Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fAUr9rjQSF6pZYcysBAeThCcpoo.roa
File:                     fAUr9rjQSF6pZYcysBAeThCcpoo.roa (raw, json)
Hash identifier:          2vVXTgHXGDcmwlt+xOlKDalIsRxgyL3fWnynIErxgTA=
Subject key identifier:   7C:05:2B:F6:B8:D0:48:5E:A9:65:87:32:B0:10:1E:4E:10:9C:A6:8A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E56AFBC73A23227FA15658A9AA382D4B0
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fAUr9rjQSF6pZYcysBAeThCcpoo.roa
Signing time:             Sat 23 May 2026 21:13:38 +0000
ROA not before:           Sat 23 May 2026 21:13:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216129
IP address blocks:        2.27.253.0/24 maxlen: 24
                          31.77.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:56:af:bc:73:a2:32:27:fa:15:65:8a:9a:a3:82:d4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 23 21:13:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c052bf6b8d0485ea9658732b0101e4e109ca68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e8:1f:f1:c2:f2:cd:f8:5c:50:8e:16:77:b3:
                    47:15:2d:e3:c8:b0:1c:dd:e5:00:e7:97:2c:17:da:
                    1a:b2:b1:b9:96:eb:99:94:b8:02:db:1f:de:2b:b8:
                    9c:10:b1:79:dc:6c:6f:9b:10:74:35:aa:5e:48:eb:
                    b0:b7:bb:e8:56:cc:88:24:11:b6:85:dd:13:16:07:
                    ee:95:fe:c6:6d:7c:09:ab:c7:55:d8:39:ea:82:d7:
                    c5:1a:ce:27:ef:6a:cc:ad:14:6b:d5:f4:76:e5:21:
                    f6:af:b9:5b:2c:73:10:35:38:f4:39:9a:e9:e3:6b:
                    99:f9:89:61:e1:d1:88:a2:f8:cb:76:9a:1a:55:a6:
                    06:2e:53:d0:f5:05:0f:a3:ad:7e:ca:0f:4a:19:98:
                    d1:ad:63:34:55:64:4d:91:b4:94:1c:ad:0e:95:5b:
                    4d:77:bf:85:c7:0f:16:16:eb:85:c2:54:49:aa:2c:
                    78:2f:f3:49:68:08:7b:7b:d6:90:7d:9a:3f:ef:09:
                    67:f1:4a:58:dd:13:c9:67:e8:e4:6b:ba:c0:49:24:
                    17:95:96:7c:75:3d:b3:77:b7:62:f6:fd:7b:22:eb:
                    66:8e:5d:a0:3e:4e:8e:a0:cd:8f:8a:6c:95:20:32:
                    14:b8:5d:ee:32:a1:9d:31:8f:77:47:de:15:bf:8a:
                    2f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:05:2B:F6:B8:D0:48:5E:A9:65:87:32:B0:10:1E:4E:10:9C:A6:8A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fAUr9rjQSF6pZYcysBAeThCcpoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.253.0/24
                  31.77.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fc:4f:2a:40:ba:b8:fc:f9:ef:82:31:a2:1e:39:13:e2:94:
         b3:e0:4a:0e:35:46:1c:5c:2e:a9:be:54:b2:d3:c0:06:00:6b:
         3b:73:fe:54:fb:cc:d6:9f:7a:cb:28:86:72:fc:8f:c7:08:7c:
         e9:56:74:3d:86:84:55:00:fe:cb:19:10:db:5b:ba:31:24:e5:
         4a:76:33:70:52:38:89:e6:c7:67:0e:38:7f:5f:65:08:a6:0e:
         7b:1b:61:98:08:2e:f1:c6:62:9e:e0:17:6e:de:f2:47:02:42:
         62:ed:c0:98:6d:73:b2:19:49:aa:cb:40:d1:2c:47:99:ba:82:
         c7:c4:ef:91:dc:81:0f:25:3c:85:9c:5b:8a:0b:11:54:a9:27:
         60:a9:59:06:e4:0e:7f:59:e6:d7:e6:7c:a3:38:ed:1d:ef:22:
         a9:74:3b:fc:a3:79:d9:9f:49:59:68:64:17:2e:55:74:75:19:
         bc:9e:d9:f1:c2:dc:99:4e:73:dd:76:74:71:0a:7b:a9:b4:41:
         00:0b:bf:70:d8:32:fe:1b:af:07:36:95:43:a6:02:5f:dc:d8:
         4e:e8:ee:f0:6b:fd:f1:52:31:30:1e:4e:dc:6c:08:cf:60:31:
         48:46:68:f8:8b:c7:d4:28:c9:b3:29:36:f7:0e:65:04:64:04:
         fe:d9:1d:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5Wr7xzojIn+hVlipqjgtSwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIzMjExMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzA1MmJmNmI4ZDA0ODVlYTk2NTg3MzJiMDEwMWU0ZTEwOWNhNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ogf8cLyzfhcUI4Wd7NHFS3jyLAc
3eUA55csF9oasrG5luuZlLgC2x/eK7icELF53GxvmxB0NapeSOuwt7voVsyIJBG2
hd0TFgfulf7GbXwJq8dV2DnqgtfFGs4n72rMrRRr1fR25SH2r7lbLHMQNTj0OZrp
42uZ+Ylh4dGIovjLdpoaVaYGLlPQ9QUPo61+yg9KGZjRrWM0VWRNkbSUHK0OlVtN
d7+Fxw8WFuuFwlRJqix4L/NJaAh7e9aQfZo/7wln8UpY3RPJZ+jka7rASSQXlZZ8
dT2zd7di9v17Iutmjl2gPk6OoM2PimyVIDIUuF3uMqGdMY93R94Vv4ovxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHwFK/a40EheqWWHMrAQHk4QnKaKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZkFVcjlyalFTRjZwWlljeXNCQWVUaENjcG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhv9AwQA
H03xMA0GCSqGSIb3DQEBCwUAA4IBAQA+/E8qQLq4/PnvgjGiHjkT4pSz4EoONUYc
XC6pvlSy08AGAGs7c/5U+8zWn3rLKIZy/I/HCHzpVnQ9hoRVAP7LGRDbW7oxJOVK
djNwUjiJ5sdnDjh/X2UIpg57G2GYCC7xxmKe4Bdu3vJHAkJi7cCYbXOyGUmqy0DR
LEeZuoLHxO+R3IEPJTyFnFuKCxFUqSdgqVkG5A5/WebX5nyjOO0d7yKpdDv8o3nZ
n0lZaGQXLlV0dRm8ntnxwtyZTnPddnRxCnuptEEAC79w2DL+G68HNpVDpgJf3NhO
6O7wa/3xUjEwHk7cbAjPYDFIRmj4i8fUKMmzKTb3DmUEZAT+2R3K
-----END CERTIFICATE-----