Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ar8sNtATI2OG7BOXer8aLgswxTw.roa
File:                     ar8sNtATI2OG7BOXer8aLgswxTw.roa (raw, json)
Hash identifier:          DC2yg3/PUPcY4p7MCw16FNTq4aeRcu2y+LKWmsto0jw=
Subject key identifier:   6A:BF:2C:36:D0:13:23:63:86:EC:13:97:7A:BF:1A:2E:0B:30:C5:3C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D11F204C10B4921B04E810A4654FE9570
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ar8sNtATI2OG7BOXer8aLgswxTw.roa
Signing time:             Sat 21 Mar 2026 19:49:26 +0000
ROA not before:           Sat 21 Mar 2026 19:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214578
IP address blocks:        2.27.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:f2:04:c1:0b:49:21:b0:4e:81:0a:46:54:fe:95:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 21 19:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6abf2c36d013236386ec13977abf1a2e0b30c53c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fe:46:d6:c5:4e:27:4a:f0:91:f0:6c:4f:f5:
                    12:e8:7b:0d:4a:7a:05:a6:0a:a1:e1:a0:c2:de:9c:
                    fd:a7:39:8a:0e:ff:98:ed:38:bc:1c:95:f0:fc:f2:
                    1a:45:90:63:e8:eb:fb:1e:f5:2f:49:8c:bb:0a:e4:
                    eb:1c:f6:d3:c7:3e:1c:3b:6f:ee:cc:40:39:5b:a4:
                    b9:ce:92:a3:96:6f:3f:1d:15:4d:cb:88:97:c9:a7:
                    96:be:08:84:99:f9:2f:40:62:5d:5f:f5:32:50:9a:
                    55:c1:9c:94:dc:65:a3:b6:8e:e7:a8:d7:39:14:a6:
                    03:60:ae:d5:8e:00:2a:39:34:67:2f:56:5a:2a:2c:
                    ba:cc:2c:f2:6f:84:f3:d1:72:26:80:da:7c:78:ec:
                    16:24:00:df:6d:2a:64:05:c6:b3:34:cc:8b:9b:00:
                    4e:00:97:3f:30:62:3d:32:dc:c8:9e:c1:97:9d:a9:
                    a3:c1:75:c5:0d:8e:c3:60:d3:f4:51:d2:38:ee:01:
                    63:8f:3a:c8:b5:9d:60:ee:30:ef:08:ce:b8:a4:d3:
                    5d:57:21:6d:e6:30:20:78:79:6b:7d:e7:5a:0e:40:
                    4d:68:c0:85:44:38:96:6c:6e:3c:0d:1b:c9:f2:88:
                    51:5d:84:85:17:d3:1e:31:15:df:27:72:2e:dc:c4:
                    bf:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:BF:2C:36:D0:13:23:63:86:EC:13:97:7A:BF:1A:2E:0B:30:C5:3C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ar8sNtATI2OG7BOXer8aLgswxTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:c4:b2:45:32:c4:70:54:a5:78:22:07:f6:6a:9c:33:2f:0f:
         5c:83:80:80:b7:7b:38:02:43:9d:9e:34:68:8d:4d:4a:76:11:
         e5:95:00:9a:4e:ad:1d:7c:d3:ba:fe:28:c9:1e:bf:30:cc:01:
         51:b0:1e:e7:a5:75:e7:b4:ac:2a:47:f2:4d:85:43:2c:a4:8a:
         b3:1c:46:27:d3:95:31:ab:b6:af:40:82:39:70:ed:27:59:76:
         72:17:e0:d1:d7:04:e7:b9:85:da:82:c5:26:e4:57:bf:6a:7e:
         81:0d:08:6a:f8:dc:3c:23:e6:61:23:89:99:70:de:76:d5:93:
         50:e2:9b:e8:bb:0c:57:ba:bb:bf:92:6f:30:c7:ef:d9:d6:f7:
         6f:26:20:86:5f:f6:48:c3:3c:b2:84:0c:ea:cb:1f:9c:b9:5e:
         0c:b7:3f:18:78:40:07:0f:2a:75:3e:9e:9b:92:e3:d3:d9:5a:
         ef:e3:81:6d:0c:3c:27:7b:2b:99:5d:19:b0:c1:92:bd:18:d6:
         36:d2:e8:5b:ac:02:ec:96:19:55:d0:db:e6:27:7d:47:7c:3a:
         e9:be:29:aa:ea:6e:3b:08:75:7e:63:41:00:c2:48:60:4c:f2:
         a6:f1:6d:67:d3:b0:9a:3a:d8:62:58:13:7f:a0:ec:ac:bf:5d:
         ee:96:79:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0R8gTBC0khsE6BCkZU/pVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIxMTk0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWJmMmMzNmQwMTMyMzYzODZlYzEzOTc3YWJmMWEyZTBiMzBjNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv5G1sVOJ0rwkfBsT/US6HsNSnoF
pgqh4aDC3pz9pzmKDv+Y7Ti8HJXw/PIaRZBj6Ov7HvUvSYy7CuTrHPbTxz4cO2/u
zEA5W6S5zpKjlm8/HRVNy4iXyaeWvgiEmfkvQGJdX/UyUJpVwZyU3GWjto7nqNc5
FKYDYK7VjgAqOTRnL1ZaKiy6zCzyb4Tz0XImgNp8eOwWJADfbSpkBcazNMyLmwBO
AJc/MGI9MtzInsGXnamjwXXFDY7DYNP0UdI47gFjjzrItZ1g7jDvCM64pNNdVyFt
5jAgeHlrfedaDkBNaMCFRDiWbG48DRvJ8ohRXYSFF9MeMRXfJ3Iu3MS/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGq/LDbQEyNjhuwTl3q/Gi4LMMU8MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYXI4c050QVRJMk9HN0JPWGVyOGFMZ3N3eFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtxMA0G
CSqGSIb3DQEBCwUAA4IBAQBixLJFMsRwVKV4Igf2apwzLw9cg4CAt3s4AkOdnjRo
jU1KdhHllQCaTq0dfNO6/ijJHr8wzAFRsB7npXXntKwqR/JNhUMspIqzHEYn05Ux
q7avQII5cO0nWXZyF+DR1wTnuYXagsUm5Fe/an6BDQhq+Nw8I+ZhI4mZcN521ZNQ
4pvouwxXuru/km8wx+/Z1vdvJiCGX/ZIwzyyhAzqyx+cuV4Mtz8YeEAHDyp1Pp6b
kuPT2Vrv44FtDDwneyuZXRmwwZK9GNY20uhbrALslhlV0NvmJ31HfDrpvimq6m47
CHV+Y0EAwkhgTPKm8W1n07CaOthiWBN/oOysv13ulnnJ
-----END CERTIFICATE-----