Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UrzZV-O4GQz1Ea95a1Yc9U9OXXU.roa
File:                     UrzZV-O4GQz1Ea95a1Yc9U9OXXU.roa (raw, json)
Hash identifier:          Gp0hJi5qbMp7RIhQiC02Gf6b4Ee+V+u95pvWoHh/dbE=
Subject key identifier:   52:BC:D9:57:E3:B8:19:0C:F5:11:AF:79:6B:56:1C:F5:4F:4E:5D:75
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D1B1D9F63142E5B2599D637FECB0DDAC4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UrzZV-O4GQz1Ea95a1Yc9U9OXXU.roa
Signing time:             Mon 23 Mar 2026 14:33:39 +0000
ROA not before:           Mon 23 Mar 2026 14:33:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206822
IP address blocks:        2.27.101.0/24 maxlen: 24
                          2.27.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:1d:9f:63:14:2e:5b:25:99:d6:37:fe:cb:0d:da:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 23 14:33:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52bcd957e3b8190cf511af796b561cf54f4e5d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:93:40:73:10:ef:17:06:f9:fc:69:d4:71:12:
                    17:35:e0:5d:4b:e1:bc:12:d4:f8:c7:02:df:cf:ff:
                    c2:14:6c:14:f2:db:70:77:2f:10:c3:d9:9a:c2:42:
                    31:a9:0b:d6:22:26:19:1c:f7:6a:8f:7d:f4:83:5f:
                    8a:c6:64:b9:ec:63:fd:f9:92:c1:d8:31:21:e6:db:
                    48:4d:ce:f9:b1:74:96:79:a1:7a:8d:d5:3e:5e:78:
                    8d:62:6b:71:17:ab:1e:29:3e:53:3f:eb:12:53:5c:
                    db:e7:89:2e:90:b5:66:aa:49:eb:18:3a:2f:5b:16:
                    60:b8:14:bf:bf:6a:af:26:7d:a6:03:f6:36:2b:72:
                    03:9e:14:d0:7e:54:b4:1c:ba:fe:93:2b:3e:3c:a5:
                    1c:a2:7d:7b:db:4f:19:d9:d9:1f:06:f5:41:ba:73:
                    63:71:96:33:78:b6:cf:10:63:05:00:34:ce:0e:fd:
                    41:d1:ff:53:53:aa:76:a4:34:b7:7d:08:9a:4e:6f:
                    e6:84:41:7b:8e:e9:e5:d9:4d:88:d3:f0:a9:06:66:
                    32:b6:59:4a:c8:59:4a:0d:e6:96:3a:41:ba:c5:78:
                    31:56:b3:98:ae:e0:7f:0c:35:75:7c:63:a8:2a:a5:
                    29:d6:76:49:25:e6:4d:f7:fe:9a:92:04:4a:d0:d7:
                    ce:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BC:D9:57:E3:B8:19:0C:F5:11:AF:79:6B:56:1C:F5:4F:4E:5D:75
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UrzZV-O4GQz1Ea95a1Yc9U9OXXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.101.0/24
                  2.27.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:1f:40:65:98:dc:a1:0f:92:bd:d8:ac:b4:f3:56:87:a3:12:
         19:86:07:ad:91:63:74:a7:b4:61:9c:49:c2:ba:b2:a8:63:26:
         65:04:a1:1a:3a:de:b4:69:6f:90:84:e3:10:d4:1b:04:b2:c0:
         09:e9:7f:4d:40:d0:06:76:3b:23:6b:3b:70:d1:0f:d7:53:f3:
         fe:1d:ad:bb:2e:f6:b7:ab:8e:8d:1d:76:b7:ad:b1:b5:e6:f9:
         d2:d7:38:11:b8:77:b3:18:74:4c:49:ee:c0:d6:13:04:99:31:
         01:00:47:e2:db:12:4c:1c:3b:8f:d1:c9:b3:b4:6f:60:7b:37:
         05:8e:7a:8c:0c:73:96:5d:dd:be:cf:e1:2d:16:2e:24:64:f8:
         fc:05:36:c0:3c:bd:00:d5:80:9f:7e:4a:5d:67:22:0c:88:c9:
         45:f1:1a:c3:3f:ea:9e:2c:b0:65:98:2a:7c:19:fd:14:94:fb:
         48:83:00:ce:9c:ab:72:c3:64:f0:44:cf:b2:2e:c5:3b:78:ca:
         97:29:d8:54:0c:d4:83:2b:8c:66:70:56:b1:24:2b:66:24:af:
         a9:b8:27:ec:8d:5b:7c:7e:b9:85:01:68:fb:53:7e:02:75:8a:
         95:6b:4d:45:55:ec:5c:ca:6f:95:25:4e:67:f4:dd:a2:c4:46:
         31:7e:03:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0bHZ9jFC5bJZnWN/7LDdrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIzMTQzMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmJjZDk1N2UzYjgxOTBjZjUxMWFmNzk2YjU2MWNmNTRmNGU1ZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JNAcxDvFwb5/GnUcRIXNeBdS+G8
EtT4xwLfz//CFGwU8ttwdy8Qw9mawkIxqQvWIiYZHPdqj330g1+KxmS57GP9+ZLB
2DEh5ttITc75sXSWeaF6jdU+XniNYmtxF6seKT5TP+sSU1zb54kukLVmqknrGDov
WxZguBS/v2qvJn2mA/Y2K3IDnhTQflS0HLr+kys+PKUcon17208Z2dkfBvVBunNj
cZYzeLbPEGMFADTODv1B0f9TU6p2pDS3fQiaTm/mhEF7junl2U2I0/CpBmYytllK
yFlKDeaWOkG6xXgxVrOYruB/DDV1fGOoKqUp1nZJJeZN9/6akgRK0NfOHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFK82VfjuBkM9RGveWtWHPVPTl11MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVXJ6WlYtTzRHUXoxRWE5NWExWWM5VTlPWFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtlAwQA
AhttMA0GCSqGSIb3DQEBCwUAA4IBAQAoH0BlmNyhD5K92Ky081aHoxIZhgetkWN0
p7RhnEnCurKoYyZlBKEaOt60aW+QhOMQ1BsEssAJ6X9NQNAGdjsjaztw0Q/XU/P+
Ha27Lva3q46NHXa3rbG15vnS1zgRuHezGHRMSe7A1hMEmTEBAEfi2xJMHDuP0cmz
tG9gezcFjnqMDHOWXd2+z+EtFi4kZPj8BTbAPL0A1YCffkpdZyIMiMlF8RrDP+qe
LLBlmCp8Gf0UlPtIgwDOnKtyw2TwRM+yLsU7eMqXKdhUDNSDK4xmcFaxJCtmJK+p
uCfsjVt8frmFAWj7U34CdYqVa01FVexcym+VJU5n9N2ixEYxfgNB
-----END CERTIFICATE-----