Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xjViJOL_67tBcUEM-HCCHtPB9C4.roa
File:                     xjViJOL_67tBcUEM-HCCHtPB9C4.roa (raw, json)
Hash identifier:          U4zX3dSHYRnJHejX1M+Vt8GTKkZ4v4rb+gluqPpbVpo=
Subject key identifier:   C6:35:62:24:E2:FF:EB:BB:41:71:41:0C:F8:70:82:1E:D3:C1:F4:2E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D263880986E0B9D4AC9B3F4BB36E6430D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xjViJOL_67tBcUEM-HCCHtPB9C4.roa
Signing time:             Wed 25 Mar 2026 18:18:50 +0000
ROA not before:           Wed 25 Mar 2026 18:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207461
IP address blocks:        2.27.64.0/22 maxlen: 24
                          2.27.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:26:38:80:98:6e:0b:9d:4a:c9:b3:f4:bb:36:e6:43:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 25 18:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6356224e2ffebbb4171410cf870821ed3c1f42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bc:2a:71:a5:6f:f8:04:93:34:75:59:2c:f7:
                    62:f4:ff:41:a5:8d:6c:63:f7:55:37:64:fc:17:50:
                    94:46:55:b4:6e:73:48:fb:53:4a:f5:03:35:4a:03:
                    b0:bd:56:82:d6:df:cc:92:17:f5:91:a2:2f:ba:a7:
                    01:da:5a:24:7a:1a:a3:01:b8:83:a1:a5:0c:93:6a:
                    ec:bd:58:3d:32:7c:e8:1a:cf:cf:b6:af:ee:27:ae:
                    c4:45:0e:f8:12:98:e5:91:d5:f4:e8:d1:99:9b:d1:
                    53:3c:fb:cb:40:31:67:68:45:75:83:c3:ad:dd:7e:
                    3c:74:73:90:d5:46:92:22:b9:eb:17:16:48:1f:45:
                    58:bb:90:2b:86:c7:8a:6b:9b:d3:02:f2:70:1d:53:
                    3e:bd:1e:90:89:4a:dd:f5:3e:c4:44:f9:87:ce:15:
                    32:37:7f:58:55:5e:dd:e5:c4:44:3f:19:82:5e:b4:
                    6b:c8:10:26:52:59:35:29:3b:9d:60:b3:86:40:cb:
                    40:ba:77:8d:d3:0c:2f:2f:d1:da:3d:b2:a7:dd:e9:
                    cb:af:a3:df:ec:f0:eb:27:fa:4d:90:db:41:8e:52:
                    e2:35:ed:cd:b0:4f:4c:fc:ce:45:fb:61:38:4d:85:
                    46:8c:07:11:27:89:42:d0:d7:b1:2c:d4:30:12:b7:
                    03:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:35:62:24:E2:FF:EB:BB:41:71:41:0C:F8:70:82:1E:D3:C1:F4:2E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xjViJOL_67tBcUEM-HCCHtPB9C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:16:ac:23:7e:a6:bd:28:bb:37:1b:ea:94:07:b6:0f:db:08:
         73:03:1a:c2:3c:85:9c:3d:3a:cd:89:ab:fd:e8:7c:fb:8d:01:
         d8:ed:b7:00:30:86:fd:6c:85:8a:28:b6:1c:3d:d9:c5:c3:41:
         aa:68:8c:11:09:13:51:60:7a:ca:1d:0d:31:1e:4f:8a:74:d6:
         f8:25:33:70:88:7f:db:e9:2e:d7:db:21:58:6c:ed:50:7f:5d:
         ca:ca:e5:e2:5a:0d:c1:e2:6a:39:6d:c1:23:22:e1:09:27:ba:
         6f:da:30:6e:46:39:9c:69:2f:e9:56:bf:cf:82:38:62:81:8a:
         d7:52:9b:2c:e1:7b:f3:41:8a:b1:16:dc:b6:e2:dc:c6:84:d6:
         22:55:4e:c4:78:29:83:da:dd:26:b4:d3:02:63:2d:e1:14:81:
         6a:96:e8:c5:d9:6d:f3:3e:c9:b1:63:e4:d9:9f:08:31:9f:ec:
         19:27:44:64:6e:46:67:37:3e:8b:f1:84:90:83:29:eb:2b:eb:
         ee:42:41:ab:93:13:15:e2:0b:f8:69:da:10:7e:6e:a6:9a:8e:
         20:7a:50:9c:95:b1:77:16:39:02:c7:91:5d:be:dd:3b:6d:54:
         b6:3a:4b:77:bb:57:4f:1d:bc:06:68:87:5f:a7:e3:95:38:56:
         71:e0:f8:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0mOICYbgudSsmz9Ls25kMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI1MTgxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM1NjIyNGUyZmZlYmJiNDE3MTQxMGNmODcwODIxZWQzYzFmNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprwqcaVv+ASTNHVZLPdi9P9BpY1s
Y/dVN2T8F1CURlW0bnNI+1NK9QM1SgOwvVaC1t/Mkhf1kaIvuqcB2lokehqjAbiD
oaUMk2rsvVg9MnzoGs/Ptq/uJ67ERQ74EpjlkdX06NGZm9FTPPvLQDFnaEV1g8Ot
3X48dHOQ1UaSIrnrFxZIH0VYu5ArhseKa5vTAvJwHVM+vR6QiUrd9T7ERPmHzhUy
N39YVV7d5cREPxmCXrRryBAmUlk1KTudYLOGQMtAuneN0wwvL9HaPbKn3enLr6Pf
7PDrJ/pNkNtBjlLiNe3NsE9M/M5F+2E4TYVGjAcRJ4lC0NexLNQwErcDswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY1YiTi/+u7QXFBDPhwgh7TwfQuMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveGpWaUpPTF82N3RCY1VFTS1IQ0NIdFBCOUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAhtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZFqwjfqa9KLs3G+qUB7YP2whzAxrCPIWcPTrNiav9
6Hz7jQHY7bcAMIb9bIWKKLYcPdnFw0GqaIwRCRNRYHrKHQ0xHk+KdNb4JTNwiH/b
6S7X2yFYbO1Qf13KyuXiWg3B4mo5bcEjIuEJJ7pv2jBuRjmcaS/pVr/PgjhigYrX
Upss4XvzQYqxFty24tzGhNYiVU7EeCmD2t0mtNMCYy3hFIFqlujF2W3zPsmxY+TZ
nwgxn+wZJ0RkbkZnNz6L8YSQgynrK+vuQkGrkxMV4gv4adoQfm6mmo4gelCclbF3
FjkCx5Fdvt07bVS2Okt3u1dPHbwGaIdfp+OVOFZx4PhJ
-----END CERTIFICATE-----