Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9Ck87pkWBjEGnHQZhnRsMMdCuBE.roa
File:                     9Ck87pkWBjEGnHQZhnRsMMdCuBE.roa (raw, json)
Hash identifier:          S+E6/XcrqDKvQaBGKP/2H3g3k3k7mjfGAcrykq6Xoms=
Subject key identifier:   F4:29:3C:EE:99:16:06:31:06:9C:74:19:86:74:6C:30:C7:42:B8:11
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D8D3DA7E80C343CE049B47EA3D3FB7180
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9Ck87pkWBjEGnHQZhnRsMMdCuBE.roa
Signing time:             Tue 14 Apr 2026 18:25:21 +0000
ROA not before:           Tue 14 Apr 2026 18:25:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60647
IP address blocks:        2.26.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:3d:a7:e8:0c:34:3c:e0:49:b4:7e:a3:d3:fb:71:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 14 18:25:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4293cee99160631069c741986746c30c742b811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7c:2c:9e:8b:8d:91:e1:9a:b4:47:8d:81:f2:
                    65:a9:9a:af:fe:bb:56:e4:da:8f:5e:dc:79:17:cd:
                    4e:f3:a7:25:9d:47:3a:d8:77:5a:65:d0:b4:ff:ad:
                    12:51:d1:e8:84:7d:99:fe:7c:08:84:b6:fa:2e:e5:
                    ed:46:b5:40:84:ec:fc:cc:0c:90:8f:c5:b1:05:46:
                    37:e6:ef:b6:99:65:54:25:d6:87:64:51:77:da:66:
                    1f:2c:59:08:ba:60:83:76:e7:62:5b:ea:10:95:98:
                    29:6f:8d:46:95:6d:29:d5:29:1a:fb:13:20:12:ec:
                    74:48:2f:e8:81:dd:37:13:53:8f:09:66:f6:13:76:
                    63:9f:14:7c:82:77:40:51:0a:db:88:82:93:e8:73:
                    0d:bd:f8:98:bc:10:42:b0:6a:a9:2a:99:ab:e6:34:
                    9e:9f:1e:5b:61:71:59:59:3f:9f:c2:0b:4c:1f:1f:
                    a0:4a:dd:c3:b7:5e:cd:5e:b6:58:1f:62:d9:b1:26:
                    76:f6:24:9f:69:7f:64:e2:8f:22:09:46:fc:7e:0f:
                    83:e0:a6:4d:03:f9:0d:29:90:3f:74:ad:02:8e:2c:
                    c2:c5:cc:19:7f:fc:89:ac:9a:3f:08:06:06:c4:32:
                    e2:af:12:0f:3c:ca:aa:40:16:29:ce:df:8f:97:ed:
                    69:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:29:3C:EE:99:16:06:31:06:9C:74:19:86:74:6C:30:C7:42:B8:11
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9Ck87pkWBjEGnHQZhnRsMMdCuBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:62:4d:1e:e1:ea:f0:5d:2d:29:27:b7:9a:7e:38:48:91:2f:
         70:e8:71:59:09:29:c7:fc:6f:b1:fe:58:7a:da:71:6c:1b:03:
         5f:e4:7e:22:08:ea:63:b0:69:36:4e:c2:3a:01:b1:73:cd:9e:
         f9:a6:29:a9:1f:c7:2d:a2:89:b4:ea:81:1d:0a:24:80:11:d5:
         7e:6e:97:1a:73:60:cd:e6:12:12:6d:d6:a1:9a:df:c6:ed:6c:
         5b:51:51:92:a5:3f:6a:8f:78:da:c2:2b:b1:5b:7b:df:a3:4a:
         e9:30:54:e8:59:ab:c4:84:fa:44:ba:6b:32:7e:25:4f:a4:0f:
         24:85:26:63:0e:2c:f6:92:fb:cf:53:08:49:cf:f4:67:e0:9d:
         f6:ed:41:14:12:27:65:68:97:2f:db:c5:52:bc:3d:62:a6:86:
         b8:64:67:45:27:7f:d0:a0:90:ed:3b:de:67:0b:9b:d2:bb:79:
         62:41:7e:51:08:3e:83:2a:34:b4:b3:df:ee:cc:55:03:3e:45:
         7b:59:a9:1a:82:13:40:e1:45:07:0d:fa:ad:7b:f5:1d:aa:82:
         87:20:18:56:21:14:61:c4:e1:80:47:a1:39:cd:4b:7d:dd:66:
         61:7c:f0:d0:a2:30:8c:8e:4c:c2:ef:85:a9:0e:cc:c1:ea:2e:
         f2:cd:4a:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2NPafoDDQ84Em0fqPT+3GAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MTgyNTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDI5M2NlZTk5MTYwNjMxMDY5Yzc0MTk4Njc0NmMzMGM3NDJiODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3wsnouNkeGatEeNgfJlqZqv/rtW
5NqPXtx5F81O86clnUc62HdaZdC0/60SUdHohH2Z/nwIhLb6LuXtRrVAhOz8zAyQ
j8WxBUY35u+2mWVUJdaHZFF32mYfLFkIumCDdudiW+oQlZgpb41GlW0p1Ska+xMg
Eux0SC/ogd03E1OPCWb2E3ZjnxR8gndAUQrbiIKT6HMNvfiYvBBCsGqpKpmr5jSe
nx5bYXFZWT+fwgtMHx+gSt3Dt17NXrZYH2LZsSZ29iSfaX9k4o8iCUb8fg+D4KZN
A/kNKZA/dK0CjizCxcwZf/yJrJo/CAYGxDLirxIPPMqqQBYpzt+Pl+1pzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQpPO6ZFgYxBpx0GYZ0bDDHQrgRMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOUNrODdwa1dCakVHbkhRWmhuUnNNTWRDdUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqMMA0G
CSqGSIb3DQEBCwUAA4IBAQAWYk0e4erwXS0pJ7eafjhIkS9w6HFZCSnH/G+x/lh6
2nFsGwNf5H4iCOpjsGk2TsI6AbFzzZ75pimpH8ctoom06oEdCiSAEdV+bpcac2DN
5hISbdahmt/G7WxbUVGSpT9qj3jawiuxW3vfo0rpMFToWavEhPpEumsyfiVPpA8k
hSZjDiz2kvvPUwhJz/Rn4J327UEUEidlaJcv28VSvD1ipoa4ZGdFJ3/QoJDtO95n
C5vSu3liQX5RCD6DKjS0s9/uzFUDPkV7WakaghNA4UUHDfqte/UdqoKHIBhWIRRh
xOGAR6E5zUt93WZhfPDQojCMjkzC74WpDszB6i7yzUr1
-----END CERTIFICATE-----