Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XzT8_gPx7H-BLzIFcvRsGDx1zgI.roa
File:                     XzT8_gPx7H-BLzIFcvRsGDx1zgI.roa (raw, json)
Hash identifier:          d5n4BhiQ6P3OKW04GclcorkH4UzKEa5gMetfVQoqE5s=
Subject key identifier:   5F:34:FC:FE:03:F1:EC:7F:81:2F:32:05:72:F4:6C:18:3C:75:CE:02
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D5482B876A1AF560E21AF16C21EF4AC3C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XzT8_gPx7H-BLzIFcvRsGDx1zgI.roa
Signing time:             Fri 03 Apr 2026 18:02:26 +0000
ROA not before:           Fri 03 Apr 2026 18:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401615
IP address blocks:        2.27.173.0/24 maxlen: 24
                          2.27.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:82:b8:76:a1:af:56:0e:21:af:16:c2:1e:f4:ac:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  3 18:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f34fcfe03f1ec7f812f320572f46c183c75ce02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:21:ee:b6:f7:66:25:79:0d:56:9e:ee:06:1b:
                    47:c0:d6:ad:e5:45:a1:48:7b:45:9c:33:ae:9b:5e:
                    ac:e8:09:3f:c1:93:9e:ad:81:08:b9:15:08:93:ab:
                    64:c0:ea:bc:2b:55:4b:22:8e:43:ed:1b:3a:b9:96:
                    ff:9c:cf:08:86:a0:b3:fb:1c:91:eb:ec:b6:89:4e:
                    78:3f:99:06:8e:05:6e:fc:34:62:6d:36:65:06:4d:
                    04:b6:6d:81:b6:1e:88:3c:76:ec:e8:32:1e:cc:b0:
                    68:8c:4e:f0:a8:0d:2a:26:e4:91:4b:3f:38:46:b1:
                    54:76:c6:d0:10:2f:bd:5f:b0:7b:7f:0e:cc:a3:dc:
                    fe:3f:1e:fe:04:fb:9a:2f:8b:f4:62:2d:c5:5d:65:
                    c9:e3:18:63:ae:fe:14:95:54:8e:e8:2f:d9:3a:7a:
                    0e:b8:6e:2c:e0:9d:20:51:1a:56:a3:dd:39:5e:82:
                    d5:c9:12:bb:be:8a:49:d9:41:82:ec:26:a3:39:4e:
                    a4:d7:ef:04:af:48:2e:91:1f:5f:2e:b7:c4:e6:65:
                    47:cf:34:80:e4:d0:21:64:9a:37:3f:3f:ab:c9:18:
                    2d:a2:70:58:2d:a7:e2:d7:ac:18:ce:39:fb:89:3e:
                    cc:58:ce:c8:1c:50:22:dd:d6:2a:0b:9b:7a:c9:ae:
                    d2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:34:FC:FE:03:F1:EC:7F:81:2F:32:05:72:F4:6C:18:3C:75:CE:02
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XzT8_gPx7H-BLzIFcvRsGDx1zgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.173.0-2.27.174.255

    Signature Algorithm: sha256WithRSAEncryption
         44:05:18:c0:98:b5:1e:d3:44:57:25:eb:e2:81:40:20:4b:77:
         f3:a2:80:c7:73:1a:e2:67:d1:ae:5d:86:77:0e:7b:66:15:f1:
         a5:8d:8f:a7:8a:8f:ea:99:ca:d1:31:a7:99:e1:58:f3:a5:28:
         96:fe:48:7a:7d:e4:f1:8d:c8:30:22:88:68:98:a7:d3:26:c3:
         f0:94:39:ed:43:bc:c0:90:67:29:c5:0a:e4:4c:7f:fe:57:de:
         20:37:b1:65:80:6b:4b:de:4e:2f:d2:53:f0:90:6b:e0:89:1a:
         e8:ea:b0:34:60:2b:8f:a4:61:2d:e7:2e:26:a4:67:4f:b8:b5:
         0a:88:c0:3f:86:3b:0d:c7:f4:a6:1c:3c:e5:46:fc:55:ee:c3:
         b3:e6:8c:31:b5:91:3a:e6:d1:10:a1:7a:d4:16:9c:d4:e4:a3:
         db:9b:c0:ff:92:7a:c5:41:f0:64:78:bb:35:09:a6:b7:0f:7d:
         73:2d:64:52:92:0c:95:cf:e0:59:a6:e0:1c:46:25:a4:65:f5:
         9d:e1:30:7a:d8:4b:78:30:e3:fa:96:60:eb:52:5d:b6:8a:5d:
         83:c1:7c:74:1a:49:a0:a7:1f:54:9b:51:3e:18:5a:0a:12:0e:
         a7:1a:c2:11:f8:b4:a6:c3:22:70:07:98:29:0c:b3:fb:e6:0f:
         fa:98:88:17
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ1Ugrh2oa9WDiGvFsIe9Kw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMTgwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjM0ZmNmZTAzZjFlYzdmODEyZjMyMDU3MmY0NmMxODNjNzVjZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCHutvdmJXkNVp7uBhtHwNat5UWh
SHtFnDOum16s6Ak/wZOerYEIuRUIk6tkwOq8K1VLIo5D7Rs6uZb/nM8IhqCz+xyR
6+y2iU54P5kGjgVu/DRibTZlBk0Etm2Bth6IPHbs6DIezLBojE7wqA0qJuSRSz84
RrFUdsbQEC+9X7B7fw7Mo9z+Px7+BPuaL4v0Yi3FXWXJ4xhjrv4UlVSO6C/ZOnoO
uG4s4J0gURpWo905XoLVyRK7vopJ2UGC7CajOU6k1+8Er0gukR9fLrfE5mVHzzSA
5NAhZJo3Pz+ryRgtonBYLafi16wYzjn7iT7MWM7IHFAi3dYqC5t6ya7SyQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF80/P4D8ex/gS8yBXL0bBg8dc4CMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWHpUOF9nUHg3SC1CTHpJRmN2UnNHRHgxemdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAACG60D
BAACG64wDQYJKoZIhvcNAQELBQADggEBAEQFGMCYtR7TRFcl6+KBQCBLd/OigMdz
GuJn0a5dhncOe2YV8aWNj6eKj+qZytExp5nhWPOlKJb+SHp95PGNyDAiiGiYp9Mm
w/CUOe1DvMCQZynFCuRMf/5X3iA3sWWAa0veTi/SU/CQa+CJGujqsDRgK4+kYS3n
LiakZ0+4tQqIwD+GOw3H9KYcPOVG/FXuw7PmjDG1kTrm0RChetQWnNTko9ubwP+S
esVB8GR4uzUJprcPfXMtZFKSDJXP4Fmm4BxGJaRl9Z3hMHrYS3gw4/qWYOtSXbaK
XYPBfHQaSaCnH1SbUT4YWgoSDqcawhH4tKbDInAHmCkMs/vmD/qYiBc=
-----END CERTIFICATE-----