Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OG3vGZl_bpS0LLvE9wwmi1G8CgY.roa
File:                     OG3vGZl_bpS0LLvE9wwmi1G8CgY.roa (raw, json)
Hash identifier:          9+sBeHV1XLty5FSD0WxPiABLNmPSQaQH0KlWcOSoxQk=
Subject key identifier:   38:6D:EF:19:99:7F:6E:94:B4:2C:BB:C4:F7:0C:26:8B:51:BC:0A:06
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EAD32DE206682845D572D4E97A8A1BB67
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OG3vGZl_bpS0LLvE9wwmi1G8CgY.roa
Signing time:             Tue 09 Jun 2026 16:24:12 +0000
ROA not before:           Tue 09 Jun 2026 16:24:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        2.27.246.0/24 maxlen: 24
                          31.77.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:32:de:20:66:82:84:5d:57:2d:4e:97:a8:a1:bb:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  9 16:24:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=386def19997f6e94b42cbbc4f70c268b51bc0a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7b:16:9a:d5:67:93:d7:38:c2:09:af:63:ad:
                    2c:d2:19:d1:bd:ca:38:15:e6:2e:b2:37:ac:da:9e:
                    8f:03:d4:c9:04:1b:13:f7:57:9f:89:62:23:bb:87:
                    d4:d8:7b:8a:3f:19:7b:5e:a9:f2:16:fb:10:11:85:
                    de:50:e0:88:0b:11:b4:2f:38:21:2b:36:a2:e8:0a:
                    a8:6c:6b:aa:9c:b1:c8:1f:d5:7f:c3:0e:19:43:5b:
                    8c:4c:4e:2c:76:16:0f:0c:8f:9f:86:46:12:fa:cd:
                    1e:93:e7:74:9e:a8:c6:91:67:08:24:a7:52:b3:bf:
                    22:1c:d8:6f:64:8c:63:97:03:aa:fc:d2:7f:da:be:
                    e5:82:57:ba:7d:08:57:97:27:ac:27:bd:46:ec:c3:
                    d0:ce:78:bb:62:29:c9:41:4a:fe:7a:76:eb:9b:73:
                    e4:1f:ee:35:fb:9d:c5:97:78:82:7f:7c:22:4d:e2:
                    c6:c1:e5:c8:f7:83:e4:3b:7f:c1:8a:e2:8b:08:36:
                    d1:c3:d3:05:06:68:2f:f6:75:fa:c4:8a:79:9f:4e:
                    9c:d6:ee:c9:48:ce:14:92:fd:e3:68:d6:69:cb:d7:
                    d5:bb:e5:58:c5:1b:59:ac:2a:b4:5f:fb:dc:d8:36:
                    1f:a9:67:0e:42:46:7b:40:e4:01:e0:d9:ca:28:89:
                    20:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6D:EF:19:99:7F:6E:94:B4:2C:BB:C4:F7:0C:26:8B:51:BC:0A:06
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OG3vGZl_bpS0LLvE9wwmi1G8CgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.246.0/24
                  31.77.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:88:23:cb:1f:5f:aa:a2:c4:b8:5f:bd:c1:42:7c:46:7e:
         c7:8a:73:97:24:9f:23:2d:e7:5c:e9:c6:42:17:ee:ca:9e:fd:
         75:39:3a:3a:a4:73:c9:ce:74:61:c4:95:21:81:ea:01:27:50:
         c7:d7:f2:a3:9c:56:51:36:c2:51:b7:b7:69:36:4d:19:7a:88:
         f7:d6:cb:7c:33:f1:55:0f:2e:d0:c8:c7:07:e0:ab:8b:34:d0:
         91:75:4a:09:24:6e:21:76:e9:13:37:0e:6d:0c:4f:78:43:f2:
         b1:11:09:28:3e:0d:b2:e2:83:2f:54:3e:5f:a1:39:0b:5f:fb:
         2f:a3:be:e4:f8:7c:2c:8a:c0:44:16:58:24:60:e0:91:75:f2:
         3e:eb:11:c1:37:c9:13:94:26:e3:69:f3:a1:e7:ec:19:ab:fa:
         7f:1d:2a:85:45:08:e6:93:65:0f:ac:e9:10:1f:34:34:30:6e:
         cb:27:c9:3a:d9:04:61:ea:88:d2:cd:60:a9:c3:e1:69:83:dd:
         36:b0:f4:db:91:88:cc:f6:25:7a:7b:af:79:31:57:ff:cc:c4:
         47:c0:9f:db:73:c1:87:7b:ea:2f:ac:f3:81:35:ae:f8:7d:e4:
         f0:be:e9:ba:b2:80:73:aa:25:6b:f5:c1:ad:6e:fc:4d:18:7d:
         96:47:ad:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6tMt4gZoKEXVctTpeoobtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA5MTYyNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZkZWYxOTk5N2Y2ZTk0YjQyY2JiYzRmNzBjMjY4YjUxYmMwYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XsWmtVnk9c4wgmvY60s0hnRvco4
FeYusjes2p6PA9TJBBsT91efiWIju4fU2HuKPxl7XqnyFvsQEYXeUOCICxG0Lzgh
Kzai6AqobGuqnLHIH9V/ww4ZQ1uMTE4sdhYPDI+fhkYS+s0ek+d0nqjGkWcIJKdS
s78iHNhvZIxjlwOq/NJ/2r7lgle6fQhXlyesJ71G7MPQzni7YinJQUr+enbrm3Pk
H+41+53Fl3iCf3wiTeLGweXI94PkO3/BiuKLCDbRw9MFBmgv9nX6xIp5n06c1u7J
SM4Ukv3jaNZpy9fVu+VYxRtZrCq0X/vc2DYfqWcOQkZ7QOQB4NnKKIkgDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDht7xmZf26UtCy7xPcMJotRvAoGMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvT0czdkdabF9icFMwTEx2RTl3d21pMUc4Q2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhv2AwQA
H035MA0GCSqGSIb3DQEBCwUAA4IBAQAYw4gjyx9fqqLEuF+9wUJ8Rn7HinOXJJ8j
Ledc6cZCF+7Knv11OTo6pHPJznRhxJUhgeoBJ1DH1/KjnFZRNsJRt7dpNk0Zeoj3
1st8M/FVDy7QyMcH4KuLNNCRdUoJJG4hdukTNw5tDE94Q/KxEQkoPg2y4oMvVD5f
oTkLX/svo77k+HwsisBEFlgkYOCRdfI+6xHBN8kTlCbjafOh5+wZq/p/HSqFRQjm
k2UPrOkQHzQ0MG7LJ8k62QRh6ojSzWCpw+Fpg902sPTbkYjM9iV6e695MVf/zMRH
wJ/bc8GHe+ovrPOBNa74feTwvum6soBzqiVr9cGtbvxNGH2WR602
-----END CERTIFICATE-----