Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GVN7kBHojGm4jeFVR4yEI4lcRUQ.roa
File:                     GVN7kBHojGm4jeFVR4yEI4lcRUQ.roa (raw, json)
Hash identifier:          dAbasnsp/0SBCBP6CefbkYUyhAa0Efdl3o5+cY9pZWk=
Subject key identifier:   19:53:7B:90:11:E8:8C:69:B8:8D:E1:55:47:8C:84:23:89:5C:45:44
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E4BFC78006AF70F3C467AE788B17CC7B2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GVN7kBHojGm4jeFVR4yEI4lcRUQ.roa
Signing time:             Thu 21 May 2026 19:21:37 +0000
ROA not before:           Thu 21 May 2026 19:21:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150249
IP address blocks:        2.27.116.0/24 maxlen: 24
                          2.27.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:fc:78:00:6a:f7:0f:3c:46:7a:e7:88:b1:7c:c7:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 21 19:21:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19537b9011e88c69b88de155478c8423895c4544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:71:12:b4:02:9f:c3:23:65:73:bb:48:a3:
                    c6:69:ee:64:0a:fc:47:6a:1a:9b:d0:fa:e6:01:8a:
                    25:2d:fb:1f:a6:88:7d:a1:bd:1e:51:05:d9:e9:31:
                    a7:b0:21:af:7e:51:f3:34:36:9c:18:43:cf:1e:b1:
                    ad:23:91:a5:31:71:98:9a:c0:ab:7e:b7:65:3f:86:
                    d5:38:62:e3:21:4c:83:91:a0:dc:2e:47:81:8a:a4:
                    e2:82:54:8f:38:ee:2f:27:5d:70:e1:4b:af:fa:ab:
                    42:f0:b8:db:23:49:c3:14:18:c6:83:5e:67:66:f9:
                    46:7d:23:f9:a5:fe:c9:2f:5e:18:8e:22:50:55:17:
                    b9:2c:a9:89:74:19:52:18:3e:19:a6:df:be:87:77:
                    fe:90:93:43:af:56:ca:aa:d2:de:3b:08:8f:b3:ad:
                    b1:1f:39:26:38:51:e0:8b:e9:eb:75:d2:96:3d:40:
                    d4:ef:52:8c:48:ec:8e:70:4a:93:3e:e6:b4:3d:f7:
                    7e:1e:69:12:ad:02:7d:97:06:63:c5:fb:c8:f7:41:
                    f7:0a:4c:29:55:2b:4c:5b:fe:14:12:b8:01:16:f6:
                    f7:c9:9e:78:7a:f5:ab:7e:da:a0:b4:ec:9a:b9:c6:
                    21:71:51:78:2c:b8:33:5b:4f:37:29:69:05:e3:f2:
                    66:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:53:7B:90:11:E8:8C:69:B8:8D:E1:55:47:8C:84:23:89:5C:45:44
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GVN7kBHojGm4jeFVR4yEI4lcRUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.116.0/24
                  2.27.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:61:7f:85:3f:9b:f9:39:f3:6e:fe:40:6d:fe:47:81:2e:13:
         79:7a:49:07:a6:cb:82:21:ba:ff:7d:2b:ec:df:d7:ba:bb:f5:
         a3:2f:f7:1b:2a:2d:78:01:29:6c:10:d5:a0:6e:98:fa:7d:11:
         ab:26:f0:5c:06:81:d7:33:a2:e7:70:cf:f3:24:5b:60:2a:da:
         03:32:99:22:91:83:b4:14:c7:66:1d:92:d7:5e:64:f3:66:8d:
         c0:b2:03:14:59:8a:a6:cd:ec:10:11:d5:4a:96:62:ee:4e:d8:
         99:3b:63:17:33:39:b4:08:f9:2a:ca:30:67:5c:b3:a0:6b:8a:
         1a:60:1e:16:54:e7:6e:10:c4:7e:62:7e:a0:01:f9:50:87:2e:
         e3:63:61:b6:ad:76:16:c6:b1:88:b2:3c:95:a8:5d:61:aa:c9:
         a5:01:55:58:2a:a0:55:e2:54:d9:70:67:c0:b6:a7:83:1b:3c:
         ec:ed:de:6e:d8:51:a5:1b:69:1e:5a:ee:40:0d:87:8d:ec:2f:
         0f:30:25:5d:40:7d:17:24:75:68:c4:df:f3:5f:4c:de:94:ed:
         be:49:6a:09:2f:d0:dc:c5:1e:0e:d4:87:96:9e:ea:f2:06:41:
         a2:e8:e0:cb:89:5a:49:cd:7e:79:a2:42:6e:52:51:b6:44:e2:
         a1:68:8c:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5L/HgAavcPPEZ654ixfMeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIxMTkyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTUzN2I5MDExZTg4YzY5Yjg4ZGUxNTU0NzhjODQyMzg5NWM0NTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGJxErQCn8MjZXO7SKPGae5kCvxH
ahqb0PrmAYolLfsfpoh9ob0eUQXZ6TGnsCGvflHzNDacGEPPHrGtI5GlMXGYmsCr
frdlP4bVOGLjIUyDkaDcLkeBiqTiglSPOO4vJ11w4Uuv+qtC8LjbI0nDFBjGg15n
ZvlGfSP5pf7JL14YjiJQVRe5LKmJdBlSGD4Zpt++h3f+kJNDr1bKqtLeOwiPs62x
HzkmOFHgi+nrddKWPUDU71KMSOyOcEqTPua0Pfd+HmkSrQJ9lwZjxfvI90H3Ckwp
VStMW/4UErgBFvb3yZ54evWrftqgtOyaucYhcVF4LLgzW083KWkF4/JmDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBlTe5AR6IxpuI3hVUeMhCOJXEVEMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvR1ZON2tCSG9qR200amVGVlI0eUVJNGxjUlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAht0AwQA
AhulMA0GCSqGSIb3DQEBCwUAA4IBAQCTYX+FP5v5OfNu/kBt/keBLhN5ekkHpsuC
Ibr/fSvs39e6u/WjL/cbKi14ASlsENWgbpj6fRGrJvBcBoHXM6LncM/zJFtgKtoD
MpkikYO0FMdmHZLXXmTzZo3AsgMUWYqmzewQEdVKlmLuTtiZO2MXMzm0CPkqyjBn
XLOga4oaYB4WVOduEMR+Yn6gAflQhy7jY2G2rXYWxrGIsjyVqF1hqsmlAVVYKqBV
4lTZcGfAtqeDGzzs7d5u2FGlG2keWu5ADYeN7C8PMCVdQH0XJHVoxN/zX0zelO2+
SWoJL9DcxR4O1IeWnuryBkGi6ODLiVpJzX55okJuUlG2ROKhaIy0
-----END CERTIFICATE-----