Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qcTwHXo-lMip9vQSEKOvv05Q8EI.roa
File:                     qcTwHXo-lMip9vQSEKOvv05Q8EI.roa (raw, json)
Hash identifier:          Y5OxZlzyZbz08Yr4e+hmMU6P0/Ik7HO8Y+Dc8ZS5LDw=
Subject key identifier:   A9:C4:F0:1D:7A:3E:94:C8:A9:F6:F4:12:10:A3:AF:BF:4E:50:F0:42
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF93A2E5A981B5B76320CACFF0E87721D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qcTwHXo-lMip9vQSEKOvv05Q8EI.roa
Signing time:             Tue 05 May 2026 17:40:32 +0000
ROA not before:           Tue 05 May 2026 17:40:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203154
IP address blocks:        2.26.4.0/24 maxlen: 24
                          2.26.5.0/24 maxlen: 24
                          2.26.6.0/24 maxlen: 24
                          2.27.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:3a:2e:5a:98:1b:5b:76:32:0c:ac:ff:0e:87:72:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  5 17:40:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9c4f01d7a3e94c8a9f6f41210a3afbf4e50f042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ac:54:5f:ef:d3:1c:98:c1:2d:62:5c:a5:b5:
                    79:05:8e:1f:80:4b:83:26:f1:af:34:dd:9d:40:06:
                    cc:2f:0e:93:e3:7a:89:92:c3:64:8b:62:ec:15:e7:
                    fc:f3:fd:65:81:14:65:12:25:12:26:fc:69:b0:5e:
                    a0:ea:51:04:1d:e6:c2:04:66:53:bb:43:29:d6:bf:
                    8d:fd:1f:98:4d:ae:b8:d5:ab:21:3e:b1:d0:42:ba:
                    14:f1:30:3c:4a:9d:c1:6f:7c:db:be:05:c5:71:ad:
                    d7:3f:5e:d6:78:bd:30:56:c6:d4:5e:9f:41:42:4c:
                    96:22:bb:58:c6:2c:de:58:05:ef:68:52:9d:2c:44:
                    43:30:fd:bb:f0:c2:08:3b:b5:9d:66:12:d3:2d:86:
                    36:e6:88:1c:65:17:75:d9:51:cb:ed:6d:29:81:a6:
                    54:9c:69:54:74:86:f4:d7:67:71:80:13:14:ea:3b:
                    42:ec:88:81:bb:d1:e4:98:14:98:b4:ec:ef:c3:51:
                    81:90:9a:e4:7b:6f:eb:68:0f:06:b9:ef:ea:f4:86:
                    12:74:b7:e8:ee:5e:74:b0:46:b9:67:7d:5c:dc:25:
                    9e:71:a1:f2:7e:e7:b2:2d:b2:63:c8:5d:e5:16:74:
                    3b:45:45:2d:d4:7d:67:36:f3:d5:bd:d9:af:6a:35:
                    d9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C4:F0:1D:7A:3E:94:C8:A9:F6:F4:12:10:A3:AF:BF:4E:50:F0:42
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qcTwHXo-lMip9vQSEKOvv05Q8EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.4.0-2.26.6.255
                  2.27.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:40:6f:4c:73:bf:2d:c6:e9:6b:45:26:53:6a:7f:b0:4f:50:
         cc:f2:13:57:35:09:a0:5f:f3:70:fa:8b:1a:a0:1e:ab:d0:91:
         11:b4:3b:d9:0e:b8:a1:05:3d:e8:0a:11:67:7d:e5:a3:77:0e:
         84:df:c2:29:d2:c1:75:e7:7b:db:f8:b7:8b:19:94:fb:7a:6d:
         44:fc:60:9c:91:df:17:1d:e0:5b:8e:5b:59:70:bb:b7:3b:cf:
         fc:e8:e9:03:47:8f:99:16:1c:9c:97:a5:50:75:24:84:39:6b:
         38:a5:b3:9e:87:18:5c:c2:f2:29:bd:0a:c6:ea:48:0e:15:1f:
         1d:d5:e7:4d:2d:91:00:6b:d8:52:1b:50:52:65:a1:8d:f5:c5:
         96:11:07:69:f2:43:b2:7b:9a:6d:34:c2:44:2a:cc:83:a0:34:
         88:84:d7:f9:15:62:9f:eb:93:f0:73:21:66:80:99:2c:af:50:
         dc:d7:c0:9c:38:9b:71:21:6f:b8:1d:10:90:f9:00:4d:4f:de:
         d7:18:d6:24:dd:0a:0a:f5:ee:87:e0:5d:65:2b:6f:32:68:c8:
         dc:ef:08:0e:ef:4e:b1:1b:6f:22:f8:c6:72:be:65:70:32:e9:
         9e:28:b0:63:1d:d7:d8:f0:18:48:45:f1:09:92:d9:09:a2:f9:
         8e:46:cf:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ35Oi5amBtbdjIMrP8Oh3IdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA1MTc0MDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM0ZjAxZDdhM2U5NGM4YTlmNmY0MTIxMGEzYWZiZjRlNTBmMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5axUX+/THJjBLWJcpbV5BY4fgEuD
JvGvNN2dQAbMLw6T43qJksNki2LsFef88/1lgRRlEiUSJvxpsF6g6lEEHebCBGZT
u0Mp1r+N/R+YTa641ashPrHQQroU8TA8Sp3Bb3zbvgXFca3XP17WeL0wVsbUXp9B
QkyWIrtYxizeWAXvaFKdLERDMP278MIIO7WdZhLTLYY25ogcZRd12VHL7W0pgaZU
nGlUdIb012dxgBMU6jtC7IiBu9HkmBSYtOzvw1GBkJrke2/raA8Gue/q9IYSdLfo
7l50sEa5Z31c3CWecaHyfueyLbJjyF3lFnQ7RUUt1H1nNvPVvdmvajXZ1wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKnE8B16PpTIqfb0EhCjr79OUPBCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcWNUd0hYby1sTWlwOXZRU0VLT3Z2MDVROEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAICGgQD
BAACGgYDBAACGzgwDQYJKoZIhvcNAQELBQADggEBALZAb0xzvy3G6WtFJlNqf7BP
UMzyE1c1CaBf83D6ixqgHqvQkRG0O9kOuKEFPegKEWd95aN3DoTfwinSwXXne9v4
t4sZlPt6bUT8YJyR3xcd4FuOW1lwu7c7z/zo6QNHj5kWHJyXpVB1JIQ5azils56H
GFzC8im9CsbqSA4VHx3V500tkQBr2FIbUFJloY31xZYRB2nyQ7J7mm00wkQqzIOg
NIiE1/kVYp/rk/BzIWaAmSyvUNzXwJw4m3Ehb7gdEJD5AE1P3tcY1iTdCgr17ofg
XWUrbzJoyNzvCA7vTrEbbyL4xnK+ZXAy6Z4osGMd19jwGEhF8QmS2Qmi+Y5Gz/c=
-----END CERTIFICATE-----