d:65:2b:4f:19:5e:24:9d:5c:4d:c8:
         52:b3:05:cc:71:d8:e5:e0:24:b5:19:bc:cb:de:b0:86:f2:65:
         2c:36:9d:8f:92:b5:ab:24:90:23:9c:36:d1:22:d5:08:99:16:
         78:bb:e1:ac:55:e7:b7:00:dd:64:81:48:30:73:60:71:58:b7:
         e9:d7:ab:b4:31:9b:fd:34:34:53:0f:f4:8d:6f:ce:d1:8b:46:
         72:37:ab:0c:d3:9a:18:8a:da:c3:b0:90:e4:db:d8:27:b3:25:
         f7:7b:50:9b:db:34:83:e6:28:32:a7:11:59:ff:15:3f:18:b8:
         79:ea:3f:c3:5e:31:f8:64:59:d9:98:d6:38:40:36:48:19:76:
         69:78:60:7d:b5:bf:ee:bc:94:42:ae:51:13:c7:e8:07:82:08:
         ec:4c:fe:85:a7:0d:58:d6:84:41:06:67:8f:fd:1c:38:af:81:
         f2:24:83:44:18:a5:2a:97:d8:6c:33:48:96:7a:7f:a2:80:dd:
         f9:72:13:40:c8:5f:c3:d0:3d:6d:22:fd:cd:e2:b3:16:b1:d7:
         7d:09:2c:a8:ac:06:e6:aa:30:c1:82:37:12:09:cb:22:b0:70:
         1c:a5:ce:a6:6c:d2:d4:73:e0:da:09:1f:aa:2c:e3:37:af:6c:
         7f:ca:24:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4TfeGH2TZ+i7+qBdgxO+KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEwMjAwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFlNDhlMmY1Njg2MzdhOGQzZDQxYmE2MDRlYWM4ZTA0NzgxZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovIjzU968KlWmz4MmuA/kLW1a+a5
QA0euBBMAI+okUzNLmEoztcH0F8+ANjuBLXcGff9CcWwwGA6x5c/QlADV4AURZ62
amwEOpzJOMtikOvMYuFEyqXhWrHbNcQka/oxDMyIaPxq5JN1HfREjQPwa3mcDI4M
bK+ISB3Pl24rgGn8dgjKythsmqzvXqp88SBbREWhwq0tVIYojh9/29e+zIL1UQDf
bljukNoCTFwBSvme6v/D6fqlaTgx+LKebiuBaoUv/kI55MaSRHv1Kzcs4PFP6X5l
b/IdfBUjkTgLzK/VuBgxhhW6Bl/KiyVVqWQ5WGDD5zLjnXQ+B72cmD2HGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESuSOL1aGN6jT1BumBOrI4EeB/SMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUks1STR2Vm9ZM3FOUFVHNllFNnNqZ1I0SDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhurMA0G
CSqGSIb3DQEBCwUAA4IBAQCbXrlJSsEVXWUrTxleJJ1cTchSswXMcdjl4CS1GbzL
3rCG8mUsNp2PkrWrJJAjnDbRItUImRZ4u+GsVee3AN1kgUgwc2BxWLfp16u0MZv9
NDRTD/SNb87Ri0ZyN6sM05oYitrDsJDk29gnsyX3e1Cb2zSD5igypxFZ/xU/GLh5
6j/DXjH4ZFnZmNY4QDZIGXZpeGB9tb/uvJRCrlETx+gHggjsTP6Fpw1Y1oRBBmeP
/Rw4r4HyJINEGKUql9hsM0iWen+igN35chNAyF/D0D1tIv3N4rMWsdd9CSyorAbm
qjDBgjcSCcsisHAcpc6mbNLUc+DaCR+qLOM3r2x/yiRV
-----END CERTIFICATE-----