Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDHr1Z08Bt32O3YDbjRAGJlEwvA.roa
File:                     cDHr1Z08Bt32O3YDbjRAGJlEwvA.roa (raw, json)
Hash identifier:          Db3/zIJLLWH/m33DmXqD2zNVg2DRs9zeYjgoxjiiDBc=
Subject key identifier:   70:31:EB:D5:9D:3C:06:DD:F6:3B:76:03:6E:34:40:18:99:44:C2:F0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D986619466AE768B5799EA8F733A22030
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDHr1Z08Bt32O3YDbjRAGJlEwvA.roa
Signing time:             Thu 16 Apr 2026 22:25:21 +0000
ROA not before:           Thu 16 Apr 2026 22:25:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216039
IP address blocks:        2.27.7.0/24 maxlen: 24
                          144.31.220.0/24 maxlen: 24
                          144.31.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:98:66:19:46:6a:e7:68:b5:79:9e:a8:f7:33:a2:20:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 22:25:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7031ebd59d3c06ddf63b76036e3440189944c2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8b:ad:02:de:7d:60:ff:ec:3d:c9:1a:af:77:
                    55:de:41:aa:db:7f:ed:95:54:ca:25:08:e9:3a:97:
                    17:d0:94:db:72:8d:c0:43:d9:78:55:9b:a0:e6:1b:
                    d8:14:99:04:a1:f2:ed:c5:c3:8f:6b:a5:0c:6c:22:
                    8e:7f:dc:2d:82:f8:8a:1d:d7:66:34:ac:97:af:22:
                    23:f7:bf:f3:89:f3:f8:58:70:67:e2:7a:69:2c:e9:
                    c9:35:f8:47:ec:08:76:f1:91:61:af:93:9f:ce:94:
                    b8:cf:d2:d5:63:d4:48:46:c2:33:89:fc:6b:ed:0f:
                    70:10:68:5d:d8:7d:24:b7:a6:9c:f7:f8:73:82:95:
                    14:f4:27:a0:70:40:13:41:3a:6b:08:be:4c:74:02:
                    3a:fb:8c:c0:a8:3c:dd:65:72:e8:07:50:20:12:c9:
                    4e:6f:c0:44:82:b8:7c:72:00:f6:ff:04:35:92:19:
                    7f:91:2d:c1:6a:79:6f:e2:d1:85:31:b2:87:85:f4:
                    2d:c4:d8:2c:3a:df:92:ce:ef:9e:45:10:83:d9:b1:
                    10:53:2a:c7:d8:17:41:92:d9:99:77:44:d0:1b:56:
                    23:c9:30:f6:f4:05:a0:90:09:48:f8:74:f7:96:48:
                    12:d2:bf:f9:47:91:6c:36:d6:23:b4:dc:41:47:15:
                    23:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:31:EB:D5:9D:3C:06:DD:F6:3B:76:03:6E:34:40:18:99:44:C2:F0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/cDHr1Z08Bt32O3YDbjRAGJlEwvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.7.0/24
                  144.31.220.0/24
                  144.31.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bc:07:b5:a1:5e:42:f0:78:04:bb:fb:b3:45:28:49:81:fe:
         13:7a:a8:65:20:81:d6:a7:a3:08:00:09:a6:cd:cb:1b:70:28:
         6c:01:21:0d:dd:f2:5c:c0:29:7a:02:2e:73:a3:7f:ba:60:11:
         af:23:6f:21:7e:86:90:05:13:a4:96:49:d7:98:1c:ec:f8:77:
         13:f7:30:1e:6f:86:6d:63:62:40:a9:74:7c:d0:a7:5a:58:3d:
         35:94:ef:06:b4:c1:b6:99:fd:0e:75:5b:1c:e6:f8:16:ad:4d:
         3f:42:39:cc:f0:82:a8:46:3d:ad:7d:e8:c4:0d:73:53:46:1b:
         26:e9:06:5c:87:d9:7f:9b:c4:c9:1f:9f:59:d9:67:dc:5c:e3:
         93:9f:18:40:ba:7e:08:f7:d7:93:37:cd:33:60:7c:d6:16:36:
         b4:c2:b5:a0:05:7a:35:0f:c4:aa:42:23:e8:c5:78:ac:a4:40:
         17:6b:db:48:68:04:67:d1:ae:55:02:3a:8d:5e:0d:4c:21:a4:
         17:14:03:32:30:9e:22:32:f1:a5:55:00:a9:79:76:ba:62:58:
         e6:d3:96:6f:70:b0:40:c0:9f:c8:b7:78:7e:f8:11:a7:a7:2b:
         0b:97:54:96:18:5f:53:e5:be:81:42:67:b2:45:0b:76:14:0e:
         63:9e:1b:6a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2YZhlGaudotXmeqPczoiAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MjIyNTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDMxZWJkNTlkM2MwNmRkZjYzYjc2MDM2ZTM0NDAxODk5NDRjMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIutAt59YP/sPckar3dV3kGq23/t
lVTKJQjpOpcX0JTbco3AQ9l4VZug5hvYFJkEofLtxcOPa6UMbCKOf9wtgviKHddm
NKyXryIj97/zifP4WHBn4nppLOnJNfhH7Ah28ZFhr5OfzpS4z9LVY9RIRsIzifxr
7Q9wEGhd2H0kt6ac9/hzgpUU9CegcEATQTprCL5MdAI6+4zAqDzdZXLoB1AgEslO
b8BEgrh8cgD2/wQ1khl/kS3Banlv4tGFMbKHhfQtxNgsOt+Szu+eRRCD2bEQUyrH
2BdBktmZd0TQG1YjyTD29AWgkAlI+HT3lkgS0r/5R5FsNtYjtNxBRxUjcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHAx69WdPAbd9jt2A240QBiZRMLwMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvY0RIcjFaMDhCdDMyTzNZRGJqUkFHSmxFd3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAhsHAwQA
kB/cAwQAkB/hMA0GCSqGSIb3DQEBCwUAA4IBAQBCvAe1oV5C8HgEu/uzRShJgf4T
eqhlIIHWp6MIAAmmzcsbcChsASEN3fJcwCl6Ai5zo3+6YBGvI28hfoaQBROklknX
mBzs+HcT9zAeb4ZtY2JAqXR80KdaWD01lO8GtMG2mf0OdVsc5vgWrU0/QjnM8IKo
Rj2tfejEDXNTRhsm6QZch9l/m8TJH59Z2WfcXOOTnxhAun4I99eTN80zYHzWFja0
wrWgBXo1D8SqQiPoxXispEAXa9tIaARn0a5VAjqNXg1MIaQXFAMyMJ4iMvGlVQCp
eXa6Yljm05ZvcLBAwJ/It3h++BGnpysLl1SWGF9T5b6BQmeyRQt2FA5jnhtq
-----END CERTIFICATE-----