Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCal5oaTBbVadu0ICWb0SlVpZpU.roa
File:                     bCal5oaTBbVadu0ICWb0SlVpZpU.roa (raw, json)
Hash identifier:          j3j2A/zwiBadXvGJPdol4nwh/7F1zUiZyqSkomMQDJk=
Subject key identifier:   6C:26:A5:E6:86:93:05:B5:5A:76:ED:08:09:66:F4:4A:55:69:66:95
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D354836A758B871D32667E12CF735939C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCal5oaTBbVadu0ICWb0SlVpZpU.roa
Signing time:             Sat 28 Mar 2026 16:30:18 +0000
ROA not before:           Sat 28 Mar 2026 16:30:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12198
IP address blocks:        2.27.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:35:48:36:a7:58:b8:71:d3:26:67:e1:2c:f7:35:93:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 28 16:30:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c26a5e6869305b55a76ed080966f44a55696695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:43:5d:67:67:12:9d:8c:e3:65:bc:a5:dd:
                    de:8f:30:84:37:7c:fd:ea:57:1f:99:56:0c:e8:63:
                    be:28:17:74:22:04:03:6d:c8:69:d7:e9:18:4c:18:
                    16:14:d0:67:6d:c4:44:1e:f8:da:3b:f2:8b:32:ce:
                    d6:32:73:9a:fa:2b:63:b5:70:e6:8a:ac:6a:6b:27:
                    1b:f0:d0:48:99:9f:02:9f:bf:3b:51:e2:eb:40:ac:
                    af:81:04:a2:fe:96:a5:84:14:81:e4:cb:f9:71:f4:
                    31:dd:9b:6b:6b:3c:e3:1b:0e:c7:6d:a2:ff:ec:01:
                    a1:d2:5f:d9:75:77:1c:ee:09:c6:74:14:d6:6b:98:
                    56:fd:f3:5e:9d:04:a4:29:82:35:84:0c:8d:2c:12:
                    cc:05:72:eb:d5:60:67:dd:fb:2f:a6:8c:21:26:ec:
                    23:e1:ed:b6:fb:c4:69:d9:49:61:9c:48:ee:b0:49:
                    3f:bb:17:f1:5b:ba:a9:44:f0:fd:8c:b5:e4:07:31:
                    e0:3e:0c:7c:57:12:5d:90:ba:92:5b:29:26:ab:56:
                    9d:94:ba:ed:7e:ad:86:51:6e:ba:ae:1a:ed:1c:4f:
                    d9:f5:03:9b:fc:14:82:a3:8a:d1:ef:5c:05:ba:56:
                    d0:cf:e1:d3:64:f8:9c:6a:79:a1:5a:b6:4b:fa:c5:
                    1c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:26:A5:E6:86:93:05:B5:5A:76:ED:08:09:66:F4:4A:55:69:66:95
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCal5oaTBbVadu0ICWb0SlVpZpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5e:c7:c8:62:bf:ef:f2:dd:54:d1:b5:0f:2c:96:11:89:38:
         39:db:7d:b5:ad:97:44:eb:82:64:b5:74:33:02:f1:c3:14:cf:
         d5:63:69:ea:a4:89:4f:62:41:5a:20:5b:9b:c7:8a:99:fa:ba:
         19:8f:d6:17:61:d0:c7:91:c4:5a:56:e3:50:00:a9:e0:53:bd:
         dd:ea:fb:eb:ea:1b:6f:74:0a:46:3c:1d:71:6f:24:67:c8:ad:
         3f:33:3e:aa:bd:01:e0:87:da:dd:7e:07:eb:13:d6:9a:da:db:
         6a:53:be:31:23:c9:27:f9:c6:40:a7:2d:73:0c:89:03:42:e2:
         4c:bb:7c:e8:29:dd:3f:30:4e:82:ae:c6:d9:08:1e:02:25:be:
         6d:57:7b:99:a3:47:fa:60:cb:b9:c5:0e:0a:f2:fd:62:30:48:
         63:df:bb:27:a5:66:54:67:fb:e7:56:d8:48:8e:fe:83:6a:11:
         9d:a9:fb:fb:37:4f:66:ec:b4:8c:d6:2b:a7:03:f9:83:1b:c1:
         da:a0:cc:70:e8:eb:3c:ad:c6:04:f3:12:1f:2d:c5:e4:5f:13:
         ad:46:b8:3d:2a:93:57:5c:5c:f3:b5:84:aa:78:5c:c4:d0:05:
         21:30:51:db:78:73:fc:72:37:2d:34:0e:95:e9:da:f8:62:68:
         a3:89:4d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ01SDanWLhx0yZn4Sz3NZOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI4MTYzMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzI2YTVlNjg2OTMwNWI1NWE3NmVkMDgwOTY2ZjQ0YTU1Njk2Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHtDXWdnEp2M42W8pd3ejzCEN3z9
6lcfmVYM6GO+KBd0IgQDbchp1+kYTBgWFNBnbcREHvjaO/KLMs7WMnOa+itjtXDm
iqxqaycb8NBImZ8Cn787UeLrQKyvgQSi/palhBSB5Mv5cfQx3ZtrazzjGw7HbaL/
7AGh0l/ZdXcc7gnGdBTWa5hW/fNenQSkKYI1hAyNLBLMBXLr1WBn3fsvpowhJuwj
4e22+8Rp2UlhnEjusEk/uxfxW7qpRPD9jLXkBzHgPgx8VxJdkLqSWykmq1adlLrt
fq2GUW66rhrtHE/Z9QOb/BSCo4rR71wFulbQz+HTZPicanmhWrZL+sUcsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwmpeaGkwW1WnbtCAlm9EpVaWaVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYkNhbDVvYVRCYlZhZHUwSUNXYjBTbFZwWnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhuVMA0G
CSqGSIb3DQEBCwUAA4IBAQAoXsfIYr/v8t1U0bUPLJYRiTg52321rZdE64JktXQz
AvHDFM/VY2nqpIlPYkFaIFubx4qZ+roZj9YXYdDHkcRaVuNQAKngU73d6vvr6htv
dApGPB1xbyRnyK0/Mz6qvQHgh9rdfgfrE9aa2ttqU74xI8kn+cZApy1zDIkDQuJM
u3zoKd0/ME6CrsbZCB4CJb5tV3uZo0f6YMu5xQ4K8v1iMEhj37snpWZUZ/vnVthI
jv6DahGdqfv7N09m7LSM1iunA/mDG8HaoMxw6Os8rcYE8xIfLcXkXxOtRrg9KpNX
XFzztYSqeFzE0AUhMFHbeHP8cjctNA6V6dr4YmijiU19
-----END CERTIFICATE-----