Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YrZfpP3edTrhuTKsNDhignmcUmA.roa
File:                     YrZfpP3edTrhuTKsNDhignmcUmA.roa (raw, json)
Hash identifier:          w6rzwrL2d/gDn6LsKFegHTjRPSS7mzlHkRCsVZxp0Eg=
Subject key identifier:   62:B6:5F:A4:FD:DE:75:3A:E1:B9:32:AC:34:38:62:82:79:9C:52:60
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E419B9D894B370378C863AE569AB1BFDE
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YrZfpP3edTrhuTKsNDhignmcUmA.roa
Signing time:             Tue 19 May 2026 18:59:37 +0000
ROA not before:           Tue 19 May 2026 18:59:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216416
IP address blocks:        2.26.170.0/24 maxlen: 24
                          2.27.238.0/24 maxlen: 24
                          31.77.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:9b:9d:89:4b:37:03:78:c8:63:ae:56:9a:b1:bf:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 19 18:59:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62b65fa4fdde753ae1b932ac34386282799c5260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b4:80:9a:a1:1e:66:90:ea:85:a7:c2:48:34:
                    16:ee:97:93:25:54:30:67:bf:a9:23:33:57:7e:5a:
                    f3:74:1a:9a:89:e1:61:3f:8d:4f:ba:b1:f1:53:1b:
                    92:fa:d4:f4:9c:60:fd:0d:ee:35:2e:2a:0f:e8:d8:
                    e1:07:d7:12:cf:e5:7d:f1:dc:e2:a8:c4:2e:31:37:
                    47:51:c4:20:af:a8:52:77:dc:2f:eb:c6:f0:4b:81:
                    0a:f5:62:14:a7:a8:5d:16:0a:b8:92:5c:91:58:55:
                    b3:9a:14:03:af:75:fe:47:0e:9c:6b:75:2c:bb:c6:
                    a3:70:bc:a7:57:61:35:c6:85:dd:dd:d5:44:c1:7a:
                    09:8c:dc:9c:07:3e:cf:73:7b:3f:af:08:2a:57:82:
                    7e:88:f2:9c:c2:5c:26:71:fa:b9:1b:00:6d:58:88:
                    3c:3a:6c:03:7f:d1:5e:a2:dc:d1:53:c5:a3:cc:af:
                    5f:9f:a3:7b:f2:e7:20:3a:28:b3:f7:5f:a6:48:c0:
                    93:9e:52:d4:6c:f6:02:dc:1f:f9:27:e5:ef:4e:c9:
                    65:be:d3:0f:df:09:d1:51:25:63:5e:82:ef:05:f8:
                    53:e0:48:bf:b8:2d:d9:d8:9e:2c:79:62:d2:25:e0:
                    b4:6e:c8:3b:a5:2e:2c:56:0f:08:c2:f2:92:cd:71:
                    8a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B6:5F:A4:FD:DE:75:3A:E1:B9:32:AC:34:38:62:82:79:9C:52:60
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YrZfpP3edTrhuTKsNDhignmcUmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.170.0/24
                  2.27.238.0/24
                  31.77.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:df:4f:4e:3b:4e:10:3c:71:94:83:6b:e8:15:29:65:70:72:
         6f:e5:14:95:18:83:a7:9b:95:2b:a4:5e:e8:8d:fd:72:a8:66:
         0c:c5:ad:44:03:82:10:75:df:19:4f:f4:51:48:8e:1f:e6:b9:
         b5:0b:e9:20:04:4b:22:1a:68:f2:9b:a0:b7:fb:d1:f7:62:0c:
         56:ae:c2:ab:32:48:fa:95:e9:68:c6:65:43:b2:5e:79:d0:db:
         d6:e5:23:08:eb:1c:b8:dd:fc:9c:36:18:bc:60:d7:8d:8e:71:
         3c:3c:7d:50:2f:79:e5:34:2a:ce:2c:00:72:dc:a9:45:33:80:
         f2:bd:d1:df:61:ac:da:97:63:df:c6:0f:8f:2a:59:0d:87:6d:
         3f:55:84:e1:24:76:ab:b2:15:c7:6f:2c:83:39:ef:5d:cd:d2:
         9d:f9:f6:33:c0:97:9a:2b:45:e1:b1:74:99:38:31:0b:b6:23:
         71:d0:50:1c:f6:02:4c:ff:13:e2:ba:71:ce:a4:96:e1:e0:c0:
         2c:76:42:d2:06:8f:d7:43:5a:92:8c:2d:bf:f1:6c:b1:dc:f2:
         bc:42:12:2b:dd:03:2a:46:b0:91:cd:08:3d:93:13:c4:f2:f0:
         d1:89:7a:ca:7b:07:72:7c:08:85:c8:8c:d1:8b:63:4a:72:53:
         e8:fb:a4:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5Bm52JSzcDeMhjrlaasb/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE5MTg1OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmI2NWZhNGZkZGU3NTNhZTFiOTMyYWMzNDM4NjI4Mjc5OWM1MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7SAmqEeZpDqhafCSDQW7peTJVQw
Z7+pIzNXflrzdBqaieFhP41PurHxUxuS+tT0nGD9De41LioP6NjhB9cSz+V98dzi
qMQuMTdHUcQgr6hSd9wv68bwS4EK9WIUp6hdFgq4klyRWFWzmhQDr3X+Rw6ca3Us
u8ajcLynV2E1xoXd3dVEwXoJjNycBz7Pc3s/rwgqV4J+iPKcwlwmcfq5GwBtWIg8
OmwDf9FeotzRU8WjzK9fn6N78ucgOiiz91+mSMCTnlLUbPYC3B/5J+XvTsllvtMP
3wnRUSVjXoLvBfhT4Ei/uC3Z2J4seWLSJeC0bsg7pS4sVg8IwvKSzXGKXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGK2X6T93nU64bkyrDQ4YoJ5nFJgMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWXJaZnBQM2VkVHJodVRLc05EaGlnbm1jVW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAhqqAwQA
AhvuAwQAH03sMA0GCSqGSIb3DQEBCwUAA4IBAQB+309OO04QPHGUg2voFSllcHJv
5RSVGIOnm5UrpF7ojf1yqGYMxa1EA4IQdd8ZT/RRSI4f5rm1C+kgBEsiGmjym6C3
+9H3YgxWrsKrMkj6leloxmVDsl550NvW5SMI6xy43fycNhi8YNeNjnE8PH1QL3nl
NCrOLABy3KlFM4DyvdHfYazal2Pfxg+PKlkNh20/VYThJHarshXHbyyDOe9dzdKd
+fYzwJeaK0XhsXSZODELtiNx0FAc9gJM/xPiunHOpJbh4MAsdkLSBo/XQ1qSjC2/
8Wyx3PK8QhIr3QMqRrCRzQg9kxPE8vDRiXrKewdyfAiFyIzRi2NKclPo+6R1
-----END CERTIFICATE-----