Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/usNZt6aMP_TJQP-1q5q5eIZxqHM.roa
File:                     usNZt6aMP_TJQP-1q5q5eIZxqHM.roa (raw, json)
Hash identifier:          ZAmd6GDWq9x1MpiEhMZTUvSEHF7a1k4Ugb5hoQI8xOs=
Subject key identifier:   BA:C3:59:B7:A6:8C:3F:F4:C9:40:FF:B5:AB:9A:B9:78:86:71:A8:73
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E08582FE85438A2F1A3BC56DD76A19941
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/usNZt6aMP_TJQP-1q5q5eIZxqHM.roa
Signing time:             Fri 08 May 2026 16:07:37 +0000
ROA not before:           Fri 08 May 2026 16:07:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402425
IP address blocks:        2.27.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:58:2f:e8:54:38:a2:f1:a3:bc:56:dd:76:a1:99:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  8 16:07:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bac359b7a68c3ff4c940ffb5ab9ab9788671a873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:52:b9:0d:71:35:5f:a2:b2:cf:f6:1a:07:6c:
                    ee:8c:d5:84:f7:e5:d0:94:0b:bd:f5:4a:12:64:27:
                    e4:f7:4d:21:9c:6d:58:d3:6a:5a:5c:59:15:e6:f1:
                    7a:63:9a:68:b4:ad:a6:b6:3f:0f:18:2c:bc:ab:53:
                    f6:bd:72:51:44:3e:9f:96:1c:4a:02:48:0d:c7:19:
                    0c:9c:0a:d6:33:d8:2d:c2:50:39:01:be:4a:1f:f0:
                    74:51:7a:28:c2:8b:85:74:f4:9d:e3:ba:53:36:d7:
                    3a:0d:42:8a:f3:a2:2a:83:61:fa:ae:db:8f:91:fb:
                    aa:d1:cc:ae:ac:07:01:f3:dc:08:25:5f:68:04:3e:
                    82:24:c7:cc:ce:c9:4c:5a:a8:32:ab:cd:04:52:f0:
                    90:d7:b9:51:e2:ab:04:4d:d8:dc:f8:5b:f3:25:28:
                    1e:b2:98:23:2e:e4:e0:52:aa:0a:7f:40:9f:2d:b1:
                    31:c1:0e:41:65:57:6f:05:80:86:dd:46:77:1b:d8:
                    68:00:8f:79:2a:31:59:e2:27:1c:70:d4:29:ce:0a:
                    26:7b:3f:36:14:d1:4a:53:0c:90:c5:7a:f4:af:41:
                    23:b7:ff:1a:34:a8:4e:d8:e1:10:15:60:c7:4d:b8:
                    73:c1:63:74:03:3a:c2:9b:ac:07:89:29:df:99:0e:
                    fe:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C3:59:B7:A6:8C:3F:F4:C9:40:FF:B5:AB:9A:B9:78:86:71:A8:73
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/usNZt6aMP_TJQP-1q5q5eIZxqHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:04:da:d4:e7:c7:64:fc:11:48:73:e6:5d:4e:15:f7:a5:07:
         9b:76:13:8a:e1:e7:78:d6:a6:3d:00:9c:f2:fe:bf:92:30:0d:
         49:76:fc:f4:be:55:3a:6f:a5:08:56:4b:c5:5c:15:96:73:1f:
         f3:51:e2:67:ec:13:19:e2:59:e0:30:e3:43:16:18:93:99:cd:
         d5:ac:17:9b:5b:9b:00:ff:5e:59:36:68:5b:ec:88:31:0b:3c:
         86:eb:bf:c3:66:25:d5:2b:51:bd:30:af:c0:7f:a8:a9:a3:d5:
         eb:6b:78:65:8b:87:16:3b:51:d0:3c:de:4a:82:8c:f0:73:c3:
         49:ab:8f:50:53:b2:02:90:b6:05:72:8d:79:e4:fd:f4:3f:eb:
         85:fb:01:6a:7b:83:93:17:13:28:10:95:98:7f:f3:7d:99:15:
         cb:d8:2b:ac:73:b4:30:aa:35:e8:c5:28:e5:f9:ac:bd:14:eb:
         a9:ce:5a:2c:2b:41:d1:ed:f3:0f:a0:4d:7a:6f:7b:5c:e7:71:
         8d:71:ca:47:21:ad:b6:fc:40:19:73:02:8b:81:f4:5c:e5:ea:
         3c:d2:09:fd:24:d5:fb:3e:7f:f7:31:3b:a0:e5:e0:80:d2:e4:
         93:14:d9:bf:ea:42:ac:9a:31:8e:8c:57:fc:ec:69:e7:99:24:
         ab:0f:25:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4IWC/oVDii8aO8Vt12oZlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA4MTYwNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMzNTliN2E2OGMzZmY0Yzk0MGZmYjVhYjlhYjk3ODg2NzFhODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6VK5DXE1X6Kyz/YaB2zujNWE9+XQ
lAu99UoSZCfk900hnG1Y02paXFkV5vF6Y5potK2mtj8PGCy8q1P2vXJRRD6flhxK
AkgNxxkMnArWM9gtwlA5Ab5KH/B0UXoowouFdPSd47pTNtc6DUKK86Iqg2H6rtuP
kfuq0cyurAcB89wIJV9oBD6CJMfMzslMWqgyq80EUvCQ17lR4qsETdjc+FvzJSge
spgjLuTgUqoKf0CfLbExwQ5BZVdvBYCG3UZ3G9hoAI95KjFZ4icccNQpzgomez82
FNFKUwyQxXr0r0Ejt/8aNKhO2OEQFWDHTbhzwWN0AzrCm6wHiSnfmQ7+DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrDWbemjD/0yUD/tauauXiGcahzMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdXNOWnQ2YU1QX1RKUVAtMXE1cTVlSVp4cUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhurMA0G
CSqGSIb3DQEBCwUAA4IBAQBlBNrU58dk/BFIc+ZdThX3pQebdhOK4ed41qY9AJzy
/r+SMA1Jdvz0vlU6b6UIVkvFXBWWcx/zUeJn7BMZ4lngMONDFhiTmc3VrBebW5sA
/15ZNmhb7IgxCzyG67/DZiXVK1G9MK/Af6ipo9Xra3hli4cWO1HQPN5Kgozwc8NJ
q49QU7ICkLYFco155P30P+uF+wFqe4OTFxMoEJWYf/N9mRXL2Cusc7QwqjXoxSjl
+ay9FOupzlosK0HR7fMPoE16b3tc53GNccpHIa22/EAZcwKLgfRc5eo80gn9JNX7
Pn/3MTug5eCA0uSTFNm/6kKsmjGOjFf87GnnmSSrDyWZ
-----END CERTIFICATE-----