Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BiMtI7io5G1mrBWJ2Ur_WEaZRcE.roa
File:                     BiMtI7io5G1mrBWJ2Ur_WEaZRcE.roa (raw, json)
Hash identifier:          Ka0SBNgc9C5pjCtR9TkhgJsIdAinIp5ZfwMTt070AHU=
Subject key identifier:   06:23:2D:23:B8:A8:E4:6D:66:AC:15:89:D9:4A:FF:58:46:99:45:C1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EAD31F4A09D4DD5516DA07E4B1184ECCB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BiMtI7io5G1mrBWJ2Ur_WEaZRcE.roa
Signing time:             Tue 09 Jun 2026 16:23:12 +0000
ROA not before:           Tue 09 Jun 2026 16:23:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23470
IP address blocks:        2.27.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:31:f4:a0:9d:4d:d5:51:6d:a0:7e:4b:11:84:ec:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  9 16:23:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06232d23b8a8e46d66ac1589d94aff58469945c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ef:ba:cd:a2:e6:15:25:35:e5:10:56:f6:89:
                    2e:dd:c4:d5:ff:f8:c5:93:9f:16:3e:e5:04:5f:1f:
                    13:ba:01:e9:98:55:82:7d:9c:6f:2e:91:6e:62:5b:
                    53:07:a5:26:33:53:a3:07:24:93:08:e9:1f:c0:ab:
                    09:1e:d9:97:1c:de:79:42:d5:19:a1:8f:65:8a:65:
                    55:4a:a4:d3:46:35:6a:66:ca:f1:40:c7:2b:eb:8f:
                    78:47:94:a4:aa:f0:58:b3:b3:cf:cd:56:a9:29:92:
                    2f:0e:ab:9f:03:8b:9e:82:e0:1a:8a:27:a8:e9:cf:
                    1a:6a:d5:d0:89:bf:4e:72:25:7d:fd:34:8e:4d:4d:
                    11:f1:77:f2:b9:4d:36:a9:20:d2:f5:a5:7e:28:04:
                    51:9a:46:ef:98:fd:b1:d2:c2:ca:47:47:1a:f5:f2:
                    00:04:ed:a6:a5:43:b9:3b:e1:fb:4e:48:ab:a0:8f:
                    51:82:82:90:7b:28:c4:4f:9d:66:d0:12:ac:40:f8:
                    38:52:8e:6f:36:66:d0:b4:6c:4f:98:58:bb:c6:94:
                    25:a6:1f:c3:1c:df:5f:a6:1f:f4:67:5b:5f:c0:7f:
                    99:fe:ed:75:94:f9:5d:4e:03:ff:bb:f3:9a:d5:0b:
                    e5:4f:65:7b:0e:a2:3e:c1:8c:30:9d:fe:54:07:5d:
                    c8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:23:2D:23:B8:A8:E4:6D:66:AC:15:89:D9:4A:FF:58:46:99:45:C1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BiMtI7io5G1mrBWJ2Ur_WEaZRcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:44:07:2d:85:e7:5c:d4:75:80:7e:cf:4b:9e:28:e6:48:7d:
         a1:b8:cd:11:8b:59:8d:55:c4:4f:36:e6:b2:19:e7:21:30:b1:
         d4:9e:4e:84:d8:25:eb:24:30:80:db:c1:45:fe:68:96:55:67:
         85:6c:7b:1f:06:30:7c:9d:10:93:e7:77:1e:08:98:d5:ef:6d:
         bf:27:b0:25:ff:c2:f2:7a:ad:3e:51:fa:41:fa:c9:31:38:a4:
         63:f8:c1:27:79:31:72:d5:5f:be:d5:af:b4:2b:7e:fb:fb:d7:
         0a:9e:68:37:40:b4:99:25:de:b2:ee:c9:f9:9d:42:3f:a3:ef:
         fa:93:0a:4e:f1:c7:7e:da:d3:4f:9a:b3:ec:62:fe:7a:8e:c2:
         59:15:0f:1d:32:32:8a:59:60:39:34:a1:74:bc:9e:90:9c:07:
         55:5e:28:40:3d:27:9f:52:56:d8:db:ca:91:0b:58:7f:22:bb:
         df:cf:aa:4b:71:b0:67:e2:4f:f1:d3:8c:59:7c:76:6d:8b:17:
         71:72:00:35:12:c6:b5:3a:8c:fb:b0:b2:a2:1b:ec:d4:b6:06:
         1a:27:a3:99:4b:f8:16:5d:e3:dc:01:c3:a4:e8:c1:97:0e:ce:
         47:af:3e:da:72:0e:aa:da:19:d9:43:fa:ac:61:9e:8b:d6:a3:
         88:6e:f9:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6tMfSgnU3VUW2gfksRhOzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA5MTYyMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIzMmQyM2I4YThlNDZkNjZhYzE1ODlkOTRhZmY1ODQ2OTk0NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu+6zaLmFSU15RBW9oku3cTV//jF
k58WPuUEXx8TugHpmFWCfZxvLpFuYltTB6UmM1OjBySTCOkfwKsJHtmXHN55QtUZ
oY9limVVSqTTRjVqZsrxQMcr6494R5SkqvBYs7PPzVapKZIvDqufA4ueguAaiieo
6c8aatXQib9OciV9/TSOTU0R8XfyuU02qSDS9aV+KARRmkbvmP2x0sLKR0ca9fIA
BO2mpUO5O+H7TkiroI9RgoKQeyjET51m0BKsQPg4Uo5vNmbQtGxPmFi7xpQlph/D
HN9fph/0Z1tfwH+Z/u11lPldTgP/u/Oa1QvlT2V7DqI+wYwwnf5UB13I9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYjLSO4qORtZqwVidlK/1hGmUXBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQmlNdEk3aW81RzFtckJXSjJVcl9XRWFaUmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhvpMA0G
CSqGSIb3DQEBCwUAA4IBAQCRRActhedc1HWAfs9LnijmSH2huM0Ri1mNVcRPNuay
GechMLHUnk6E2CXrJDCA28FF/miWVWeFbHsfBjB8nRCT53ceCJjV722/J7Al/8Ly
eq0+UfpB+skxOKRj+MEneTFy1V++1a+0K377+9cKnmg3QLSZJd6y7sn5nUI/o+/6
kwpO8cd+2tNPmrPsYv56jsJZFQ8dMjKKWWA5NKF0vJ6QnAdVXihAPSefUlbY28qR
C1h/Irvfz6pLcbBn4k/x04xZfHZtixdxcgA1Esa1Ooz7sLKiG+zUtgYaJ6OZS/gW
XePcAcOk6MGXDs5Hrz7acg6q2hnZQ/qsYZ6L1qOIbvlE
-----END CERTIFICATE-----