Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oIXY4ll2caCvjvL_S7JsEuZHtxY.roa
File:                     oIXY4ll2caCvjvL_S7JsEuZHtxY.roa (raw, json)
Hash identifier:          YkztvVrgjtm+IzwQo2U/Tgl5csRO/DjIxAX9a5ddn3c=
Subject key identifier:   A0:85:D8:E2:59:76:71:A0:AF:8E:F2:FF:4B:B2:6C:12:E6:47:B7:16
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D1BE2753B1ABACB2AC54A41492AEE0773
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oIXY4ll2caCvjvL_S7JsEuZHtxY.roa
Signing time:             Mon 23 Mar 2026 18:08:39 +0000
ROA not before:           Mon 23 Mar 2026 18:08:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154408
IP address blocks:        2.27.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:e2:75:3b:1a:ba:cb:2a:c5:4a:41:49:2a:ee:07:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 23 18:08:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a085d8e2597671a0af8ef2ff4bb26c12e647b716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:35:30:9c:79:83:83:d2:44:53:4d:c7:e6:ee:
                    a7:7d:66:c6:8c:a4:26:44:b7:d0:c8:db:c9:1d:86:
                    b0:91:05:54:d0:87:0c:db:d6:cc:71:52:49:bf:08:
                    ff:7b:cd:93:a4:98:17:67:8e:62:30:c1:f3:db:75:
                    a1:a3:00:d4:a4:d2:7c:9e:83:28:f0:ae:66:77:6f:
                    ca:32:fd:ba:c6:b2:c8:b9:4e:9f:7f:5b:2c:63:79:
                    86:bb:91:83:cd:8e:e0:a6:74:23:49:61:91:51:e4:
                    dc:52:e4:2c:c8:8c:08:bc:94:cc:10:9d:c9:63:f1:
                    2e:e4:be:17:90:29:9d:2e:e5:1a:3e:07:f1:47:7e:
                    4d:80:34:3c:c6:32:ba:b3:b6:72:68:40:83:2b:63:
                    16:fe:f5:e8:af:7d:a1:77:87:f0:57:5f:60:45:9a:
                    de:d5:c7:4a:30:49:8e:da:ed:a2:6d:6d:86:dd:21:
                    76:9d:59:0c:cc:9e:cb:f6:9c:56:f9:45:d4:aa:b8:
                    16:17:01:d4:94:f1:aa:97:70:7a:bc:32:f7:5e:5c:
                    a5:ca:12:5c:8f:8d:34:5b:bf:06:06:2e:2a:fd:c7:
                    a0:bd:c0:59:fc:b2:ee:33:1d:80:e4:82:c7:38:86:
                    c8:93:c2:1c:e9:5f:86:13:a4:90:7e:ba:df:5a:ef:
                    02:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:85:D8:E2:59:76:71:A0:AF:8E:F2:FF:4B:B2:6C:12:E6:47:B7:16
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oIXY4ll2caCvjvL_S7JsEuZHtxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f7:4a:5b:7a:c6:3e:36:a2:90:b5:41:3f:e1:39:0f:77:61:
         d2:59:7b:cc:2e:39:74:12:43:b8:1c:3a:da:47:b2:2f:55:f6:
         f4:ea:85:ce:e0:16:e8:75:f9:3f:f6:30:04:49:d2:5d:02:9f:
         a8:5c:34:71:6b:5b:7d:39:2d:2c:27:03:0a:15:be:94:bf:1f:
         d8:59:09:29:91:4e:8e:0a:20:2f:5e:2a:d3:3e:82:04:09:e6:
         19:b9:31:23:d2:b7:cf:37:dd:41:d9:18:a8:85:46:e6:c9:ed:
         40:22:c2:dc:08:93:15:d6:c4:7b:50:22:ed:36:e2:5f:17:f0:
         7e:85:52:e5:5d:eb:71:88:43:48:9c:16:86:b6:9f:14:30:ab:
         8d:9d:05:ab:9d:97:ce:8e:ae:fc:5f:28:bd:bf:d9:79:61:31:
         bc:c5:85:37:60:c3:c8:72:1c:3c:22:85:9f:30:a8:d8:db:83:
         b9:6a:a6:f7:7e:78:92:3f:d7:ef:d3:6a:60:2f:a7:9a:94:19:
         84:56:af:d8:76:4d:8f:84:f1:f0:20:02:3d:ee:bc:17:ea:14:
         70:ff:7c:43:c7:e5:2d:19:d8:df:ed:5d:45:f3:96:83:eb:8d:
         de:9f:dc:52:21:d5:53:34:37:48:0e:1a:17:78:c6:99:2d:5e:
         35:b5:ef:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0b4nU7GrrLKsVKQUkq7gdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIzMTgwODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDg1ZDhlMjU5NzY3MWEwYWY4ZWYyZmY0YmIyNmMxMmU2NDdiNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDUwnHmDg9JEU03H5u6nfWbGjKQm
RLfQyNvJHYawkQVU0IcM29bMcVJJvwj/e82TpJgXZ45iMMHz23WhowDUpNJ8noMo
8K5md2/KMv26xrLIuU6ff1ssY3mGu5GDzY7gpnQjSWGRUeTcUuQsyIwIvJTMEJ3J
Y/Eu5L4XkCmdLuUaPgfxR35NgDQ8xjK6s7ZyaECDK2MW/vXor32hd4fwV19gRZre
1cdKMEmO2u2ibW2G3SF2nVkMzJ7L9pxW+UXUqrgWFwHUlPGql3B6vDL3XlylyhJc
j400W78GBi4q/cegvcBZ/LLuMx2A5ILHOIbIk8Ic6V+GE6SQfrrfWu8C1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCF2OJZdnGgr47y/0uybBLmR7cWMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb0lYWTRsbDJjYUN2anZMX1M3SnNFdVpIdHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtvMA0G
CSqGSIb3DQEBCwUAA4IBAQAg90pbesY+NqKQtUE/4TkPd2HSWXvMLjl0EkO4HDra
R7IvVfb06oXO4Bbodfk/9jAESdJdAp+oXDRxa1t9OS0sJwMKFb6Uvx/YWQkpkU6O
CiAvXirTPoIECeYZuTEj0rfPN91B2RiohUbmye1AIsLcCJMV1sR7UCLtNuJfF/B+
hVLlXetxiENInBaGtp8UMKuNnQWrnZfOjq78Xyi9v9l5YTG8xYU3YMPIchw8IoWf
MKjY24O5aqb3fniSP9fv02pgL6ealBmEVq/Ydk2PhPHwIAI97rwX6hRw/3xDx+Ut
Gdjf7V1F85aD643en9xSIdVTNDdIDhoXeMaZLV41te+o
-----END CERTIFICATE-----