Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Ten8IttUZ2snBaqtTaGJYqosvNA.roa
File:                     Ten8IttUZ2snBaqtTaGJYqosvNA.roa (raw, json)
Hash identifier:          6v9Sfj4kq3yc3l2HJoq5C6Xuc9cMaOpJgDkPNoXjz8k=
Subject key identifier:   4D:E9:FC:22:DB:54:67:6B:27:05:AA:AD:4D:A1:89:62:AA:2C:BC:D0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D972697B628369BD0DBAAAF8213FA3056
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Ten8IttUZ2snBaqtTaGJYqosvNA.roa
Signing time:             Thu 16 Apr 2026 16:36:21 +0000
ROA not before:           Thu 16 Apr 2026 16:36:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        2.27.98.0/24 maxlen: 24
                          2.27.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:26:97:b6:28:36:9b:d0:db:aa:af:82:13:fa:30:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 16:36:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4de9fc22db54676b2705aaad4da18962aa2cbcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1e:60:ed:77:75:31:47:b1:be:49:2a:81:fa:
                    f6:05:a7:93:2a:c7:cf:03:76:f7:0b:d6:13:f1:99:
                    4e:5c:f5:96:b6:53:b5:c5:5f:03:1d:79:05:0d:bb:
                    53:14:f6:a8:b6:d4:f4:bf:98:b1:08:bc:cf:0e:02:
                    9b:2d:9e:81:f3:a4:5d:28:76:9d:67:59:1f:24:8c:
                    c1:76:fa:40:e2:fa:0b:4b:77:f8:ac:d6:da:42:54:
                    65:65:71:87:d3:a5:4f:48:77:df:95:49:36:52:d8:
                    5c:49:7e:c3:62:15:bb:8c:e5:35:a5:d7:26:40:11:
                    d7:3e:87:9e:4f:08:31:a1:ce:27:bb:5e:01:c0:76:
                    63:7e:d1:5d:1f:95:c0:bf:b4:14:60:fd:08:dd:2b:
                    5d:d6:e0:41:d3:5b:3e:05:e8:cd:27:56:be:72:47:
                    7a:77:22:cf:ad:43:00:fe:8f:0d:3f:2c:a6:a8:f4:
                    c3:f2:98:01:62:f7:54:ef:6d:7d:88:8f:0c:59:56:
                    c4:85:01:c7:cf:23:a3:5b:03:33:84:65:e5:76:5c:
                    7b:8c:f1:7e:9d:52:39:f0:11:f1:8a:36:64:08:f9:
                    e9:ab:b0:ee:41:bc:47:56:a2:53:ee:2e:92:a5:36:
                    57:e1:e3:36:3c:56:4e:52:72:3a:bb:a0:54:f3:e3:
                    2d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E9:FC:22:DB:54:67:6B:27:05:AA:AD:4D:A1:89:62:AA:2C:BC:D0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Ten8IttUZ2snBaqtTaGJYqosvNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.98.0/24
                  2.27.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:05:20:c4:f7:41:a5:2c:d5:1f:4d:2b:47:c1:90:63:0a:df:
         af:6d:8b:01:c3:36:e9:52:b8:30:d2:91:8d:94:7f:2e:d7:37:
         87:63:fa:3b:09:b5:aa:bf:57:fc:5b:37:14:b8:50:17:a5:55:
         32:ce:a8:3f:c0:c4:87:2a:6b:37:2e:fa:e7:ca:d4:07:fe:d4:
         2e:a7:e8:50:73:92:17:6d:92:7d:db:d1:8a:48:1f:91:bc:99:
         05:79:14:b7:88:cc:a0:bb:3e:54:ef:ab:cf:05:41:87:44:60:
         09:60:62:28:9d:bf:9d:ec:9f:25:52:31:40:d9:23:19:81:63:
         58:34:34:43:d2:49:39:8f:f4:91:6f:10:8a:4a:8a:4e:1a:6f:
         29:b1:6e:6c:bb:ad:4d:7e:82:4a:d8:39:b5:3c:ba:24:7f:35:
         eb:b4:59:7f:2f:de:3b:b7:d6:4b:6d:40:b3:71:c7:f5:cb:43:
         a6:7e:50:7d:b0:69:02:3b:7b:d6:cd:d3:80:d8:ed:70:12:9a:
         6d:c7:10:e8:98:ee:c9:36:12:f9:6a:fc:26:5b:91:42:5e:37:
         22:eb:ce:dd:a2:56:05:53:5b:b8:bc:9b:81:b8:d6:3b:a5:1c:
         5f:aa:2d:d4:b9:36:b4:50:7d:ca:e6:9e:a0:c1:64:f9:15:54:
         a2:1d:f2:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2XJpe2KDab0Nuqr4IT+jBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MTYzNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGU5ZmMyMmRiNTQ2NzZiMjcwNWFhYWQ0ZGExODk2MmFhMmNiY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox5g7Xd1MUexvkkqgfr2BaeTKsfP
A3b3C9YT8ZlOXPWWtlO1xV8DHXkFDbtTFPaottT0v5ixCLzPDgKbLZ6B86RdKHad
Z1kfJIzBdvpA4voLS3f4rNbaQlRlZXGH06VPSHfflUk2UthcSX7DYhW7jOU1pdcm
QBHXPoeeTwgxoc4nu14BwHZjftFdH5XAv7QUYP0I3Std1uBB01s+BejNJ1a+ckd6
dyLPrUMA/o8NPyymqPTD8pgBYvdU7219iI8MWVbEhQHHzyOjWwMzhGXldlx7jPF+
nVI58BHxijZkCPnpq7DuQbxHVqJT7i6SpTZX4eM2PFZOUnI6u6BU8+MtjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE3p/CLbVGdrJwWqrU2hiWKqLLzQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVGVuOEl0dFVaMnNuQmFxdFRhR0pZcW9zdk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtiAwQA
AhuvMA0GCSqGSIb3DQEBCwUAA4IBAQCOBSDE90GlLNUfTStHwZBjCt+vbYsBwzbp
Urgw0pGNlH8u1zeHY/o7CbWqv1f8WzcUuFAXpVUyzqg/wMSHKms3LvrnytQH/tQu
p+hQc5IXbZJ929GKSB+RvJkFeRS3iMyguz5U76vPBUGHRGAJYGIonb+d7J8lUjFA
2SMZgWNYNDRD0kk5j/SRbxCKSopOGm8psW5su61NfoJK2Dm1PLokfzXrtFl/L947
t9ZLbUCzccf1y0OmflB9sGkCO3vWzdOA2O1wEpptxxDomO7JNhL5avwmW5FCXjci
687dolYFU1u4vJuBuNY7pRxfqi3UuTa0UH3K5p6gwWT5FVSiHfLY
-----END CERTIFICATE-----