Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d0LMT35_vUAIJT8vVEXUIiSFkiQ.roa
File:                     d0LMT35_vUAIJT8vVEXUIiSFkiQ.roa (raw, json)
Hash identifier:          tb1Mep4rKIfx68wC5ko0OyhYslGbWHGAp1G/GZwoR6c=
Subject key identifier:   77:42:CC:4F:7E:7F:BD:40:08:25:3F:2F:54:45:D4:22:24:85:92:24
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D8DEF4241ECFC4CE5FD92EE8C078D7DF1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d0LMT35_vUAIJT8vVEXUIiSFkiQ.roa
Signing time:             Tue 14 Apr 2026 21:39:20 +0000
ROA not before:           Tue 14 Apr 2026 21:39:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32167
IP address blocks:        2.27.156.0/24 maxlen: 24
                          2.27.173.0/24 maxlen: 24
                          2.27.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:ef:42:41:ec:fc:4c:e5:fd:92:ee:8c:07:8d:7d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 14 21:39:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7742cc4f7e7fbd4008253f2f5445d42224859224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:30:11:b9:ef:2a:90:5f:bc:f4:68:73:39:db:
                    5a:e2:2b:5a:a2:96:bf:a9:57:f9:19:38:7a:82:9c:
                    aa:2f:c2:cb:b5:4e:82:55:0b:a2:7d:d4:c1:01:16:
                    1b:fc:3f:0f:83:50:53:41:bf:2a:2b:d2:af:c1:9b:
                    0a:df:80:aa:da:ee:d8:45:09:47:a0:7f:40:95:0c:
                    f5:04:3e:4c:1f:6a:83:a2:0b:67:7e:05:e3:8f:af:
                    a4:fc:59:ba:ec:84:aa:5e:b1:a5:1e:21:b5:96:48:
                    8f:36:ca:0e:26:b9:bd:2b:6b:81:cd:24:e8:2d:01:
                    6e:2b:34:c3:cb:7e:5b:ef:2a:09:7d:b3:e4:29:a9:
                    93:fa:41:91:b0:db:d9:86:11:f0:e6:54:ca:53:ed:
                    1d:08:f8:f0:9a:87:8e:b3:2e:8d:da:da:4e:c7:f0:
                    f5:13:36:54:80:4f:2b:73:89:eb:b1:0a:55:6a:62:
                    45:22:1b:d3:28:67:82:66:16:1f:94:00:45:91:6f:
                    79:2e:36:9a:84:40:2b:86:f9:60:9f:55:16:5b:0b:
                    5b:e0:66:05:9c:97:74:f2:39:b1:ef:df:9f:75:93:
                    e1:b7:d8:91:3c:72:fd:94:c0:80:0e:cd:55:0c:77:
                    3b:d0:bf:53:5e:26:ad:ae:81:05:ef:98:4b:ee:67:
                    01:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:42:CC:4F:7E:7F:BD:40:08:25:3F:2F:54:45:D4:22:24:85:92:24
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/d0LMT35_vUAIJT8vVEXUIiSFkiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.156.0/24
                  2.27.173.0-2.27.174.255

    Signature Algorithm: sha256WithRSAEncryption
         a2:17:2a:97:4a:88:13:e1:dc:ef:f9:02:48:51:a2:96:96:f0:
         bb:69:ca:be:32:b9:09:d7:dd:61:f8:d7:f9:05:a3:49:7b:fb:
         1a:51:ed:c7:fb:4a:56:27:44:25:a3:67:6b:12:3d:e2:3d:b6:
         03:6e:75:c3:19:e7:d2:6e:91:b9:ff:f0:fb:05:6d:12:cd:84:
         c7:d1:1d:c4:52:27:e1:37:a0:d4:31:fe:3b:ff:71:64:07:82:
         02:09:ae:a5:e5:72:dc:15:b0:75:45:92:ca:5f:0a:74:46:39:
         02:53:d3:b8:b2:22:72:5e:70:c5:19:a1:da:60:1d:78:70:ff:
         f7:b4:c6:8f:fc:90:a2:e6:59:fa:c9:f2:0d:40:8f:1b:cb:9e:
         df:72:52:f9:11:a4:46:51:79:ba:3b:fb:bc:4a:26:6f:ee:b3:
         59:36:54:86:35:34:8b:d6:45:a5:d1:c3:9d:cd:ae:2d:4a:be:
         8f:4c:c8:8a:9d:99:f3:b0:02:3d:fa:88:b3:27:7a:ae:97:93:
         c3:68:d9:16:77:36:03:cf:de:b2:f4:30:02:d8:0e:09:7c:71:
         d1:95:7a:ac:f3:92:a6:58:5d:ee:84:f2:69:5e:6b:be:a2:a3:
         6a:ce:df:37:40:bb:bb:0f:08:8f:7a:cd:5a:08:df:6e:58:8c:
         97:a2:4d:a4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2N70JB7PxM5f2S7owHjX3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MjEzOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQyY2M0ZjdlN2ZiZDQwMDgyNTNmMmY1NDQ1ZDQyMjI0ODU5MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDARue8qkF+89GhzOdta4itaopa/
qVf5GTh6gpyqL8LLtU6CVQuifdTBARYb/D8Pg1BTQb8qK9KvwZsK34Cq2u7YRQlH
oH9AlQz1BD5MH2qDogtnfgXjj6+k/Fm67ISqXrGlHiG1lkiPNsoOJrm9K2uBzSTo
LQFuKzTDy35b7yoJfbPkKamT+kGRsNvZhhHw5lTKU+0dCPjwmoeOsy6N2tpOx/D1
EzZUgE8rc4nrsQpVamJFIhvTKGeCZhYflABFkW95LjaahEArhvlgn1UWWwtb4GYF
nJd08jmx79+fdZPht9iRPHL9lMCADs1VDHc70L9TXiatroEF75hL7mcBfwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHdCzE9+f71ACCU/L1RF1CIkhZIkMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZDBMTVQzNV92VUFJSlQ4dlZFWFVJaVNGa2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAAhucMAwD
BAACG60DBAACG64wDQYJKoZIhvcNAQELBQADggEBAKIXKpdKiBPh3O/5AkhRopaW
8Ltpyr4yuQnX3WH41/kFo0l7+xpR7cf7SlYnRCWjZ2sSPeI9tgNudcMZ59Jukbn/
8PsFbRLNhMfRHcRSJ+E3oNQx/jv/cWQHggIJrqXlctwVsHVFkspfCnRGOQJT07iy
InJecMUZodpgHXhw//e0xo/8kKLmWfrJ8g1AjxvLnt9yUvkRpEZRebo7+7xKJm/u
s1k2VIY1NIvWRaXRw53Nri1Kvo9MyIqdmfOwAj36iLMneq6Xk8No2RZ3NgPP3rL0
MALYDgl8cdGVeqzzkqZYXe6E8mlea76io2rO3zdAu7sPCI96zVoI325YjJeiTaQ=
-----END CERTIFICATE-----