Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2i3sCyIpN21wpRUm5AhetlKXC9Q.roa
File:                     2i3sCyIpN21wpRUm5AhetlKXC9Q.roa (raw, json)
Hash identifier:          8JdcKADVH8SJqnHG3qGLw6clD1jYSek7nk2tvHuGktw=
Subject key identifier:   DA:2D:EC:0B:22:29:37:6D:70:A5:15:26:E4:08:5E:B6:52:97:0B:D4
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D7E3206092A9E8211A1BB548F30E920FC
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2i3sCyIpN21wpRUm5AhetlKXC9Q.roa
Signing time:             Sat 11 Apr 2026 20:18:20 +0000
ROA not before:           Sat 11 Apr 2026 20:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        2.27.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7e:32:06:09:2a:9e:82:11:a1:bb:54:8f:30:e9:20:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 11 20:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da2dec0b2229376d70a51526e4085eb652970bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:34:6e:05:cd:86:9d:26:f2:13:af:15:b9:7c:
                    ab:2c:43:ca:68:30:8b:7d:84:f6:84:72:5c:43:6c:
                    29:26:bb:a6:e0:20:01:52:60:84:fd:80:42:3d:b4:
                    7d:66:19:8e:7a:94:3b:2f:46:ad:78:3d:44:c1:61:
                    95:ad:27:09:9f:c6:7f:98:1d:76:ef:53:26:57:34:
                    c9:87:29:b7:4c:c4:1c:29:e8:a1:d4:6a:c6:26:6c:
                    e9:3b:56:6f:2f:4e:e3:4f:ac:f1:2b:6d:37:20:1a:
                    a1:82:6d:49:45:a3:7d:aa:67:9a:72:57:53:ce:4a:
                    c0:43:3a:35:01:af:eb:0e:2a:11:25:84:5b:bf:ec:
                    da:11:6a:dc:4b:f5:7c:b5:48:dd:8b:25:80:18:4b:
                    2b:5a:51:07:f6:bc:b3:4b:db:f7:1d:b4:7c:f3:46:
                    c7:33:30:61:52:25:ee:52:14:19:87:bf:d5:db:bb:
                    a4:9d:b2:4f:c0:c6:3e:92:d0:33:fa:5e:8b:2f:f8:
                    52:12:b8:a5:b8:49:44:28:5f:b6:83:f4:b7:12:71:
                    9d:7f:50:6f:74:6f:21:30:4d:ab:d3:42:f2:7b:bc:
                    5c:ce:15:25:89:59:f7:ea:79:f1:a6:ba:51:97:79:
                    d2:23:4c:b6:7e:15:61:35:09:10:5f:4b:11:c6:6c:
                    1b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2D:EC:0B:22:29:37:6D:70:A5:15:26:E4:08:5E:B6:52:97:0B:D4
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/2i3sCyIpN21wpRUm5AhetlKXC9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:b6:b2:cf:e0:77:59:a6:2a:4f:c4:67:56:a2:36:04:37:7a:
         a9:f6:b9:b4:dc:c8:6f:d6:e7:b4:ed:a7:6c:4d:86:ed:d6:98:
         98:88:70:c3:d7:98:d0:a2:10:74:10:fa:98:7d:e5:9b:21:ae:
         61:01:6b:23:80:bf:f1:5e:5a:64:4c:c1:06:77:29:aa:8b:53:
         78:57:c7:26:5b:cf:3a:30:25:2b:61:ec:e4:09:45:d5:70:18:
         cc:f0:b7:0d:8e:39:00:33:5a:a1:aa:be:84:f8:39:b9:b3:3f:
         69:1c:aa:91:47:c0:03:ae:7d:dd:b0:ed:ae:53:b3:44:d5:67:
         c7:72:5f:52:1d:7a:eb:2b:20:5a:b5:31:63:33:b5:fe:d3:6f:
         af:9d:dc:91:77:c6:80:23:1b:af:b2:e0:85:4a:de:a2:70:8d:
         98:ab:76:4e:dd:e3:f6:27:bb:fa:ee:e1:2f:5b:ff:5d:a1:1e:
         53:67:b6:bd:a8:fb:d9:c7:3f:2d:38:7f:db:16:21:3c:c7:0f:
         14:a7:69:c6:02:c7:a5:a1:ed:e7:63:93:5b:97:2d:17:4a:c8:
         17:4a:35:b3:0f:8d:01:e4:ae:4b:e0:11:1e:13:b7:1c:c9:b5:
         fb:e7:f0:50:fd:2c:11:7e:be:ac:bd:2f:23:67:e7:34:7e:41:
         a7:67:fd:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1+MgYJKp6CEaG7VI8w6SD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDExMjAxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJkZWMwYjIyMjkzNzZkNzBhNTE1MjZlNDA4NWViNjUyOTcwYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDRuBc2GnSbyE68VuXyrLEPKaDCL
fYT2hHJcQ2wpJrum4CABUmCE/YBCPbR9ZhmOepQ7L0ateD1EwWGVrScJn8Z/mB12
71MmVzTJhym3TMQcKeih1GrGJmzpO1ZvL07jT6zxK203IBqhgm1JRaN9qmeacldT
zkrAQzo1Aa/rDioRJYRbv+zaEWrcS/V8tUjdiyWAGEsrWlEH9ryzS9v3HbR880bH
MzBhUiXuUhQZh7/V27uknbJPwMY+ktAz+l6LL/hSEriluElEKF+2g/S3EnGdf1Bv
dG8hME2r00Lye7xczhUliVn36nnxprpRl3nSI0y2fhVhNQkQX0sRxmwbIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNot7AsiKTdtcKUVJuQIXrZSlwvUMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMmkzc0N5SXBOMjF3cFJVbTVBaGV0bEtYQzlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhuGMA0G
CSqGSIb3DQEBCwUAA4IBAQAVtrLP4HdZpipPxGdWojYEN3qp9rm03Mhv1ue07ads
TYbt1piYiHDD15jQohB0EPqYfeWbIa5hAWsjgL/xXlpkTMEGdymqi1N4V8cmW886
MCUrYezkCUXVcBjM8LcNjjkAM1qhqr6E+Dm5sz9pHKqRR8ADrn3dsO2uU7NE1WfH
cl9SHXrrKyBatTFjM7X+02+vndyRd8aAIxuvsuCFSt6icI2Yq3ZO3eP2J7v67uEv
W/9doR5TZ7a9qPvZxz8tOH/bFiE8xw8Up2nGAseloe3nY5Nbly0XSsgXSjWzD40B
5K5L4BEeE7ccybX75/BQ/SwRfr6svS8jZ+c0fkGnZ/2g
-----END CERTIFICATE-----