Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4vHkQt8-mpaIzc4GQqePrHN_3eU.roa
File:                     4vHkQt8-mpaIzc4GQqePrHN_3eU.roa (raw, json)
Hash identifier:          aa5PvmJ55zC70tCBhw4lWnEfBtQXDDfSlTT/+4OPgCU=
Subject key identifier:   E2:F1:E4:42:DF:3E:9A:96:88:CD:CE:06:42:A7:8F:AC:73:7F:DD:E5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EADAE7636DB54AFFF54389986C3873589
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4vHkQt8-mpaIzc4GQqePrHN_3eU.roa
Signing time:             Tue 09 Jun 2026 18:39:12 +0000
ROA not before:           Tue 09 Jun 2026 18:39:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219543
IP address blocks:        2.27.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:ae:76:36:db:54:af:ff:54:38:99:86:c3:87:35:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  9 18:39:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2f1e442df3e9a9688cdce0642a78fac737fdde5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:28:72:9b:c5:bb:95:ee:62:5e:d6:bc:03:0c:
                    63:0a:a3:1c:d5:a5:cf:8e:27:d6:bd:6c:42:65:fa:
                    48:b6:39:98:62:05:fa:ea:f2:44:3a:a8:46:5c:c1:
                    d4:7d:93:4c:e4:3c:8e:b7:69:8b:c6:5f:4b:0b:b6:
                    38:0d:d6:7f:1d:c3:79:2d:5b:18:77:a0:84:74:1e:
                    26:8c:ee:ed:21:5d:01:1e:ef:c6:0d:8d:93:6c:6b:
                    6a:47:37:48:9f:9c:4e:a9:5f:a6:79:49:6e:15:71:
                    73:69:c8:c4:63:bd:80:2e:a6:1b:c8:ca:5d:99:98:
                    74:f9:3b:b2:be:f7:80:61:09:c4:13:e6:f5:64:2a:
                    d4:2d:43:5f:29:4a:b1:aa:05:59:e8:a2:30:05:fc:
                    26:a3:fc:13:b5:4b:fe:4c:40:56:5b:3e:b3:41:73:
                    f7:c1:03:17:a9:5d:e5:27:8e:0a:ac:c9:05:a7:cc:
                    7b:d0:ed:7e:8b:d3:42:61:f7:cc:29:3f:0f:d4:0c:
                    e9:29:9c:7c:32:1f:11:98:0c:93:64:66:e4:6e:b5:
                    92:93:87:9c:ac:72:3a:70:3c:14:34:04:76:af:63:
                    6f:e3:93:e8:1f:82:4a:e9:b5:01:32:66:6b:c5:12:
                    cf:7a:32:35:19:5b:11:3e:7f:46:7f:a8:83:19:3d:
                    e5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F1:E4:42:DF:3E:9A:96:88:CD:CE:06:42:A7:8F:AC:73:7F:DD:E5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/4vHkQt8-mpaIzc4GQqePrHN_3eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:7c:bd:97:28:3e:2e:ff:55:94:18:02:af:07:ab:ee:bf:d8:
         f9:aa:33:5a:61:2b:f4:0a:f3:db:4b:40:71:03:ce:21:8c:6f:
         ba:52:ef:35:46:59:4d:31:13:23:9b:b1:ae:52:26:24:72:b0:
         ee:f2:73:02:5b:70:52:1c:9f:ce:4b:27:00:79:88:09:ac:47:
         d2:42:13:0a:f0:e2:05:54:07:5a:9f:c3:5a:c9:73:f7:3d:0c:
         e5:2a:11:eb:ec:ca:8c:ea:b6:40:81:3f:e0:35:ba:07:be:13:
         71:f1:b5:f7:7c:30:96:23:14:56:18:b5:af:92:ba:73:e5:ae:
         ce:b8:b2:1b:84:d1:25:7e:4c:5e:55:d7:cb:4a:53:8b:e7:e9:
         be:91:01:ec:e1:74:db:d1:c5:d6:6c:63:f3:24:2b:67:e0:f7:
         49:7e:60:59:e3:97:80:bc:32:28:11:34:d6:23:07:a1:ab:cf:
         19:4d:a9:20:ad:be:59:63:0d:e1:a1:8b:af:af:8d:bc:35:1d:
         c7:97:ac:bb:ba:8b:c1:1d:3e:2a:e9:45:f2:52:2b:0f:01:52:
         8b:e7:09:13:6b:f1:67:e5:ee:28:d9:5e:f4:dc:a4:d7:20:7c:
         20:80:49:11:f7:d0:c5:c1:46:b6:fa:f2:32:ef:0c:55:93:fb:
         a0:57:71:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6trnY221Sv/1Q4mYbDhzWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA5MTgzOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmYxZTQ0MmRmM2U5YTk2ODhjZGNlMDY0MmE3OGZhYzczN2ZkZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyChym8W7le5iXta8AwxjCqMc1aXP
jifWvWxCZfpItjmYYgX66vJEOqhGXMHUfZNM5DyOt2mLxl9LC7Y4DdZ/HcN5LVsY
d6CEdB4mjO7tIV0BHu/GDY2TbGtqRzdIn5xOqV+meUluFXFzacjEY72ALqYbyMpd
mZh0+TuyvveAYQnEE+b1ZCrULUNfKUqxqgVZ6KIwBfwmo/wTtUv+TEBWWz6zQXP3
wQMXqV3lJ44KrMkFp8x70O1+i9NCYffMKT8P1AzpKZx8Mh8RmAyTZGbkbrWSk4ec
rHI6cDwUNAR2r2Nv45PoH4JK6bUBMmZrxRLPejI1GVsRPn9Gf6iDGT3l3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLx5ELfPpqWiM3OBkKnj6xzf93lMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNHZIa1F0OC1tcGFJemM0R1FxZVBySE5fM2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhuZMA0G
CSqGSIb3DQEBCwUAA4IBAQAIfL2XKD4u/1WUGAKvB6vuv9j5qjNaYSv0CvPbS0Bx
A84hjG+6Uu81RllNMRMjm7GuUiYkcrDu8nMCW3BSHJ/OSycAeYgJrEfSQhMK8OIF
VAdan8NayXP3PQzlKhHr7MqM6rZAgT/gNboHvhNx8bX3fDCWIxRWGLWvkrpz5a7O
uLIbhNElfkxeVdfLSlOL5+m+kQHs4XTb0cXWbGPzJCtn4PdJfmBZ45eAvDIoETTW
Iwehq88ZTakgrb5ZYw3hoYuvr428NR3Hl6y7uovBHT4q6UXyUisPAVKL5wkTa/Fn
5e4o2V703KTXIHwggEkR99DFwUa2+vIy7wxVk/ugV3FA
-----END CERTIFICATE-----