Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UOwBBCcU-gjUDhG_fHYoHlvsPz0.roa
File:                     UOwBBCcU-gjUDhG_fHYoHlvsPz0.roa (raw, json)
Hash identifier:          nB/BLe1o39KaZP2U04EZXMJkCi6DCd1/htbHx9SYc68=
Subject key identifier:   50:EC:01:04:27:14:FA:08:D4:0E:11:BF:7C:76:28:1E:5B:EC:3F:3D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D796AE1F4B6F6DC96814FCF5893B0C670
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UOwBBCcU-gjUDhG_fHYoHlvsPz0.roa
Signing time:             Fri 10 Apr 2026 22:02:20 +0000
ROA not before:           Fri 10 Apr 2026 22:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198981
IP address blocks:        2.27.0.0/24 maxlen: 24
                          2.27.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:79:6a:e1:f4:b6:f6:dc:96:81:4f:cf:58:93:b0:c6:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 10 22:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50ec01042714fa08d40e11bf7c76281e5bec3f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:46:a5:ce:e7:e1:6c:a0:b3:47:29:ff:b6:9e:
                    c6:f8:9d:a7:37:5c:e4:90:ec:cd:33:64:75:eb:6d:
                    d0:67:c6:0b:57:c0:f2:6f:14:ec:22:ca:24:30:8c:
                    8e:31:5d:85:02:8c:1d:07:63:7e:fa:22:60:83:4c:
                    a3:71:08:0a:f2:d0:74:5f:0c:a2:2e:a3:3d:ef:90:
                    f7:97:5e:00:66:e2:0a:d2:d4:bc:67:40:49:02:05:
                    ba:1b:f8:bc:21:d5:f1:00:20:2b:e7:94:4d:e9:ab:
                    b1:47:7f:33:2c:7a:ff:68:b5:b3:09:06:be:b6:35:
                    14:5a:85:be:14:26:e6:a7:49:27:df:a5:23:da:64:
                    42:50:cf:12:58:54:48:a7:b7:1a:1e:82:62:5c:f3:
                    fa:7d:c5:f8:3f:94:4b:68:1a:d5:0c:f2:fd:82:7b:
                    a3:d4:a3:93:1c:8d:f0:50:83:27:ec:35:f5:3c:3a:
                    d0:d0:c2:22:fb:e1:15:6e:f7:d1:58:9d:e2:e5:1c:
                    f7:10:69:7f:51:93:b6:2c:32:ae:08:7e:9d:27:fc:
                    44:69:81:1d:d5:fd:e3:9b:23:45:16:1d:d6:f6:67:
                    94:21:e0:8e:90:38:38:8e:37:9e:2d:de:96:0a:d9:
                    d8:0c:17:bd:3e:3c:32:44:c8:3e:87:ea:40:54:ee:
                    ad:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EC:01:04:27:14:FA:08:D4:0E:11:BF:7C:76:28:1E:5B:EC:3F:3D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UOwBBCcU-gjUDhG_fHYoHlvsPz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.0.0/24
                  2.27.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c2:8f:42:b3:03:55:97:96:20:39:63:0d:c1:30:19:0b:ee:
         fc:3c:38:4c:54:e9:5b:64:8b:f5:7a:17:b1:00:b3:c3:df:ec:
         2c:10:b3:53:df:fb:4c:15:dc:b1:c7:d9:ad:26:14:55:ed:7c:
         40:f8:54:ff:32:a8:a3:21:9b:a6:72:f8:8b:09:98:15:c2:7f:
         2c:e5:89:71:fd:d2:34:61:83:48:94:25:88:fa:36:b7:10:a8:
         6a:4d:a3:b7:cf:01:2f:62:f9:48:25:35:ac:e0:ac:bc:ed:eb:
         35:1c:fe:87:e5:38:31:d1:f5:73:5f:ca:f0:a1:06:32:c4:db:
         61:85:de:7e:b1:0d:38:0f:52:0f:1e:af:e8:9f:56:e7:3a:e5:
         3e:c1:9e:7b:06:93:2e:0b:08:b9:19:09:c3:ce:12:23:c7:c9:
         ef:cf:43:97:70:79:25:97:74:24:d7:e5:db:38:fe:76:70:e5:
         79:c2:fc:57:98:1e:88:2c:a0:be:1e:ca:6f:c9:e2:79:89:71:
         1a:a5:3d:44:c2:9c:8f:4c:f1:24:eb:85:f1:cf:49:a4:96:d0:
         54:b6:fa:6a:97:2b:e1:b5:e3:a5:57:7f:7f:35:10:26:60:af:
         17:ac:75:3f:fe:39:3e:19:84:cf:90:58:3e:0f:7d:80:e7:ac:
         ac:df:58:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ15auH0tvbcloFPz1iTsMZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDEwMjIwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVjMDEwNDI3MTRmYTA4ZDQwZTExYmY3Yzc2MjgxZTViZWMzZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UalzufhbKCzRyn/tp7G+J2nN1zk
kOzNM2R1623QZ8YLV8DybxTsIsokMIyOMV2FAowdB2N++iJgg0yjcQgK8tB0Xwyi
LqM975D3l14AZuIK0tS8Z0BJAgW6G/i8IdXxACAr55RN6auxR38zLHr/aLWzCQa+
tjUUWoW+FCbmp0kn36Uj2mRCUM8SWFRIp7caHoJiXPP6fcX4P5RLaBrVDPL9gnuj
1KOTHI3wUIMn7DX1PDrQ0MIi++EVbvfRWJ3i5Rz3EGl/UZO2LDKuCH6dJ/xEaYEd
1f3jmyNFFh3W9meUIeCOkDg4jjeeLd6WCtnYDBe9PjwyRMg+h+pAVO6t/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFDsAQQnFPoI1A4Rv3x2KB5b7D89MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVU93QkJDY1UtZ2pVRGhHX2ZIWW9IbHZzUHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhsAAwQA
AhsCMA0GCSqGSIb3DQEBCwUAA4IBAQCgwo9CswNVl5YgOWMNwTAZC+78PDhMVOlb
ZIv1ehexALPD3+wsELNT3/tMFdyxx9mtJhRV7XxA+FT/MqijIZumcviLCZgVwn8s
5Ylx/dI0YYNIlCWI+ja3EKhqTaO3zwEvYvlIJTWs4Ky87es1HP6H5Tgx0fVzX8rw
oQYyxNthhd5+sQ04D1IPHq/on1bnOuU+wZ57BpMuCwi5GQnDzhIjx8nvz0OXcHkl
l3Qk1+XbOP52cOV5wvxXmB6ILKC+HspvyeJ5iXEapT1EwpyPTPEk64Xxz0mkltBU
tvpqlyvhteOlV39/NRAmYK8XrHU//jk+GYTPkFg+D32A56ys31hk
-----END CERTIFICATE-----