Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lWoqd3HKb5sALNNXx_SLgBxakgE.roa
File:                     lWoqd3HKb5sALNNXx_SLgBxakgE.roa (raw, json)
Hash identifier:          rGHw40cgOtw2QezsRzAJECX06Epa24suE/zBqOteyaI=
Subject key identifier:   95:6A:2A:77:71:CA:6F:9B:00:2C:D3:57:C7:F4:8B:80:1C:5A:92:01
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DFE2448420EFFE9D05A482AED4ADD64FB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lWoqd3HKb5sALNNXx_SLgBxakgE.roa
Signing time:             Wed 06 May 2026 16:34:43 +0000
ROA not before:           Wed 06 May 2026 16:34:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        2.26.165.0/24 maxlen: 24
                          2.27.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:24:48:42:0e:ff:e9:d0:5a:48:2a:ed:4a:dd:64:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  6 16:34:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=956a2a7771ca6f9b002cd357c7f48b801c5a9201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4a:c9:14:34:3b:a1:9e:f6:6b:6a:7e:cd:e5:
                    29:ac:2c:72:e1:24:c2:70:0d:58:ab:89:08:d5:21:
                    e5:dd:7f:d6:0e:3a:fd:23:5b:50:73:7b:30:86:6a:
                    2a:48:2d:49:c5:55:e3:3b:c4:c8:a9:c2:f5:bc:5d:
                    03:01:08:ad:08:a5:50:dd:77:71:f1:2f:61:a0:a3:
                    b8:34:92:47:c6:ff:80:10:98:18:1a:44:25:9f:73:
                    f3:78:80:08:b0:7c:40:34:68:e9:f5:a3:64:94:12:
                    fe:ea:bd:d4:65:ef:09:db:7c:0c:22:e7:7f:b2:84:
                    0f:d9:c8:00:b1:f7:41:49:3e:b4:ae:26:e7:0b:c9:
                    0f:f3:3c:0d:16:bc:f2:04:2d:5b:cc:49:af:ef:d3:
                    e5:55:9c:e4:d8:03:d1:11:df:e2:dc:08:66:cc:28:
                    7e:54:0e:24:3e:e2:ff:16:59:26:7f:34:75:51:b4:
                    20:5b:bc:fb:23:92:cb:2c:56:d0:23:a1:ad:a1:9b:
                    fe:97:a3:7c:b3:63:94:09:b5:1e:e0:44:46:ae:a9:
                    82:87:8b:85:76:e6:09:cd:e0:25:f2:1d:88:ae:b6:
                    d4:b3:b0:fd:1e:46:7b:95:0a:dd:e1:ea:f0:45:e9:
                    25:2d:5f:9f:43:2e:8e:9a:f6:8d:3c:7b:e0:b9:25:
                    2b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:6A:2A:77:71:CA:6F:9B:00:2C:D3:57:C7:F4:8B:80:1C:5A:92:01
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lWoqd3HKb5sALNNXx_SLgBxakgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.165.0/24
                  2.27.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:82:9f:e7:95:e8:c4:8b:7d:76:22:60:4d:72:52:d5:4a:23:
         9f:09:85:a6:20:8b:c0:f8:51:7d:f2:dc:71:d8:c8:b6:66:c7:
         c5:94:e2:de:9d:79:ad:fc:99:1d:fb:7e:ed:17:9d:81:c3:6f:
         d6:6d:e9:c2:71:a9:77:0d:83:af:af:ec:ed:71:5d:af:3a:9b:
         dd:fc:50:b8:15:6d:a2:12:6d:5c:31:ee:88:e0:58:fb:8f:74:
         b6:6a:b3:88:50:29:68:b8:75:15:0f:43:51:2c:9f:87:16:cb:
         56:b1:e6:e1:a1:a5:e7:b7:39:0f:7e:f4:7c:45:82:44:c9:07:
         93:a6:87:c3:a0:56:f6:70:0d:33:e0:95:e1:1d:6c:f3:22:cc:
         eb:34:e9:2d:ab:88:d8:36:5b:44:ea:09:98:5c:d9:ba:10:c2:
         85:a8:b6:69:ed:e0:6e:6b:f0:61:8f:94:d7:2e:5a:ab:1d:ef:
         8d:70:06:29:ff:38:e9:31:e0:a8:bd:31:ea:be:f6:b2:4c:6a:
         f6:00:1e:8a:38:fe:d8:b1:7d:6a:d9:c4:ca:4a:ee:d1:6d:2e:
         b5:10:bf:d0:ed:40:b4:5b:ef:05:b5:15:67:96:0c:1b:f4:bc:
         1c:69:44:93:1a:9e:b5:2f:da:7d:fc:65:d2:3c:6e:13:7a:ee:
         10:43:44:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3+JEhCDv/p0FpIKu1K3WT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA2MTYzNDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTZhMmE3NzcxY2E2ZjliMDAyY2QzNTdjN2Y0OGI4MDFjNWE5MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErJFDQ7oZ72a2p+zeUprCxy4STC
cA1Yq4kI1SHl3X/WDjr9I1tQc3swhmoqSC1JxVXjO8TIqcL1vF0DAQitCKVQ3Xdx
8S9hoKO4NJJHxv+AEJgYGkQln3PzeIAIsHxANGjp9aNklBL+6r3UZe8J23wMIud/
soQP2cgAsfdBST60ribnC8kP8zwNFrzyBC1bzEmv79PlVZzk2APREd/i3AhmzCh+
VA4kPuL/FlkmfzR1UbQgW7z7I5LLLFbQI6GtoZv+l6N8s2OUCbUe4ERGrqmCh4uF
duYJzeAl8h2IrrbUs7D9HkZ7lQrd4erwReklLV+fQy6OmvaNPHvguSUrzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJVqKndxym+bACzTV8f0i4AcWpIBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbFdvcWQzSEtiNXNBTE5OWHhfU0xnQnhha2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqlAwQA
AhueMA0GCSqGSIb3DQEBCwUAA4IBAQBkgp/nlejEi312ImBNclLVSiOfCYWmIIvA
+FF98txx2Mi2ZsfFlOLenXmt/Jkd+37tF52Bw2/WbenCcal3DYOvr+ztcV2vOpvd
/FC4FW2iEm1cMe6I4Fj7j3S2arOIUClouHUVD0NRLJ+HFstWsebhoaXntzkPfvR8
RYJEyQeTpofDoFb2cA0z4JXhHWzzIszrNOktq4jYNltE6gmYXNm6EMKFqLZp7eBu
a/Bhj5TXLlqrHe+NcAYp/zjpMeCovTHqvvayTGr2AB6KOP7YsX1q2cTKSu7RbS61
EL/Q7UC0W+8FtRVnlgwb9LwcaUSTGp61L9p9/GXSPG4Teu4QQ0Qu
-----END CERTIFICATE-----