Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fzj9Nd1cUs-rEUOl1yXc3SCK6Rw.roa
File:                     fzj9Nd1cUs-rEUOl1yXc3SCK6Rw.roa (raw, json)
Hash identifier:          Yo/XFpQyEkrROxhdG+Q0Re1rPjvmLkAf94xbirw03u4=
Subject key identifier:   7F:38:FD:35:DD:5C:52:CF:AB:11:43:A5:D7:25:DC:DD:20:8A:E9:1C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D212F4594C16B840789FF8EE676666E4A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fzj9Nd1cUs-rEUOl1yXc3SCK6Rw.roa
Signing time:             Tue 24 Mar 2026 18:50:39 +0000
ROA not before:           Tue 24 Mar 2026 18:50:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        2.27.200.0/21 maxlen: 21
                          2.27.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 18:18:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:2f:45:94:c1:6b:84:07:89:ff:8e:e6:76:66:6e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 24 18:50:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f38fd35dd5c52cfab1143a5d725dcdd208ae91c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3a:6b:b5:2c:49:70:fc:64:b1:9b:c5:5b:67:
                    a8:57:f9:cd:9f:06:98:18:1d:9d:df:43:d9:74:49:
                    50:e9:a7:e2:3b:5c:2c:6d:02:5b:52:00:66:7b:f1:
                    93:69:80:78:c9:40:07:91:61:1d:bd:0a:32:02:72:
                    8b:55:21:4f:cf:88:02:9a:bb:8c:6b:c1:9d:f1:dc:
                    dd:db:20:59:26:32:7a:3c:d5:4f:00:35:5f:fd:e2:
                    51:21:0a:f0:17:f4:c3:34:09:5f:d8:21:64:2b:3a:
                    7f:e4:2f:21:20:66:65:e1:8f:c4:61:68:02:2f:b2:
                    36:a5:c4:b6:4f:3a:a8:a6:01:5b:37:4c:05:93:ec:
                    82:1d:14:82:b4:79:fb:eb:47:7a:44:98:40:a2:57:
                    13:2b:f6:09:d0:62:f7:28:bc:9d:d2:d7:25:73:21:
                    ad:d1:1a:d1:0c:b0:08:66:c9:eb:38:da:80:f9:9e:
                    bb:52:a9:78:4e:d3:0f:61:dd:d0:ab:05:bd:16:c5:
                    b5:c2:74:b0:3e:38:8d:56:b3:b5:30:87:7b:93:03:
                    d0:48:df:36:59:46:b5:b9:4a:50:27:e5:c0:81:1c:
                    fb:a6:92:29:f8:68:8b:b9:fa:85:91:99:ef:73:99:
                    ec:a6:10:70:e3:21:53:a5:ec:2f:6a:9a:20:35:f0:
                    5c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:38:FD:35:DD:5C:52:CF:AB:11:43:A5:D7:25:DC:DD:20:8A:E9:1C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fzj9Nd1cUs-rEUOl1yXc3SCK6Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.200.0/21
                  2.27.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         55:39:a2:cf:57:1a:5f:b6:5a:52:e1:88:da:78:d9:04:6b:6c:
         61:87:22:b5:66:e4:3c:42:91:45:5c:6a:c0:41:c1:fe:b7:ab:
         3c:7f:fe:db:e8:fb:37:6d:51:eb:68:bf:6b:20:b8:45:81:d0:
         47:1e:52:3b:e7:3a:e4:68:b8:08:08:c7:8e:25:f6:06:02:53:
         fa:d3:6e:e6:13:8c:8d:c4:bc:67:d4:10:f6:cb:ef:a8:19:d7:
         ec:19:37:37:f2:96:7e:b8:08:82:17:8e:5c:c0:5c:98:f9:18:
         32:f5:b6:61:d0:92:53:dd:0f:35:55:e7:8d:c4:c3:bd:d3:fb:
         85:6b:74:26:c0:3b:a6:d6:e8:78:a0:f9:88:7a:b0:11:80:d0:
         3e:a6:78:11:4c:a1:01:eb:80:27:b9:7a:56:2d:23:43:24:63:
         58:ee:34:e7:2d:bd:29:30:3b:83:3b:15:b4:d3:2e:2f:b3:ba:
         18:55:6a:88:c2:76:f6:28:06:a9:bf:97:b2:d7:f2:8f:2c:66:
         f0:70:2f:df:5b:98:69:ed:d2:36:31:e5:12:99:e9:30:3c:b3:
         ad:06:1e:d2:fb:00:1f:b6:2f:2e:42:e2:73:d4:83:d9:66:4e:
         f5:23:38:f3:10:be:45:fa:a9:69:cc:d9:01:2e:d4:33:10:81:
         e6:39:46:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0hL0WUwWuEB4n/juZ2Zm5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI0MTg1MDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM4ZmQzNWRkNWM1MmNmYWIxMTQzYTVkNzI1ZGNkZDIwOGFlOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzprtSxJcPxksZvFW2eoV/nNnwaY
GB2d30PZdElQ6afiO1wsbQJbUgBme/GTaYB4yUAHkWEdvQoyAnKLVSFPz4gCmruM
a8Gd8dzd2yBZJjJ6PNVPADVf/eJRIQrwF/TDNAlf2CFkKzp/5C8hIGZl4Y/EYWgC
L7I2pcS2TzqopgFbN0wFk+yCHRSCtHn760d6RJhAolcTK/YJ0GL3KLyd0tclcyGt
0RrRDLAIZsnrONqA+Z67Uql4TtMPYd3QqwW9FsW1wnSwPjiNVrO1MId7kwPQSN82
WUa1uUpQJ+XAgRz7ppIp+GiLufqFkZnvc5nsphBw4yFTpewvapogNfBc5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH84/TXdXFLPqxFDpdcl3N0giukcMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZnpqOU5kMWNVcy1yRVVPbDF5WGMzU0NLNlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDAhvIAwQD
AhvgMA0GCSqGSIb3DQEBCwUAA4IBAQBVOaLPVxpftlpS4YjaeNkEa2xhhyK1ZuQ8
QpFFXGrAQcH+t6s8f/7b6Ps3bVHraL9rILhFgdBHHlI75zrkaLgICMeOJfYGAlP6
027mE4yNxLxn1BD2y++oGdfsGTc38pZ+uAiCF45cwFyY+Rgy9bZh0JJT3Q81VeeN
xMO90/uFa3QmwDum1uh4oPmIerARgNA+pngRTKEB64AnuXpWLSNDJGNY7jTnLb0p
MDuDOxW00y4vs7oYVWqIwnb2KAapv5ey1/KPLGbwcC/fW5hp7dI2MeUSmekwPLOt
Bh7S+wAfti8uQuJz1IPZZk71IzjzEL5F+qlpzNkBLtQzEIHmOUZf
-----END CERTIFICATE-----