Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SlonPiGrn7BMItzR3fyqCXmdQBA.roa
File:                     SlonPiGrn7BMItzR3fyqCXmdQBA.roa (raw, json)
Hash identifier:          xH6N2uBN3M6UTLZRWzPqKV35kXM1R7ciPZp71IU1+/c=
Subject key identifier:   4A:5A:27:3E:21:AB:9F:B0:4C:22:DC:D1:DD:FC:AA:09:79:9D:40:10
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D5A22D858F1C001CEA170ACDFE3B51858
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SlonPiGrn7BMItzR3fyqCXmdQBA.roa
Signing time:             Sat 04 Apr 2026 20:15:26 +0000
ROA not before:           Sat 04 Apr 2026 20:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212053
IP address blocks:        2.26.192.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:22:d8:58:f1:c0:01:ce:a1:70:ac:df:e3:b5:18:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  4 20:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a5a273e21ab9fb04c22dcd1ddfcaa09799d4010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7a:38:3e:30:0d:94:f7:8f:56:fb:65:19:be:
                    3c:5f:40:d1:fa:14:4b:06:7f:b8:fc:90:1e:44:ea:
                    e8:49:cb:ff:43:57:b5:70:c3:3d:db:17:30:5d:42:
                    81:68:4f:1d:28:8e:8d:14:72:b9:13:9a:ab:a9:81:
                    73:ec:40:f0:48:40:3d:6c:00:5b:17:31:d7:95:7d:
                    7d:84:53:fa:9a:da:d5:c4:cb:9e:28:fa:9c:55:1e:
                    84:c4:0d:41:7f:4d:6f:6e:a3:2c:14:c9:13:ff:e3:
                    4f:d7:10:e0:7f:ab:56:08:43:56:ff:7b:4b:5b:f8:
                    d3:d7:fc:32:35:85:8d:64:a3:18:c6:25:be:cb:b2:
                    85:9a:36:0e:d9:1d:92:24:36:da:27:f2:57:e1:12:
                    8f:63:64:28:c6:fa:37:ac:38:7d:f0:6f:90:c5:80:
                    63:4b:f2:d3:58:ab:d3:04:5a:b4:c2:a0:4e:03:93:
                    83:1b:e9:09:87:f0:b3:b1:50:02:63:26:b5:42:ac:
                    72:1d:e5:e8:d0:14:6c:27:87:a0:26:7c:84:7b:2a:
                    14:cd:0d:23:5a:86:f7:c9:49:5a:6e:5d:54:cc:f6:
                    c3:5c:b3:52:25:a6:a9:cc:9b:4b:b8:3b:0b:9a:b9:
                    95:69:f4:86:91:71:31:5a:60:d6:64:40:99:a8:be:
                    52:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:5A:27:3E:21:AB:9F:B0:4C:22:DC:D1:DD:FC:AA:09:79:9D:40:10
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SlonPiGrn7BMItzR3fyqCXmdQBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:c0:1e:13:3d:99:44:4b:6b:c2:c6:e7:c2:56:de:d6:7f:a0:
         2b:26:07:b0:33:bb:59:30:b1:b1:90:3b:f0:58:a3:74:e3:6f:
         11:8d:89:46:05:ce:f6:df:d4:8f:42:41:1d:7a:ba:39:6c:7a:
         18:0e:e7:d7:23:11:fe:59:9c:b5:b3:a9:3f:e0:43:7c:ff:2b:
         f8:98:ed:e7:50:3e:94:42:80:51:bd:4d:a8:fa:e1:f7:5b:1e:
         55:5c:82:c0:63:9f:5a:4c:09:e5:10:8a:bd:3c:f1:5e:1e:01:
         c9:09:00:68:8c:05:ea:64:30:1b:5d:7f:45:22:e7:b9:45:c4:
         7b:66:18:e2:2a:25:ff:31:4d:e4:6b:f6:ae:72:d8:14:19:d1:
         75:fe:a3:11:d6:ab:39:36:df:78:ce:a8:17:24:21:f2:29:09:
         f7:ae:3e:e9:75:c7:6d:ba:0d:32:37:ea:1d:4c:c0:cf:c9:c9:
         b1:80:35:03:b3:22:25:ab:b3:83:32:d7:07:8f:4a:03:24:fb:
         54:20:e1:e8:e1:49:c4:67:1d:88:9e:91:6b:b9:92:2a:af:2b:
         b6:d1:cc:4d:50:c1:f3:7e:db:9f:c1:01:1a:2d:91:3f:79:34:
         f2:75:eb:30:d3:1d:24:4d:79:24:f8:45:a1:1b:53:61:ee:8e:
         f5:30:6e:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1aIthY8cABzqFwrN/jtRhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA0MjAxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTVhMjczZTIxYWI5ZmIwNGMyMmRjZDFkZGZjYWEwOTc5OWQ0MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHo4PjANlPePVvtlGb48X0DR+hRL
Bn+4/JAeROroScv/Q1e1cMM92xcwXUKBaE8dKI6NFHK5E5qrqYFz7EDwSEA9bABb
FzHXlX19hFP6mtrVxMueKPqcVR6ExA1Bf01vbqMsFMkT/+NP1xDgf6tWCENW/3tL
W/jT1/wyNYWNZKMYxiW+y7KFmjYO2R2SJDbaJ/JX4RKPY2Qoxvo3rDh98G+QxYBj
S/LTWKvTBFq0wqBOA5ODG+kJh/CzsVACYya1QqxyHeXo0BRsJ4egJnyEeyoUzQ0j
Wob3yUlabl1UzPbDXLNSJaapzJtLuDsLmrmVafSGkXExWmDWZECZqL5SpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpaJz4hq5+wTCLc0d38qgl5nUAQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvU2xvblBpR3JuN0JNSXR6UjNmeXFDWG1kUUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAhrAMA0G
CSqGSIb3DQEBCwUAA4IBAQBuwB4TPZlES2vCxufCVt7Wf6ArJgewM7tZMLGxkDvw
WKN0428RjYlGBc7239SPQkEdero5bHoYDufXIxH+WZy1s6k/4EN8/yv4mO3nUD6U
QoBRvU2o+uH3Wx5VXILAY59aTAnlEIq9PPFeHgHJCQBojAXqZDAbXX9FIue5RcR7
ZhjiKiX/MU3ka/auctgUGdF1/qMR1qs5Nt94zqgXJCHyKQn3rj7pdcdtug0yN+od
TMDPycmxgDUDsyIlq7ODMtcHj0oDJPtUIOHo4UnEZx2InpFruZIqryu20cxNUMHz
ftufwQEaLZE/eTTydesw0x0kTXkk+EWhG1Nh7o71MG5/
-----END CERTIFICATE-----