Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AjrfOvcwdXRaXYOk_VgyZuI079c.roa
File:                     AjrfOvcwdXRaXYOk_VgyZuI079c.roa (raw, json)
Hash identifier:          1zHVQTUPgreDgDD/C0tJvRisBLmTTGj075KydciCobk=
Subject key identifier:   02:3A:DF:3A:F7:30:75:74:5A:5D:83:A4:FD:58:32:66:E2:34:EF:D7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D980A82B6BB48797B2A8A153CB0C7F553
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AjrfOvcwdXRaXYOk_VgyZuI079c.roa
Signing time:             Thu 16 Apr 2026 20:45:18 +0000
ROA not before:           Thu 16 Apr 2026 20:45:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199742
IP address blocks:        2.27.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:98:0a:82:b6:bb:48:79:7b:2a:8a:15:3c:b0:c7:f5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 20:45:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=023adf3af73075745a5d83a4fd583266e234efd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:99:75:f7:fa:02:87:05:16:3c:8a:8c:a5:b2:
                    22:5e:47:3e:7c:b8:41:ef:ad:87:c0:2c:57:0b:c6:
                    28:de:3f:30:05:e4:1d:9e:25:38:f0:62:15:52:89:
                    8c:35:5d:01:e5:b6:99:5c:4e:ef:70:18:b8:25:e1:
                    9f:82:b3:ed:ca:00:6e:7d:a6:59:86:28:be:d1:ed:
                    90:dc:88:f9:f3:51:19:9e:1c:f7:25:e1:d9:d0:16:
                    0e:38:f4:94:4e:0f:63:e2:92:82:1d:d6:a2:c8:d5:
                    0f:4a:04:e0:df:60:0e:d4:9e:f5:6c:3a:8b:52:1f:
                    7b:ad:81:05:f7:a0:66:71:89:d8:bc:53:de:7a:e4:
                    08:57:a1:88:2c:92:4e:29:e9:1e:ef:94:92:66:48:
                    e5:19:24:53:48:21:59:9a:6f:eb:78:56:c2:dc:d6:
                    32:a2:c8:e9:b5:26:f0:b4:2e:01:4a:3f:2e:eb:a8:
                    38:c0:b5:f7:e6:37:4b:2b:58:7b:ef:a7:6f:c2:ac:
                    e8:09:d6:f4:8e:fe:7a:d8:8b:6a:ab:68:95:70:f5:
                    67:18:54:03:c3:47:ba:52:3c:af:a5:91:b0:d3:ad:
                    ba:8c:c7:01:7c:b5:99:72:74:a7:ca:af:57:00:f5:
                    0b:ca:01:92:7d:5b:c2:7b:e5:96:78:c7:23:80:89:
                    08:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3A:DF:3A:F7:30:75:74:5A:5D:83:A4:FD:58:32:66:E2:34:EF:D7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AjrfOvcwdXRaXYOk_VgyZuI079c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:64:10:09:f4:24:4b:e3:6c:c9:bd:bf:7e:64:d8:ca:b9:a2:
         04:c6:88:f6:b6:11:04:d4:86:e2:be:f7:f9:fa:5f:84:05:d7:
         93:c7:46:5b:91:47:09:69:ee:ca:7e:63:32:5f:b2:37:1f:9d:
         b6:4d:d8:90:03:a4:42:70:05:16:d4:c9:52:a7:2a:47:85:38:
         1d:0b:f2:9d:54:c8:93:b2:1a:93:a6:9c:09:31:bb:09:7f:1f:
         8b:08:2e:4f:df:f9:fe:22:f3:8c:06:bd:85:80:e5:da:00:d4:
         21:25:f9:d3:00:71:92:d8:78:41:ca:19:77:35:c5:c2:69:6e:
         ec:2e:4e:48:10:37:f9:10:d3:c1:5c:b0:7c:3f:25:62:27:d6:
         6e:61:13:2f:a7:88:d4:d1:91:72:91:9d:ba:e5:ef:8b:b2:ba:
         1b:3f:d7:c7:3a:94:b2:cf:3a:d4:72:cd:11:ce:8b:b7:71:75:
         ea:f7:12:8e:2c:11:37:aa:b1:aa:3c:72:7d:32:de:50:c4:e8:
         75:ac:af:50:08:ca:98:8a:7e:95:f3:12:fd:96:b1:58:b4:be:
         00:47:09:2a:15:ff:f8:8f:0b:8c:19:94:92:de:0b:81:26:45:
         a3:fb:f1:92:e0:62:e3:ee:61:b1:85:07:87:e0:7a:d6:5d:0b:
         ac:37:5d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2YCoK2u0h5eyqKFTywx/VTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MjA0NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNhZGYzYWY3MzA3NTc0NWE1ZDgzYTRmZDU4MzI2NmUyMzRlZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5l19/oChwUWPIqMpbIiXkc+fLhB
762HwCxXC8Yo3j8wBeQdniU48GIVUomMNV0B5baZXE7vcBi4JeGfgrPtygBufaZZ
hii+0e2Q3Ij581EZnhz3JeHZ0BYOOPSUTg9j4pKCHdaiyNUPSgTg32AO1J71bDqL
Uh97rYEF96BmcYnYvFPeeuQIV6GILJJOKeke75SSZkjlGSRTSCFZmm/reFbC3NYy
osjptSbwtC4BSj8u66g4wLX35jdLK1h776dvwqzoCdb0jv562Itqq2iVcPVnGFQD
w0e6UjyvpZGw0626jMcBfLWZcnSnyq9XAPULygGSfVvCe+WWeMcjgIkIZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAI63zr3MHV0Wl2DpP1YMmbiNO/XMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQWpyZk92Y3dkWFJhWFlPa19WZ3ladUkwNzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhs6MA0G
CSqGSIb3DQEBCwUAA4IBAQCFZBAJ9CRL42zJvb9+ZNjKuaIExoj2thEE1Ibivvf5
+l+EBdeTx0ZbkUcJae7KfmMyX7I3H522TdiQA6RCcAUW1MlSpypHhTgdC/KdVMiT
shqTppwJMbsJfx+LCC5P3/n+IvOMBr2FgOXaANQhJfnTAHGS2HhByhl3NcXCaW7s
Lk5IEDf5ENPBXLB8PyViJ9ZuYRMvp4jU0ZFykZ265e+LsrobP9fHOpSyzzrUcs0R
zou3cXXq9xKOLBE3qrGqPHJ9Mt5QxOh1rK9QCMqYin6V8xL9lrFYtL4ARwkqFf/4
jwuMGZSS3guBJkWj+/GS4GLj7mGxhQeH4HrWXQusN11u
-----END CERTIFICATE-----