Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HvlzHlVO2tX1DpmjZLWPAWo_ApM.roa
File:                     HvlzHlVO2tX1DpmjZLWPAWo_ApM.roa (raw, json)
Hash identifier:          kYlluEPDLsKTjEDQJupPmdqAQKyJ554yavDc08iegdU=
Subject key identifier:   1E:F9:73:1E:55:4E:DA:D5:F5:0E:99:A3:64:B5:8F:01:6A:3F:02:93
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D8D3DA527E80EE5284BCDAB9631A8D7D4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HvlzHlVO2tX1DpmjZLWPAWo_ApM.roa
Signing time:             Tue 14 Apr 2026 18:25:20 +0000
ROA not before:           Tue 14 Apr 2026 18:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        2.26.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:3d:a5:27:e8:0e:e5:28:4b:cd:ab:96:31:a8:d7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 14 18:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ef9731e554edad5f50e99a364b58f016a3f0293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0e:83:95:f8:5f:dd:b9:64:3d:d4:75:38:f9:
                    64:66:5e:09:06:2b:0f:69:8d:56:87:bf:b5:43:ea:
                    e3:23:b9:43:80:ec:e1:15:6e:07:cf:e5:29:9b:30:
                    c7:7a:f8:df:38:b7:bc:49:e2:b7:52:31:2a:11:b5:
                    90:b2:b7:d6:58:90:79:49:cf:7c:ba:15:51:61:15:
                    fe:b4:29:56:45:9e:78:01:11:63:89:8d:56:b1:c3:
                    ba:0b:ac:9a:59:c7:b3:a0:26:03:23:5c:78:ac:b6:
                    9e:0f:06:5c:e7:e2:96:5a:57:d1:eb:49:f2:f9:43:
                    c3:83:29:37:11:ec:e2:a7:6b:23:bf:cf:62:08:32:
                    78:b3:19:db:5c:72:0f:b5:8c:62:02:50:94:45:c9:
                    3d:ee:ce:0f:db:00:f7:58:02:d8:aa:1b:81:93:fc:
                    fb:76:ff:fb:55:fe:c0:4a:c3:31:09:83:5c:ba:4b:
                    ec:39:aa:d9:a8:2d:0c:1a:b0:bf:a3:0c:b0:dd:76:
                    63:b1:dd:00:ea:a7:4c:5a:59:ee:a0:b0:f9:a7:74:
                    8d:bb:2c:ec:dd:a4:bd:9a:2f:c3:5e:4a:b3:d4:3d:
                    fd:53:7a:21:a0:70:73:f5:3e:6e:5c:71:b6:04:54:
                    cf:0b:fe:01:ca:1d:43:93:a2:0d:8a:d5:0a:dd:ff:
                    8c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F9:73:1E:55:4E:DA:D5:F5:0E:99:A3:64:B5:8F:01:6A:3F:02:93
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HvlzHlVO2tX1DpmjZLWPAWo_ApM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:47:51:e5:fd:ad:2f:12:b3:11:b2:42:66:1a:5c:b6:52:14:
         0f:3e:c2:a0:ad:25:4e:c2:81:49:5f:82:2f:3f:21:f1:92:dc:
         e4:b2:82:1e:8c:07:52:cd:23:99:5f:aa:af:39:6f:41:7c:e6:
         6d:dc:82:b1:db:5f:d4:32:cc:d7:36:06:43:f2:68:3e:51:02:
         b3:03:97:1d:65:bb:f1:47:69:b9:d7:bc:b0:34:ab:f9:b3:4f:
         bd:3c:e2:3e:89:b9:3f:fe:83:8e:ab:58:e1:28:da:34:c9:93:
         83:19:55:4c:c0:b1:12:5c:4a:24:52:93:84:0c:cd:58:64:14:
         07:ed:33:88:5f:d5:15:5d:79:cc:06:ac:e2:8d:c2:47:f0:66:
         cb:e1:62:1a:b7:f6:ef:2d:66:37:7c:ee:88:30:64:01:f5:7b:
         f6:38:f2:0e:9c:b9:2a:71:b7:03:19:f0:6d:d8:7a:15:c6:db:
         0d:46:3b:c9:29:b5:65:19:19:7f:0b:77:fd:81:40:c6:fc:b9:
         99:bb:58:ae:f0:18:33:e5:da:e2:7d:76:b3:c3:4a:95:58:41:
         e2:7f:93:05:e0:bb:98:48:92:e0:13:34:1b:46:a9:57:21:a1:
         ac:16:04:1c:80:9b:55:fe:65:2a:76:89:5a:c6:88:b3:ee:b3:
         bb:b9:66:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2NPaUn6A7lKEvNq5YxqNfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MTgyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY5NzMxZTU1NGVkYWQ1ZjUwZTk5YTM2NGI1OGYwMTZhM2YwMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA6Dlfhf3blkPdR1OPlkZl4JBisP
aY1Wh7+1Q+rjI7lDgOzhFW4Hz+UpmzDHevjfOLe8SeK3UjEqEbWQsrfWWJB5Sc98
uhVRYRX+tClWRZ54ARFjiY1WscO6C6yaWcezoCYDI1x4rLaeDwZc5+KWWlfR60ny
+UPDgyk3Eezip2sjv89iCDJ4sxnbXHIPtYxiAlCURck97s4P2wD3WALYqhuBk/z7
dv/7Vf7ASsMxCYNcukvsOarZqC0MGrC/owyw3XZjsd0A6qdMWlnuoLD5p3SNuyzs
3aS9mi/DXkqz1D39U3ohoHBz9T5uXHG2BFTPC/4Byh1Dk6INitUK3f+MFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB75cx5VTtrV9Q6Zo2S1jwFqPwKTMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSHZsekhsVk8ydFgxRHBtalpMV1BBV29fQXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqjMA0G
CSqGSIb3DQEBCwUAA4IBAQCJR1Hl/a0vErMRskJmGly2UhQPPsKgrSVOwoFJX4Iv
PyHxktzksoIejAdSzSOZX6qvOW9BfOZt3IKx21/UMszXNgZD8mg+UQKzA5cdZbvx
R2m517ywNKv5s0+9POI+ibk//oOOq1jhKNo0yZODGVVMwLESXEokUpOEDM1YZBQH
7TOIX9UVXXnMBqzijcJH8GbL4WIat/bvLWY3fO6IMGQB9Xv2OPIOnLkqcbcDGfBt
2HoVxtsNRjvJKbVlGRl/C3f9gUDG/LmZu1iu8Bgz5drifXazw0qVWEHif5MF4LuY
SJLgEzQbRqlXIaGsFgQcgJtV/mUqdolaxoiz7rO7uWZm
-----END CERTIFICATE-----