Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N2oKwDV4wAh8dnxcz8ccGQjHzBc.roa
File:                     N2oKwDV4wAh8dnxcz8ccGQjHzBc.roa (raw, json)
Hash identifier:          ZojYHWJQi4LwDIbLzROHPRMhKEKcOpG3DFF0nOr+IxE=
Subject key identifier:   37:6A:0A:C0:35:78:C0:08:7C:76:7C:5C:CF:C7:1C:19:08:C7:CC:17
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3F75CF0F21AB25FDF63A219138178B68
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N2oKwDV4wAh8dnxcz8ccGQjHzBc.roa
Signing time:             Mon 30 Mar 2026 15:56:18 +0000
ROA not before:           Mon 30 Mar 2026 15:56:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200105
IP address blocks:        2.27.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:75:cf:0f:21:ab:25:fd:f6:3a:21:91:38:17:8b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 15:56:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=376a0ac03578c0087c767c5ccfc71c1908c7cc17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:88:ae:a8:89:ca:e5:88:45:7a:21:eb:6b:8e:
                    47:96:0e:9e:ad:61:3c:89:f6:ba:e7:53:f4:85:09:
                    6b:7f:a1:85:5c:bc:fa:81:e3:f4:5d:97:04:3f:34:
                    7a:fb:d6:d4:e8:bd:b2:04:69:c6:e1:7b:8b:84:28:
                    25:59:e5:a8:d9:cf:cf:42:59:c4:5a:4c:00:91:88:
                    5f:b1:37:ce:98:65:d7:b2:0f:ee:b2:ce:23:15:3a:
                    b3:1d:0b:1c:04:7e:26:97:81:89:b2:1c:36:36:45:
                    62:24:68:47:c8:cb:4a:37:59:cc:e2:73:23:71:8a:
                    b7:9e:68:13:2c:87:03:f2:d5:d2:2f:6b:60:db:76:
                    f9:97:82:b5:e4:32:29:80:35:fc:48:22:ba:0f:1b:
                    62:15:a9:fc:6f:44:e4:82:67:eb:d5:1f:ec:2e:38:
                    4d:dc:43:30:22:da:be:5d:2a:3e:81:ca:1c:54:d0:
                    67:70:cf:85:3c:c6:1a:53:56:9f:a8:53:b4:d3:ab:
                    b6:51:64:dd:b6:d4:0a:b3:d8:54:12:ef:bf:5b:95:
                    43:5f:b6:1f:49:98:eb:f2:ae:91:19:55:16:dc:5d:
                    b4:83:4c:ac:e1:49:7c:17:eb:a1:43:58:85:15:2d:
                    a8:a8:6f:57:44:6b:03:c2:fd:ea:2a:9f:b7:7d:1e:
                    4e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6A:0A:C0:35:78:C0:08:7C:76:7C:5C:CF:C7:1C:19:08:C7:CC:17
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/N2oKwDV4wAh8dnxcz8ccGQjHzBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:9d:70:f8:c6:b7:04:c2:b4:a7:09:f5:cc:00:dc:ff:c6:fc:
         92:74:de:e2:c8:73:fa:85:a1:29:59:ca:0a:05:5d:93:5f:d6:
         72:68:95:2c:e2:82:27:f0:6a:a7:80:a3:63:e4:71:32:80:bd:
         d8:db:2c:57:3f:8c:79:d9:14:99:19:52:4c:12:39:ad:41:1a:
         47:5f:e0:5f:d0:a4:b3:5c:24:71:83:c2:a1:b9:c8:f6:ec:11:
         52:5d:3f:c3:86:fc:b7:8a:1f:86:6d:a3:79:d5:a8:bf:d7:d4:
         36:d8:a6:c2:82:14:ca:7c:54:86:3a:41:de:53:fc:d7:99:e6:
         4e:f4:01:e6:33:30:67:dd:0b:34:8c:0e:0f:4d:bd:df:24:9d:
         1f:b9:17:c2:15:98:7b:12:29:d1:43:2a:29:14:60:1b:ae:24:
         96:b5:f4:f8:04:26:ff:d9:87:eb:14:ad:93:83:ae:9b:ce:3b:
         2a:23:97:5e:68:7a:18:16:26:a1:2d:5a:5d:36:cc:f2:c5:00:
         f0:11:b1:14:f7:fd:c0:63:5e:3f:7b:ed:db:7d:1a:4e:12:cd:
         4e:03:8d:2b:73:c6:0c:4e:b0:fd:0b:7f:c9:30:c8:2d:9e:8f:
         26:02:66:2a:3c:f5:18:4b:87:48:ad:d1:ca:66:c5:98:1d:0b:
         69:38:9d:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/dc8PIasl/fY6IZE4F4toMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU1NjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZhMGFjMDM1NzhjMDA4N2M3NjdjNWNjZmM3MWMxOTA4YzdjYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYiuqInK5YhFeiHra45Hlg6erWE8
ifa651P0hQlrf6GFXLz6geP0XZcEPzR6+9bU6L2yBGnG4XuLhCglWeWo2c/PQlnE
WkwAkYhfsTfOmGXXsg/uss4jFTqzHQscBH4ml4GJshw2NkViJGhHyMtKN1nM4nMj
cYq3nmgTLIcD8tXSL2tg23b5l4K15DIpgDX8SCK6DxtiFan8b0Tkgmfr1R/sLjhN
3EMwItq+XSo+gcocVNBncM+FPMYaU1afqFO006u2UWTdttQKs9hUEu+/W5VDX7Yf
SZjr8q6RGVUW3F20g0ys4Ul8F+uhQ1iFFS2oqG9XRGsDwv3qKp+3fR5ONwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdqCsA1eMAIfHZ8XM/HHBkIx8wXMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTjJvS3dEVjR3QWg4ZG54Y3o4Y2NHUWpIekJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhumMA0G
CSqGSIb3DQEBCwUAA4IBAQA4nXD4xrcEwrSnCfXMANz/xvySdN7iyHP6haEpWcoK
BV2TX9ZyaJUs4oIn8GqngKNj5HEygL3Y2yxXP4x52RSZGVJMEjmtQRpHX+Bf0KSz
XCRxg8Khucj27BFSXT/Dhvy3ih+GbaN51ai/19Q22KbCghTKfFSGOkHeU/zXmeZO
9AHmMzBn3Qs0jA4PTb3fJJ0fuRfCFZh7EinRQyopFGAbriSWtfT4BCb/2YfrFK2T
g66bzjsqI5deaHoYFiahLVpdNszyxQDwEbEU9/3AY14/e+3bfRpOEs1OA40rc8YM
TrD9C3/JMMgtno8mAmYqPPUYS4dIrdHKZsWYHQtpOJ04
-----END CERTIFICATE-----