Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rP1Wdy7QZn8DZVaFE7wu9TO0QlE.roa
File:                     rP1Wdy7QZn8DZVaFE7wu9TO0QlE.roa (raw, json)
Hash identifier:          QEEJUehv/NRUxddf1jlQYDMWJWrQ81Qt5F9EjjpLhu8=
Subject key identifier:   AC:FD:56:77:2E:D0:66:7F:03:65:56:85:13:BC:2E:F5:33:B4:42:51
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D1B1DA048E5F9F19974286370EFFA5B1D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rP1Wdy7QZn8DZVaFE7wu9TO0QlE.roa
Signing time:             Mon 23 Mar 2026 14:33:39 +0000
ROA not before:           Mon 23 Mar 2026 14:33:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209876
IP address blocks:        2.27.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 18:18:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:1d:a0:48:e5:f9:f1:99:74:28:63:70:ef:fa:5b:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 23 14:33:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acfd56772ed0667f0365568513bc2ef533b44251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:38:32:93:c8:f7:c7:1d:bf:ce:ea:95:ee:89:
                    e5:a3:a0:7d:67:ce:ac:07:3e:2c:71:c4:30:fe:61:
                    17:bc:01:dc:12:5f:a0:64:36:f1:24:35:a9:c9:ac:
                    2c:df:bb:f4:0d:ed:cd:91:df:26:d1:4c:dd:47:8f:
                    64:e4:86:30:ed:76:da:32:b7:7e:b1:2a:45:b2:81:
                    d4:fb:a3:2c:b0:43:a2:e2:93:2b:3e:35:f5:c1:55:
                    1c:5e:0e:ec:0b:05:90:61:6d:52:32:62:6a:5c:39:
                    05:20:e8:e3:8c:33:2a:eb:b3:fc:b5:0f:3e:ab:5e:
                    d1:dc:09:a1:ae:51:05:8c:f0:7e:77:45:4c:08:df:
                    a7:53:1c:33:24:73:3c:9a:7c:08:6f:8f:1c:35:db:
                    cd:df:e7:bc:35:b0:e1:19:ac:65:17:74:f6:e8:a3:
                    ae:7e:f7:1a:d1:5a:59:8b:ad:4f:a1:24:81:50:bb:
                    2d:b1:01:0a:fd:84:77:52:cd:fa:cc:b6:c4:30:0e:
                    0d:24:dd:64:50:c8:f0:f4:20:c6:d0:fa:de:67:0d:
                    bc:59:95:e6:e1:a7:f2:a0:8c:d7:85:05:ce:79:18:
                    2e:e4:51:fb:a5:df:97:53:03:4f:7b:3d:80:ec:48:
                    6e:c8:00:11:50:df:dc:68:28:e7:c4:50:af:70:ce:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FD:56:77:2E:D0:66:7F:03:65:56:85:13:BC:2E:F5:33:B4:42:51
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rP1Wdy7QZn8DZVaFE7wu9TO0QlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f7:0d:4f:fc:08:79:a0:8c:a0:05:5e:2c:b4:c3:71:57:9a:
         6d:91:92:81:9f:ec:2c:72:5c:bb:80:e3:c9:fc:02:a4:e3:99:
         82:a9:65:cc:de:d9:fd:8c:5e:24:10:3b:23:6b:52:3f:c3:07:
         64:f4:68:7c:4d:2d:2f:cc:97:a3:1d:a1:39:af:ab:77:88:b0:
         9b:48:55:a1:2a:75:41:b1:65:ac:aa:bc:5b:79:89:b4:5f:b9:
         33:9d:54:81:05:14:c9:1b:72:a7:a8:c8:82:86:37:08:0d:7a:
         d9:d9:80:c1:c4:dd:c8:cb:34:22:4f:1a:7c:fa:b5:8e:c1:01:
         25:93:76:f9:c9:6d:5b:30:7b:f8:cd:38:15:4a:64:13:b8:ab:
         a1:b2:de:54:4b:21:2e:8d:de:5e:c4:fa:27:b8:61:16:52:d3:
         c6:b9:a1:eb:ba:8a:e5:09:ef:46:e8:39:10:5f:40:3f:ac:5d:
         79:d1:e1:3d:24:67:51:a6:0b:66:33:dd:c4:44:82:cc:be:d2:
         62:0b:4c:f0:53:bf:58:f7:78:42:a8:fa:03:7e:35:36:b6:55:
         18:7d:10:e8:0f:07:17:5d:0e:bf:8d:0e:24:72:31:4c:09:76:
         19:c9:d0:90:b3:1d:18:56:53:2a:dc:f6:0f:20:0a:fb:f8:c0:
         61:c8:73:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bHaBI5fnxmXQoY3Dv+lsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIzMTQzMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2ZkNTY3NzJlZDA2NjdmMDM2NTU2ODUxM2JjMmVmNTMzYjQ0MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jgyk8j3xx2/zuqV7onlo6B9Z86s
Bz4sccQw/mEXvAHcEl+gZDbxJDWpyaws37v0De3Nkd8m0UzdR49k5IYw7XbaMrd+
sSpFsoHU+6MssEOi4pMrPjX1wVUcXg7sCwWQYW1SMmJqXDkFIOjjjDMq67P8tQ8+
q17R3AmhrlEFjPB+d0VMCN+nUxwzJHM8mnwIb48cNdvN3+e8NbDhGaxlF3T26KOu
fvca0VpZi61PoSSBULstsQEK/YR3Us36zLbEMA4NJN1kUMjw9CDG0PreZw28WZXm
4afyoIzXhQXOeRgu5FH7pd+XUwNPez2A7EhuyAARUN/caCjnxFCvcM58MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKz9Vncu0GZ/A2VWhRO8LvUztEJRMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvclAxV2R5N1FabjhEWlZhRkU3d3U5VE8wUWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtuMA0G
CSqGSIb3DQEBCwUAA4IBAQBb9w1P/Ah5oIygBV4stMNxV5ptkZKBn+wscly7gOPJ
/AKk45mCqWXM3tn9jF4kEDsja1I/wwdk9Gh8TS0vzJejHaE5r6t3iLCbSFWhKnVB
sWWsqrxbeYm0X7kznVSBBRTJG3KnqMiChjcIDXrZ2YDBxN3IyzQiTxp8+rWOwQEl
k3b5yW1bMHv4zTgVSmQTuKuhst5USyEujd5exPonuGEWUtPGuaHruorlCe9G6DkQ
X0A/rF150eE9JGdRpgtmM93ERILMvtJiC0zwU79Y93hCqPoDfjU2tlUYfRDoDwcX
XQ6/jQ4kcjFMCXYZydCQsx0YVlMq3PYPIAr7+MBhyHPQ
-----END CERTIFICATE-----