Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HsJ1A143iDYA0oOPPG2hPs36aKc.roa
File:                     HsJ1A143iDYA0oOPPG2hPs36aKc.roa (raw, json)
Hash identifier:          6wD0idX8ow1pTKnpdRIhjyYUrGRqgJru3QwnMoyEOpQ=
Subject key identifier:   1E:C2:75:03:5E:37:88:36:00:D2:83:8F:3C:6D:A1:3E:CD:FA:68:A7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D63CC9A58A386C08011FC8A661B010919
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HsJ1A143iDYA0oOPPG2hPs36aKc.roa
Signing time:             Mon 06 Apr 2026 17:17:26 +0000
ROA not before:           Mon 06 Apr 2026 17:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200203
IP address blocks:        2.26.120.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:cc:9a:58:a3:86:c0:80:11:fc:8a:66:1b:01:09:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  6 17:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ec275035e37883600d2838f3c6da13ecdfa68a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:17:ed:23:1c:7a:e0:d2:98:a8:a1:88:48:fa:
                    ac:e3:62:a4:ad:1c:18:5d:cc:ac:4c:29:77:70:cf:
                    dc:fe:6e:d3:a0:65:90:96:06:f3:c1:06:d6:40:40:
                    08:4f:93:4b:90:e1:24:ad:db:3e:a8:69:10:54:05:
                    67:e4:5f:f6:c2:ca:40:91:5c:fa:44:00:d0:4b:79:
                    86:a1:93:51:2e:2b:86:8d:04:9e:51:be:04:a7:00:
                    d8:df:6b:2e:bf:e1:85:98:ab:c8:60:af:df:0a:2d:
                    87:17:e5:24:8e:cd:06:36:48:3d:23:77:d5:a6:1d:
                    ca:0c:9b:2a:f6:d0:49:54:ad:6c:f9:ee:29:09:48:
                    e6:f9:20:25:a8:26:05:76:17:33:99:02:7a:e6:88:
                    4c:10:51:0e:80:1f:6d:90:13:41:19:96:ef:1a:19:
                    8b:d8:ac:2f:d9:e3:3c:1c:ef:c3:91:e7:cb:e5:7d:
                    f2:01:da:0d:c1:49:9c:79:c7:a8:7e:44:b3:7e:26:
                    af:95:43:76:1b:f8:93:96:90:8c:cd:1c:23:ec:4f:
                    e8:ed:d1:6f:76:e0:05:06:9e:c5:1e:89:c6:d8:04:
                    f9:79:74:2b:9a:2c:b5:5c:68:cb:98:29:97:20:71:
                    ab:72:16:45:4f:6a:2d:e5:64:2b:82:d2:69:0c:07:
                    5f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:C2:75:03:5E:37:88:36:00:D2:83:8F:3C:6D:A1:3E:CD:FA:68:A7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HsJ1A143iDYA0oOPPG2hPs36aKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:ef:b8:e0:31:a6:41:28:a1:d8:0e:39:68:74:33:c6:a3:46:
         97:3a:fb:43:ef:0b:70:3f:2c:c6:35:28:df:46:39:1e:44:71:
         04:b5:fe:dc:28:e4:a4:ff:53:e6:ae:59:4f:f4:50:25:c2:f6:
         4e:a0:7c:d4:66:0b:4a:4d:9d:34:57:8d:fc:de:00:31:b3:a2:
         bd:0c:fd:90:d1:ee:1d:36:63:bc:3e:05:0a:5d:19:90:bf:c6:
         68:ab:ee:d9:d4:2b:e7:44:d3:53:ed:37:5f:ad:0f:51:71:d9:
         fe:6b:fe:bb:1f:98:3f:b1:7e:44:18:fd:bf:f7:b3:4d:55:20:
         dc:bc:36:1b:51:1e:b3:77:0b:35:11:26:a2:12:d4:f8:c5:1c:
         bf:32:d7:4a:b5:2a:3f:bb:ba:b3:49:26:fd:74:d6:f7:c8:bf:
         da:cd:b7:8b:2d:a1:f9:96:6d:87:6f:65:49:98:5f:31:38:34:
         ef:08:a8:10:90:c7:b3:69:ad:1d:86:f6:80:ab:cd:ff:79:f7:
         ad:ec:28:24:7c:f1:01:b6:35:12:cc:00:34:37:c0:b4:84:e4:
         a7:ec:3a:6e:2a:f3:a1:a8:c3:be:81:19:38:66:02:e2:b5:57:
         9a:2e:4b:78:7e:81:c3:2b:27:f9:e9:be:b1:01:12:93:15:f2:
         ad:57:4d:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jzJpYo4bAgBH8imYbAQkZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA2MTcxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWMyNzUwMzVlMzc4ODM2MDBkMjgzOGYzYzZkYTEzZWNkZmE2OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxftIxx64NKYqKGISPqs42KkrRwY
XcysTCl3cM/c/m7ToGWQlgbzwQbWQEAIT5NLkOEkrds+qGkQVAVn5F/2wspAkVz6
RADQS3mGoZNRLiuGjQSeUb4EpwDY32suv+GFmKvIYK/fCi2HF+Ukjs0GNkg9I3fV
ph3KDJsq9tBJVK1s+e4pCUjm+SAlqCYFdhczmQJ65ohMEFEOgB9tkBNBGZbvGhmL
2Kwv2eM8HO/DkefL5X3yAdoNwUmceceofkSzfiavlUN2G/iTlpCMzRwj7E/o7dFv
duAFBp7FHonG2AT5eXQrmiy1XGjLmCmXIHGrchZFT2ot5WQrgtJpDAdflwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7CdQNeN4g2ANKDjzxtoT7N+minMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSHNKMUExNDNpRFlBMG9PUFBHMmhQczM2YUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhp4MA0G
CSqGSIb3DQEBCwUAA4IBAQBl77jgMaZBKKHYDjlodDPGo0aXOvtD7wtwPyzGNSjf
RjkeRHEEtf7cKOSk/1PmrllP9FAlwvZOoHzUZgtKTZ00V4383gAxs6K9DP2Q0e4d
NmO8PgUKXRmQv8Zoq+7Z1CvnRNNT7TdfrQ9Rcdn+a/67H5g/sX5EGP2/97NNVSDc
vDYbUR6zdws1ESaiEtT4xRy/MtdKtSo/u7qzSSb9dNb3yL/azbeLLaH5lm2Hb2VJ
mF8xODTvCKgQkMezaa0dhvaAq83/efet7CgkfPEBtjUSzAA0N8C0hOSn7DpuKvOh
qMO+gRk4ZgLitVeaLkt4foHDKyf56b6xARKTFfKtV02Z
-----END CERTIFICATE-----