Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YUSMF7mKFl226zUPdXJ0lRE5nME.roa
File:                     YUSMF7mKFl226zUPdXJ0lRE5nME.roa (raw, json)
Hash identifier:          qh/lbKK0GOz7kib+tKPbHi/7dXbuSd32GbeTuiZWcbQ=
Subject key identifier:   61:44:8C:17:B9:8A:16:5D:B6:EB:35:0F:75:72:74:95:11:39:9C:C1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D209452F0A190BAB65029E9AC58CC512F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YUSMF7mKFl226zUPdXJ0lRE5nME.roa
Signing time:             Tue 24 Mar 2026 16:01:24 +0000
ROA not before:           Tue 24 Mar 2026 16:01:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53755
IP address blocks:        2.27.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:94:52:f0:a1:90:ba:b6:50:29:e9:ac:58:cc:51:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 24 16:01:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61448c17b98a165db6eb350f7572749511399cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:64:c5:83:4d:22:c4:cf:f5:54:6f:5c:22:a3:
                    cf:7f:27:01:2c:c5:59:08:9c:53:2e:7e:b0:a8:c2:
                    55:a5:63:2c:0b:a6:eb:e7:ac:05:93:ca:9b:b9:2d:
                    8f:24:92:f5:58:0c:ce:aa:f9:bf:09:e9:16:f9:a9:
                    41:e0:f1:1a:0a:01:9e:de:c6:cc:de:74:78:e6:47:
                    59:9c:0e:8d:25:d0:a7:8c:a9:40:d7:c0:18:e6:48:
                    8c:80:5c:5a:2c:ce:00:55:50:ed:bb:5d:e2:28:1a:
                    fa:29:e8:f5:9d:d2:37:00:bd:05:3d:89:15:46:f6:
                    6a:33:ef:12:c6:d3:1e:c6:b9:68:43:ff:98:48:8d:
                    76:d8:84:30:3b:20:15:b2:42:b8:3a:e6:9b:ec:d6:
                    f3:50:66:76:3b:f6:8f:2f:99:34:67:18:81:2c:cb:
                    04:d5:60:38:28:a6:fb:77:1b:45:c7:07:87:03:79:
                    b2:d6:34:6c:e2:9a:4f:f5:28:28:a2:8f:cb:f0:3f:
                    b0:70:72:50:8b:f3:12:6f:50:44:fe:de:b5:73:fb:
                    51:cd:22:eb:ba:f8:6a:d3:e9:5f:e1:22:fb:8a:59:
                    25:aa:15:84:25:51:cf:1f:35:c9:7e:20:32:42:9c:
                    7f:f4:91:05:44:d9:fb:7b:26:81:91:97:b7:9f:4a:
                    83:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:44:8C:17:B9:8A:16:5D:B6:EB:35:0F:75:72:74:95:11:39:9C:C1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YUSMF7mKFl226zUPdXJ0lRE5nME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ac:b9:b6:f5:25:79:9f:c9:c8:58:04:10:c6:de:ff:aa:ce:
         74:8f:63:0e:cd:d8:1c:03:d1:85:0d:9b:bd:d9:c8:58:3a:38:
         bb:e6:3c:46:7f:72:01:43:f9:29:fb:20:0a:00:17:10:37:35:
         16:f8:84:fa:69:ad:58:34:05:25:26:da:af:0c:47:5f:e3:bc:
         81:c2:15:9a:b0:3d:fd:ab:ea:9b:f2:ba:54:bf:05:ee:c7:50:
         56:0f:c3:be:c8:77:2d:91:57:ee:18:a3:95:c3:8b:91:26:79:
         35:e0:9d:52:93:a6:32:bd:07:d8:dd:da:85:cc:50:5c:27:d6:
         28:eb:1f:47:f2:07:c9:43:73:55:72:e6:46:c8:72:75:00:ba:
         a0:4d:45:2b:0a:df:90:0c:91:46:90:e9:9a:17:e5:cf:f0:69:
         c3:a7:e3:d7:ea:74:87:30:69:0d:ab:0c:1f:c6:a4:20:c2:67:
         a6:5a:46:44:b7:6b:0e:a0:70:c6:e4:e7:82:18:d3:1a:82:d9:
         3e:46:77:73:a5:6e:3d:8d:56:b6:e4:7c:ea:d1:53:d6:2f:40:
         2b:7e:da:12:0a:f6:28:91:0a:1b:6a:cb:80:d0:c3:75:1b:28:
         ac:4c:aa:67:db:09:96:ce:4f:df:3b:05:ed:b3:49:61:32:89:
         2a:f7:f1:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0glFLwoZC6tlAp6axYzFEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI0MTYwMTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQ0OGMxN2I5OGExNjVkYjZlYjM1MGY3NTcyNzQ5NTExMzk5Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+WTFg00ixM/1VG9cIqPPfycBLMVZ
CJxTLn6wqMJVpWMsC6br56wFk8qbuS2PJJL1WAzOqvm/CekW+alB4PEaCgGe3sbM
3nR45kdZnA6NJdCnjKlA18AY5kiMgFxaLM4AVVDtu13iKBr6Kej1ndI3AL0FPYkV
RvZqM+8SxtMexrloQ/+YSI122IQwOyAVskK4Ouab7NbzUGZ2O/aPL5k0ZxiBLMsE
1WA4KKb7dxtFxweHA3my1jRs4ppP9Sgooo/L8D+wcHJQi/MSb1BE/t61c/tRzSLr
uvhq0+lf4SL7ilklqhWEJVHPHzXJfiAyQpx/9JEFRNn7eyaBkZe3n0qDRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFEjBe5ihZdtus1D3VydJUROZzBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWVVTTUY3bUtGbDIyNnpVUGRYSjBsUkU1bk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtnMA0G
CSqGSIb3DQEBCwUAA4IBAQBdrLm29SV5n8nIWAQQxt7/qs50j2MOzdgcA9GFDZu9
2chYOji75jxGf3IBQ/kp+yAKABcQNzUW+IT6aa1YNAUlJtqvDEdf47yBwhWasD39
q+qb8rpUvwXux1BWD8O+yHctkVfuGKOVw4uRJnk14J1Sk6YyvQfY3dqFzFBcJ9Yo
6x9H8gfJQ3NVcuZGyHJ1ALqgTUUrCt+QDJFGkOmaF+XP8GnDp+PX6nSHMGkNqwwf
xqQgwmemWkZEt2sOoHDG5OeCGNMagtk+RndzpW49jVa25Hzq0VPWL0ArftoSCvYo
kQobasuA0MN1GyisTKpn2wmWzk/fOwXts0lhMokq9/Fq
-----END CERTIFICATE-----