Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/I50cHKa8g08O2oUCkCuhdxvMzRA.roa
File:                     I50cHKa8g08O2oUCkCuhdxvMzRA.roa (raw, json)
Hash identifier:          Jw9lYqczL6G3D/RKkfgMdCZM6UIMl7brCy3lZRBn+WU=
Subject key identifier:   23:9D:1C:1C:A6:BC:83:4F:0E:DA:85:02:90:2B:A1:77:1B:CC:CD:10
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D7E3207FCE579D5F2933B0D5AA82EDDA2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/I50cHKa8g08O2oUCkCuhdxvMzRA.roa
Signing time:             Sat 11 Apr 2026 20:18:21 +0000
ROA not before:           Sat 11 Apr 2026 20:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206675
IP address blocks:        2.27.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7e:32:07:fc:e5:79:d5:f2:93:3b:0d:5a:a8:2e:dd:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 11 20:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=239d1c1ca6bc834f0eda8502902ba1771bcccd10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:57:ba:49:a5:cf:cd:2b:78:8c:94:a5:67:5e:
                    46:69:8a:c5:b7:b4:cc:04:1b:b3:d3:bc:a3:1f:07:
                    b2:94:21:3a:17:cc:cd:25:3d:54:11:39:a7:c0:49:
                    b2:59:ca:f3:31:13:fa:65:09:3e:3c:0b:8a:04:4e:
                    15:62:df:58:06:4c:bf:1f:53:f0:a7:f6:f2:ca:2f:
                    eb:86:28:69:95:2d:01:ed:b7:42:75:0c:29:53:35:
                    4b:9a:05:93:e4:41:29:84:41:2f:03:56:a5:1e:82:
                    b6:0c:55:88:48:7b:86:8f:a2:89:39:a8:d2:85:9a:
                    8d:68:3b:78:6a:80:83:21:25:c0:f4:a6:14:c1:b9:
                    0f:38:11:be:33:35:f2:2d:47:e0:4c:b3:36:00:d5:
                    5c:fb:63:58:9a:30:fc:c3:95:ed:ce:e0:70:c1:b2:
                    6b:39:75:07:cd:4f:4c:e1:00:f8:d2:49:b1:da:7d:
                    fb:60:d1:bf:0a:b3:d1:1c:81:cf:84:61:fa:33:b4:
                    09:df:4f:86:57:b0:8c:25:09:cc:16:e4:b6:35:0b:
                    b7:98:f8:17:ef:41:05:a5:31:1b:f1:be:77:1e:9d:
                    17:ba:03:4d:7d:c7:c4:7e:a3:a2:8b:de:8d:fe:74:
                    0d:8e:b5:f5:3e:34:f8:ce:10:cb:a8:c5:f8:41:c0:
                    f9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9D:1C:1C:A6:BC:83:4F:0E:DA:85:02:90:2B:A1:77:1B:CC:CD:10
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/I50cHKa8g08O2oUCkCuhdxvMzRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:75:6d:17:1c:b7:2b:98:bd:9d:cd:39:f8:74:fb:02:2a:dc:
         87:6e:24:5c:c1:a3:87:be:30:79:05:9e:dc:92:a9:a9:0f:ed:
         a4:ca:2f:cf:56:a8:97:49:a5:fb:18:5d:ce:e8:8a:c4:56:0f:
         05:8e:c3:00:9f:48:d3:71:37:58:a0:c0:6e:ab:4b:93:43:b7:
         2c:a4:80:3e:11:94:5e:2d:d5:19:72:79:e2:f6:db:2b:6a:ac:
         4e:ee:24:a2:a0:77:8c:2b:20:ae:c5:77:3e:e5:94:55:a9:18:
         c9:7b:71:00:15:0a:e0:a8:5f:5a:c0:8a:70:26:7f:a7:b3:43:
         59:68:a9:0a:ac:a8:5b:47:ed:86:29:43:b9:b4:45:fb:02:9d:
         c6:f8:91:77:99:96:2b:5b:88:bf:fb:c4:24:ba:fd:de:36:5d:
         9d:b3:b7:37:2b:8e:1e:4b:f9:ad:a6:af:c7:0d:1f:2e:ac:42:
         13:ba:fe:54:01:01:be:8e:0d:b1:fc:54:dc:88:f5:2e:c5:a4:
         af:4d:7a:12:8a:76:47:d7:3e:d9:63:a3:0b:a6:6a:f9:c7:a5:
         df:58:e5:dd:1c:6d:57:ce:c7:50:19:80:f2:97:c1:1e:21:d4:
         76:87:a8:50:1c:5f:28:05:3b:76:e2:78:47:16:c1:73:fa:2f:
         9f:60:76:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1+Mgf85XnV8pM7DVqoLt2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDExMjAxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzlkMWMxY2E2YmM4MzRmMGVkYTg1MDI5MDJiYTE3NzFiY2NjZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFe6SaXPzSt4jJSlZ15GaYrFt7TM
BBuz07yjHweylCE6F8zNJT1UETmnwEmyWcrzMRP6ZQk+PAuKBE4VYt9YBky/H1Pw
p/byyi/rhihplS0B7bdCdQwpUzVLmgWT5EEphEEvA1alHoK2DFWISHuGj6KJOajS
hZqNaDt4aoCDISXA9KYUwbkPOBG+MzXyLUfgTLM2ANVc+2NYmjD8w5XtzuBwwbJr
OXUHzU9M4QD40kmx2n37YNG/CrPRHIHPhGH6M7QJ30+GV7CMJQnMFuS2NQu3mPgX
70EFpTEb8b53Hp0XugNNfcfEfqOii96N/nQNjrX1PjT4zhDLqMX4QcD5LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOdHBymvINPDtqFApAroXcbzM0QMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSTUwY0hLYThnMDhPMm9VQ2tDdWhkeHZNelJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhuGMA0G
CSqGSIb3DQEBCwUAA4IBAQA8dW0XHLcrmL2dzTn4dPsCKtyHbiRcwaOHvjB5BZ7c
kqmpD+2kyi/PVqiXSaX7GF3O6IrEVg8FjsMAn0jTcTdYoMBuq0uTQ7cspIA+EZRe
LdUZcnni9tsraqxO7iSioHeMKyCuxXc+5ZRVqRjJe3EAFQrgqF9awIpwJn+ns0NZ
aKkKrKhbR+2GKUO5tEX7Ap3G+JF3mZYrW4i/+8Qkuv3eNl2ds7c3K44eS/mtpq/H
DR8urEITuv5UAQG+jg2x/FTciPUuxaSvTXoSinZH1z7ZY6MLpmr5x6XfWOXdHG1X
zsdQGYDyl8EeIdR2h6hQHF8oBTt24nhHFsFz+i+fYHaK
-----END CERTIFICATE-----