Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2qC4sYzQSDecOSzDuerJE1VfI.roa
File:                     5X2qC4sYzQSDecOSzDuerJE1VfI.roa (raw, json)
Hash identifier:          F0XO9ylYevjjfRIEypleE82UGWXvLn7bvQCha90LxRg=
Subject key identifier:   E5:7D:AA:0B:8B:18:CD:04:83:79:C3:92:CC:3B:9E:AC:91:35:55:F2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3F730E797974CC429270FDDE22661255
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2qC4sYzQSDecOSzDuerJE1VfI.roa
Signing time:             Mon 30 Mar 2026 15:53:18 +0000
ROA not before:           Mon 30 Mar 2026 15:53:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208450
IP address blocks:        2.27.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:73:0e:79:79:74:cc:42:92:70:fd:de:22:66:12:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 15:53:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e57daa0b8b18cd048379c392cc3b9eac913555f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5d:12:7a:34:90:61:8c:b0:5d:02:33:6c:df:
                    01:8b:a7:d2:af:6f:99:a2:03:c7:96:16:80:19:87:
                    26:54:2e:a6:04:fe:a5:62:6b:28:de:90:71:89:7c:
                    84:96:92:36:36:4e:b7:5a:71:21:18:8d:11:20:72:
                    4d:8e:15:95:48:ba:17:01:27:f3:6c:e6:50:34:7f:
                    71:fd:37:3a:86:a0:d4:48:85:72:7d:ff:fc:0a:82:
                    79:9b:ea:94:a7:7a:5a:a5:5c:30:1b:b4:cf:d7:be:
                    61:ed:90:e9:eb:67:ba:ac:56:8e:dd:dd:06:78:f9:
                    3b:73:9c:da:ff:03:16:a6:dd:20:18:03:97:7e:86:
                    5f:43:a1:91:01:79:29:4b:45:ac:eb:d1:13:91:b3:
                    fa:c3:2c:97:59:b6:1a:dd:84:9a:2b:68:5e:7c:78:
                    12:4c:78:26:bb:3b:d3:9b:11:9a:3e:e9:27:a7:86:
                    75:81:77:c3:a0:76:5f:22:96:a9:30:da:0e:e7:57:
                    24:b2:c9:d7:6f:f4:91:01:f0:18:da:08:88:f4:bd:
                    0f:1f:9d:36:55:1a:c2:4b:8f:01:ff:ed:ea:00:e9:
                    7c:22:8f:9f:4a:89:9b:e4:0d:d6:8f:04:02:0e:72:
                    2e:fb:2f:a7:2a:3d:1a:b3:83:b9:78:37:89:c9:b0:
                    d5:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7D:AA:0B:8B:18:CD:04:83:79:C3:92:CC:3B:9E:AC:91:35:55:F2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5X2qC4sYzQSDecOSzDuerJE1VfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:26:96:92:1a:64:0c:b0:70:70:dd:b0:2b:fc:ed:8d:44:67:
         f5:6a:24:b0:f3:d1:a8:ac:8e:38:2c:97:8e:e0:12:09:9e:8b:
         46:f0:53:4f:01:a4:c4:d3:b2:d9:61:d7:8a:e2:4b:3e:5e:74:
         a5:62:a5:f0:56:5e:d8:15:08:02:ee:17:24:93:89:28:a2:c2:
         51:12:59:3a:95:0f:df:2a:4a:4a:3f:38:3b:06:b8:1d:b6:df:
         f0:07:81:37:d1:dd:e8:70:9c:1c:29:07:68:4d:f2:2e:43:77:
         fa:65:a9:33:42:c8:68:60:04:2b:da:4c:30:01:a8:a9:e7:2d:
         29:ad:e0:09:12:57:68:0a:ba:2d:14:62:85:74:7d:2f:fd:c6:
         59:b7:a5:97:b3:e8:c6:66:e2:e1:93:0f:1b:0d:6d:2e:f6:60:
         33:d2:78:2e:3d:dc:a2:74:e3:cc:59:aa:9e:4f:a6:23:48:3a:
         39:a2:02:ea:5b:11:12:54:81:74:88:78:91:49:f3:a1:f7:fd:
         b2:d5:b0:4c:b4:47:a2:50:b3:f8:81:91:df:1f:e7:18:70:be:
         2a:f4:a0:75:1f:71:7c:ca:3a:07:25:c2:6b:62:de:fd:a7:f7:
         bb:7f:54:c6:fd:e0:23:6f:1e:84:b7:38:dc:2f:ba:fa:a3:9b:
         e4:45:92:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/cw55eXTMQpJw/d4iZhJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU1MzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdkYWEwYjhiMThjZDA0ODM3OWMzOTJjYzNiOWVhYzkxMzU1NWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzV0SejSQYYywXQIzbN8Bi6fSr2+Z
ogPHlhaAGYcmVC6mBP6lYmso3pBxiXyElpI2Nk63WnEhGI0RIHJNjhWVSLoXASfz
bOZQNH9x/Tc6hqDUSIVyff/8CoJ5m+qUp3papVwwG7TP175h7ZDp62e6rFaO3d0G
ePk7c5za/wMWpt0gGAOXfoZfQ6GRAXkpS0Ws69ETkbP6wyyXWbYa3YSaK2hefHgS
THgmuzvTmxGaPuknp4Z1gXfDoHZfIpapMNoO51ckssnXb/SRAfAY2giI9L0PH502
VRrCS48B/+3qAOl8Io+fSomb5A3WjwQCDnIu+y+nKj0as4O5eDeJybDVSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV9qguLGM0Eg3nDksw7nqyRNVXyMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNVgycUM0c1l6UVNEZWNPU3pEdWVySkUxVmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhuCMA0G
CSqGSIb3DQEBCwUAA4IBAQB5JpaSGmQMsHBw3bAr/O2NRGf1aiSw89GorI44LJeO
4BIJnotG8FNPAaTE07LZYdeK4ks+XnSlYqXwVl7YFQgC7hckk4koosJRElk6lQ/f
KkpKPzg7Brgdtt/wB4E30d3ocJwcKQdoTfIuQ3f6ZakzQshoYAQr2kwwAaip5y0p
reAJEldoCrotFGKFdH0v/cZZt6WXs+jGZuLhkw8bDW0u9mAz0nguPdyidOPMWaqe
T6YjSDo5ogLqWxESVIF0iHiRSfOh9/2y1bBMtEeiULP4gZHfH+cYcL4q9KB1H3F8
yjoHJcJrYt79p/e7f1TG/eAjbx6EtzjcL7r6o5vkRZI7
-----END CERTIFICATE-----