Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7WCxoVKP0t1Lne9Xaec1UmgDk0U.roa
File:                     7WCxoVKP0t1Lne9Xaec1UmgDk0U.roa (raw, json)
Hash identifier:          OtLksvCmxKLXdkM9r/FMnHRevnwuQ0iXK5QOumPkFKQ=
Subject key identifier:   ED:60:B1:A1:52:8F:D2:DD:4B:9D:EF:57:69:E7:35:52:68:03:93:45
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D68D93E5970689CAF7359937242BD6FFC
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7WCxoVKP0t1Lne9Xaec1UmgDk0U.roa
Signing time:             Tue 07 Apr 2026 16:49:20 +0000
ROA not before:           Tue 07 Apr 2026 16:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        2.27.108.0/24 maxlen: 24
                          144.31.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:d9:3e:59:70:68:9c:af:73:59:93:72:42:bd:6f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  7 16:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed60b1a1528fd2dd4b9def5769e7355268039345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3c:89:74:97:9c:30:0e:d4:26:09:ab:7a:03:
                    0f:a4:1f:f2:51:9d:b2:0e:d0:23:a8:97:65:44:27:
                    c1:03:a8:5b:7e:e7:99:cd:d2:1c:04:e4:63:77:76:
                    19:6a:49:63:56:2c:5f:b3:3b:1b:6c:79:ce:2d:bb:
                    57:c9:6c:2b:f0:8c:d4:f1:58:05:02:10:94:7f:fd:
                    6d:8c:c9:6a:2a:15:a2:19:24:79:43:10:1e:d0:48:
                    d6:8e:9d:65:b1:28:2d:e6:d9:21:a7:13:38:6f:da:
                    1a:18:3c:d4:80:d3:a8:b8:d9:a0:69:39:18:63:0d:
                    c6:26:6d:02:bc:26:c2:d9:f8:21:8d:4a:19:77:36:
                    b1:14:c9:20:78:70:f8:b4:eb:dc:55:b7:ec:ab:4e:
                    7f:9b:a1:99:75:ec:0b:3a:b8:00:62:a8:7c:03:b7:
                    fe:9c:bc:c2:99:e7:0d:99:8d:0b:cd:7e:79:db:1e:
                    79:ff:b5:41:45:3c:52:83:3f:32:9c:c9:65:bb:83:
                    0a:78:9f:7f:3b:26:d3:80:a4:49:3d:67:97:3f:09:
                    7c:4b:15:29:21:33:56:fc:3b:a0:c3:c8:15:4a:2e:
                    b2:e0:17:ca:69:e4:bc:16:63:df:c0:c3:07:77:7e:
                    c4:a8:a0:a0:4f:85:04:3f:63:9a:3d:e8:aa:36:ff:
                    af:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:60:B1:A1:52:8F:D2:DD:4B:9D:EF:57:69:E7:35:52:68:03:93:45
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7WCxoVKP0t1Lne9Xaec1UmgDk0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.108.0/24
                  144.31.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:49:98:78:59:0e:4f:5a:6f:f2:1c:79:1d:8b:c6:0b:1f:c4:
         92:71:ac:ed:1f:aa:a4:bb:56:7d:c8:5d:26:e0:93:af:1f:42:
         86:3f:53:a9:1e:f2:db:90:2a:98:2e:80:75:78:d3:e4:ab:65:
         be:4e:8e:ca:0d:ae:e9:09:a1:cb:39:43:f2:dd:2d:fc:f7:b1:
         be:19:eb:0e:2a:9f:88:23:90:28:7e:d4:12:cf:02:66:9b:b0:
         22:5a:ca:69:37:4d:62:58:47:50:15:73:53:e1:56:e3:16:ee:
         6a:c2:d9:8a:63:9f:54:8d:31:2a:11:f7:86:46:a8:86:ad:13:
         50:19:31:cb:2c:37:e2:85:ab:26:f4:f9:46:75:90:2c:81:2d:
         e4:7b:fa:dd:98:8f:5f:44:bf:2b:73:41:79:77:76:89:07:b6:
         6e:33:db:0c:8b:c2:68:db:68:4e:ce:f4:8c:58:0a:00:21:23:
         f1:91:e9:2f:a5:db:b8:51:1d:84:46:7d:f4:80:94:17:a7:0b:
         f9:07:4c:28:c6:3a:13:61:59:45:1c:5b:89:8a:89:df:f0:e3:
         c8:a0:c8:fa:62:c0:d8:50:fe:b6:70:b4:b8:a6:ca:11:71:d7:
         ce:52:0d:92:cc:8f:6f:21:12:ae:af:e7:7d:62:99:68:cb:bd:
         6b:dc:bc:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1o2T5ZcGicr3NZk3JCvW/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA3MTY0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDYwYjFhMTUyOGZkMmRkNGI5ZGVmNTc2OWU3MzU1MjY4MDM5MzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zyJdJecMA7UJgmregMPpB/yUZ2y
DtAjqJdlRCfBA6hbfueZzdIcBORjd3YZakljVixfszsbbHnOLbtXyWwr8IzU8VgF
AhCUf/1tjMlqKhWiGSR5QxAe0EjWjp1lsSgt5tkhpxM4b9oaGDzUgNOouNmgaTkY
Yw3GJm0CvCbC2fghjUoZdzaxFMkgeHD4tOvcVbfsq05/m6GZdewLOrgAYqh8A7f+
nLzCmecNmY0LzX552x55/7VBRTxSgz8ynMllu4MKeJ9/OybTgKRJPWeXPwl8SxUp
ITNW/Dugw8gVSi6y4BfKaeS8FmPfwMMHd37EqKCgT4UEP2OaPeiqNv+vzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1gsaFSj9LdS53vV2nnNVJoA5NFMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvN1dDeG9WS1AwdDFMbmU5WGFlYzFVbWdEazBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtsAwQA
kB8oMA0GCSqGSIb3DQEBCwUAA4IBAQCmSZh4WQ5PWm/yHHkdi8YLH8SScaztH6qk
u1Z9yF0m4JOvH0KGP1OpHvLbkCqYLoB1eNPkq2W+To7KDa7pCaHLOUPy3S3897G+
GesOKp+II5AoftQSzwJmm7AiWsppN01iWEdQFXNT4VbjFu5qwtmKY59UjTEqEfeG
RqiGrRNQGTHLLDfihasm9PlGdZAsgS3ke/rdmI9fRL8rc0F5d3aJB7ZuM9sMi8Jo
22hOzvSMWAoAISPxkekvpdu4UR2ERn30gJQXpwv5B0woxjoTYVlFHFuJionf8OPI
oMj6YsDYUP62cLS4psoRcdfOUg2SzI9vIRKur+d9Yploy71r3LwD
-----END CERTIFICATE-----