Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Wzq1PCfq0yvP5ZRfgP_KHXvNnDw.roa
File:                     Wzq1PCfq0yvP5ZRfgP_KHXvNnDw.roa (raw, json)
Hash identifier:          LC7LQe8dJYu2cXhAXZyKfpveg1LUVgdUwISEHSQXi3E=
Subject key identifier:   5B:3A:B5:3C:27:EA:D3:2B:CF:E5:94:5F:80:FF:CA:1D:7B:CD:9C:3C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D54715394EEE97D1DAFD042230AE17B29
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Wzq1PCfq0yvP5ZRfgP_KHXvNnDw.roa
Signing time:             Fri 03 Apr 2026 17:43:26 +0000
ROA not before:           Fri 03 Apr 2026 17:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        2.27.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:71:53:94:ee:e9:7d:1d:af:d0:42:23:0a:e1:7b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  3 17:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b3ab53c27ead32bcfe5945f80ffca1d7bcd9c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:5c:67:18:a1:e4:07:e6:ab:94:4e:d8:40:
                    ac:f5:b4:d6:ae:d9:32:0d:72:03:af:ca:88:f4:fe:
                    98:ed:02:54:95:1b:7b:7f:54:cb:71:4b:bd:aa:71:
                    49:67:85:f6:c3:ca:09:21:e2:ac:d5:85:b1:9d:db:
                    5e:e9:dd:1d:08:cd:f7:25:05:03:b9:6d:8f:04:0f:
                    c6:d5:7d:57:26:ef:98:f2:06:0c:a4:95:b2:e8:80:
                    91:8d:35:9b:90:03:6e:54:36:41:67:9e:e0:b1:54:
                    9f:e2:70:c3:2d:42:7a:7e:9a:68:c8:bf:37:8e:90:
                    e2:2b:8a:8f:0b:8c:17:38:34:03:2c:fc:cf:a1:ef:
                    52:29:73:01:ef:f1:7b:3b:ca:01:7b:6a:32:40:2d:
                    46:6d:55:91:98:0e:92:dd:d8:2f:b7:9a:b1:0e:3e:
                    6e:2a:54:e5:9f:8d:67:ac:69:6a:ec:c5:67:ec:f4:
                    2b:e7:ca:cb:df:b4:5c:74:33:34:70:df:07:23:f6:
                    f5:d1:77:eb:f7:96:ba:44:82:5f:79:55:0a:1c:65:
                    83:8e:26:f4:18:aa:d3:39:cc:86:8d:0d:0d:37:52:
                    5b:66:55:e1:58:6b:46:44:6b:df:db:52:f9:d7:73:
                    75:c6:54:04:bb:ff:3c:19:d8:1d:a6:d0:a1:97:0a:
                    8c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:3A:B5:3C:27:EA:D3:2B:CF:E5:94:5F:80:FF:CA:1D:7B:CD:9C:3C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Wzq1PCfq0yvP5ZRfgP_KHXvNnDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:74:24:ad:79:42:1a:d2:91:0a:18:d2:6a:8c:63:23:ba:92:
         64:6a:de:a8:0a:a3:cc:12:2b:ac:61:6e:63:a1:5f:40:bb:05:
         e8:66:20:a2:d8:26:fb:b7:af:13:ab:2a:18:67:59:8a:ca:c6:
         1d:33:76:cd:c7:ae:bb:ba:f3:cc:86:d0:23:d5:16:c5:8f:aa:
         ac:8d:8f:f7:1a:58:a6:78:3b:69:ef:ab:53:e2:db:35:bb:cf:
         00:7e:13:06:f0:e0:f8:68:7b:29:35:0e:cd:80:55:69:0f:6a:
         76:d9:e7:14:1a:f7:58:14:38:2b:ac:0e:2d:7d:df:3e:a1:77:
         c0:cd:6f:40:2c:a8:70:d8:be:1f:c9:79:ee:1f:cb:09:36:d3:
         e9:b3:f9:e5:b5:6e:74:17:2e:47:f5:21:84:f0:a2:a3:14:64:
         3b:ab:06:60:65:aa:7b:63:0e:5d:34:b7:c3:d2:59:ff:9e:00:
         e6:38:4b:d7:ca:ab:1f:9f:a0:fd:82:75:fc:f5:4c:1b:e0:8b:
         a4:0f:48:d2:fe:02:7c:03:b5:bf:3a:67:54:2e:7c:2c:9d:b1:
         3e:a1:67:7b:50:5e:09:1e:e3:33:39:4f:2b:ad:9b:45:71:9a:
         20:60:a3:7e:94:9e:d0:dc:e9:15:67:9a:69:af:8d:33:49:db:
         cb:50:93:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1UcVOU7ul9Ha/QQiMK4XspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMTc0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNhYjUzYzI3ZWFkMzJiY2ZlNTk0NWY4MGZmY2ExZDdiY2Q5YzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQVcZxih5Afmq5RO2ECs9bTWrtky
DXIDr8qI9P6Y7QJUlRt7f1TLcUu9qnFJZ4X2w8oJIeKs1YWxndte6d0dCM33JQUD
uW2PBA/G1X1XJu+Y8gYMpJWy6ICRjTWbkANuVDZBZ57gsVSf4nDDLUJ6fppoyL83
jpDiK4qPC4wXODQDLPzPoe9SKXMB7/F7O8oBe2oyQC1GbVWRmA6S3dgvt5qxDj5u
KlTln41nrGlq7MVn7PQr58rL37RcdDM0cN8HI/b10Xfr95a6RIJfeVUKHGWDjib0
GKrTOcyGjQ0NN1JbZlXhWGtGRGvf21L513N1xlQEu/88GdgdptChlwqMDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFs6tTwn6tMrz+WUX4D/yh17zZw8MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvV3pxMVBDZnEweXZQNVpSZmdQX0tIWHZObkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhv5MA0G
CSqGSIb3DQEBCwUAA4IBAQCUdCSteUIa0pEKGNJqjGMjupJkat6oCqPMEiusYW5j
oV9AuwXoZiCi2Cb7t68TqyoYZ1mKysYdM3bNx667uvPMhtAj1RbFj6qsjY/3Glim
eDtp76tT4ts1u88AfhMG8OD4aHspNQ7NgFVpD2p22ecUGvdYFDgrrA4tfd8+oXfA
zW9ALKhw2L4fyXnuH8sJNtPps/nltW50Fy5H9SGE8KKjFGQ7qwZgZap7Yw5dNLfD
0ln/ngDmOEvXyqsfn6D9gnX89Uwb4IukD0jS/gJ8A7W/OmdULnwsnbE+oWd7UF4J
HuMzOU8rrZtFcZogYKN+lJ7Q3OkVZ5ppr40zSdvLUJMl
-----END CERTIFICATE-----