Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/eVLFR2D1KEcV4ByEOUtgIkZsef4.roa
File:                     eVLFR2D1KEcV4ByEOUtgIkZsef4.roa (raw, json)
Hash identifier:          yzSbcQMFolsa7/e0Cz00G9+T6OGt7xAXMwuzfiZ6h/U=
Subject key identifier:   79:52:C5:47:60:F5:28:47:15:E0:1C:84:39:4B:60:22:46:6C:79:FE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF9068D3FE07A720F993624AEED47EDB8
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/eVLFR2D1KEcV4ByEOUtgIkZsef4.roa
Signing time:             Tue 05 May 2026 16:44:09 +0000
ROA not before:           Tue 05 May 2026 16:44:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210576
IP address blocks:        2.27.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:06:8d:3f:e0:7a:72:0f:99:36:24:ae:ed:47:ed:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  5 16:44:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7952c54760f5284715e01c84394b6022466c79fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:10:f3:4d:87:92:df:87:47:6d:7b:8c:02:
                    a0:b0:88:9a:44:bd:b1:4c:07:49:fa:76:86:9b:c1:
                    22:f0:b4:25:9d:02:03:84:1e:d0:fd:70:e5:82:07:
                    f6:e5:ac:05:fa:7d:d7:bf:be:f3:b0:a4:f1:66:c0:
                    2f:07:16:22:14:1e:d4:14:ae:63:fe:57:a9:50:91:
                    1b:a2:bf:bd:04:06:5f:17:4f:c2:0f:ec:cb:4c:6c:
                    5d:50:bb:04:e0:1b:31:df:96:b8:16:c9:8e:77:2c:
                    ec:52:21:ea:7f:a7:2f:d5:61:9b:2f:f4:55:f5:bf:
                    bd:6f:f8:72:67:12:77:24:47:63:fa:01:1a:36:c3:
                    4e:83:f0:35:32:0c:58:21:b3:af:8b:ff:23:fb:a7:
                    68:a7:c3:cf:84:54:58:98:70:67:8f:92:14:42:b5:
                    c2:e7:8b:13:3a:29:95:47:f4:2a:70:d6:5b:c3:4b:
                    1a:01:5d:3f:b3:9f:1f:8e:a2:af:62:5f:08:60:32:
                    6c:91:84:15:ce:ba:3e:4d:0e:d4:38:85:ff:53:80:
                    75:5b:3d:75:9e:86:fd:52:61:ac:f4:aa:1e:c9:2f:
                    5d:23:df:be:38:54:06:a2:2a:50:63:e5:be:8f:62:
                    0e:84:19:fa:66:cb:29:89:5f:e6:81:58:b4:f3:b1:
                    24:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:52:C5:47:60:F5:28:47:15:E0:1C:84:39:4B:60:22:46:6C:79:FE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/eVLFR2D1KEcV4ByEOUtgIkZsef4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:62:22:2b:10:12:8e:3c:80:f4:8b:7b:6d:86:33:f7:4b:7e:
         80:4b:74:a6:04:f9:41:db:9e:54:93:09:3a:70:3b:94:c3:0f:
         a8:51:13:dc:b6:5e:6b:d4:f7:32:cf:1d:22:06:dd:86:5d:cc:
         70:2d:f1:a5:c3:f4:0c:2e:3d:22:63:2b:b6:3a:02:44:97:a4:
         b7:5d:6d:51:c7:79:89:f1:fe:08:51:6b:b5:52:18:e2:80:33:
         76:5b:f8:46:bf:6b:84:32:06:78:d2:b1:ea:51:07:99:27:db:
         b3:0c:cc:fb:4f:7d:29:cf:27:e0:c3:80:66:5f:59:38:87:97:
         2f:22:8a:07:27:c6:6c:04:07:e0:5e:aa:22:03:41:d8:64:4a:
         86:00:2a:dc:71:11:1b:31:f1:54:62:9c:e5:5d:07:d1:3e:6f:
         8b:e9:67:c9:f4:e9:08:e7:c7:d6:00:24:b4:56:14:ca:8e:0b:
         43:c3:5b:a5:d6:55:b8:9c:49:31:0c:07:15:e0:bc:e2:f2:7a:
         71:51:16:e6:e8:d1:b6:d7:b5:08:d0:87:bd:be:9f:f8:ca:23:
         53:c4:95:4f:1b:b7:95:aa:98:04:46:44:55:94:ae:41:70:c6:
         f3:6d:3d:37:69:3a:65:e9:98:b3:56:64:11:90:01:3a:44:5c:
         7f:25:5f:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ35Bo0/4HpyD5k2JK7tR+24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA1MTY0NDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUyYzU0NzYwZjUyODQ3MTVlMDFjODQzOTRiNjAyMjQ2NmM3OWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8gQ802Hkt+HR217jAKgsIiaRL2x
TAdJ+naGm8Ei8LQlnQIDhB7Q/XDlggf25awF+n3Xv77zsKTxZsAvBxYiFB7UFK5j
/lepUJEbor+9BAZfF0/CD+zLTGxdULsE4Bsx35a4FsmOdyzsUiHqf6cv1WGbL/RV
9b+9b/hyZxJ3JEdj+gEaNsNOg/A1MgxYIbOvi/8j+6dop8PPhFRYmHBnj5IUQrXC
54sTOimVR/QqcNZbw0saAV0/s58fjqKvYl8IYDJskYQVzro+TQ7UOIX/U4B1Wz11
nob9UmGs9KoeyS9dI9++OFQGoipQY+W+j2IOhBn6ZsspiV/mgVi087EkdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlSxUdg9ShHFeAchDlLYCJGbHn+MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZVZMRlIyRDFLRWNWNEJ5RU9VdGdJa1pzZWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtoMA0G
CSqGSIb3DQEBCwUAA4IBAQAzYiIrEBKOPID0i3tthjP3S36AS3SmBPlB255Ukwk6
cDuUww+oURPctl5r1Pcyzx0iBt2GXcxwLfGlw/QMLj0iYyu2OgJEl6S3XW1Rx3mJ
8f4IUWu1UhjigDN2W/hGv2uEMgZ40rHqUQeZJ9uzDMz7T30pzyfgw4BmX1k4h5cv
IooHJ8ZsBAfgXqoiA0HYZEqGACrccREbMfFUYpzlXQfRPm+L6WfJ9OkI58fWACS0
VhTKjgtDw1ul1lW4nEkxDAcV4Lzi8npxURbm6NG217UI0Ie9vp/4yiNTxJVPG7eV
qpgERkRVlK5BcMbzbT03aTpl6ZizVmQRkAE6RFx/JV9o
-----END CERTIFICATE-----