Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fMNvlzq-279FHSZQJO7FGEFYUmc.roa
File:                     fMNvlzq-279FHSZQJO7FGEFYUmc.roa (raw, json)
Hash identifier:          g+zHROzib7OkW4CWkvD1dsuR0VuDnreLQVLoLNoy2cU=
Subject key identifier:   7C:C3:6F:97:3A:BE:DB:BF:45:1D:26:50:24:EE:C5:18:41:58:52:67
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E3C561F7529FB0A75138DBDD2EFAB83D2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fMNvlzq-279FHSZQJO7FGEFYUmc.roa
Signing time:             Mon 18 May 2026 18:25:37 +0000
ROA not before:           Mon 18 May 2026 18:25:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204248
IP address blocks:        2.26.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:56:1f:75:29:fb:0a:75:13:8d:bd:d2:ef:ab:83:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 18 18:25:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cc36f973abedbbf451d265024eec51841585267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:87:11:06:ee:ab:e2:0c:3c:aa:2c:da:11:8b:
                    09:4c:35:c5:f6:1a:ea:6a:b5:29:c1:51:3f:cd:36:
                    f5:49:a6:03:05:d5:59:cb:12:b7:dc:ae:04:05:20:
                    92:e5:39:e5:15:78:9c:5e:bb:f8:81:34:06:d5:73:
                    91:14:56:da:81:83:e1:c9:3f:a5:54:a2:ef:bf:f2:
                    4a:97:2a:58:ce:94:11:6b:0a:d2:52:fc:e4:16:59:
                    3c:63:7e:91:27:9c:ab:ee:76:b6:3d:b7:2d:cd:fa:
                    80:19:d0:29:58:5e:e4:65:61:ff:64:f8:e7:9c:b5:
                    8f:e8:a7:55:29:90:bf:47:f4:03:b9:42:82:89:97:
                    7c:1f:61:3d:c9:5d:b3:e1:06:2d:37:b1:24:d7:a3:
                    9d:48:5e:32:f4:dc:d3:89:19:6a:b4:58:f2:b6:ec:
                    35:4b:cd:3e:1e:59:af:b2:84:f6:b4:fa:fb:32:26:
                    36:95:44:2d:57:9f:35:57:be:85:03:b9:be:5f:91:
                    69:8f:fb:7e:1a:69:01:e2:f0:f2:16:e2:26:92:3b:
                    72:81:b7:86:7e:f3:82:a2:60:0d:7b:c0:98:21:a0:
                    d1:f1:1c:69:7d:d1:86:cb:f1:d2:3a:56:e3:26:2c:
                    cc:32:7e:86:14:d6:ea:28:58:2c:05:08:c7:3f:fd:
                    d4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:C3:6F:97:3A:BE:DB:BF:45:1D:26:50:24:EE:C5:18:41:58:52:67
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fMNvlzq-279FHSZQJO7FGEFYUmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a7:04:f1:48:e0:ff:ae:b1:5a:05:3e:47:9b:82:4f:58:e5:
         7e:ee:a3:29:88:44:51:60:0d:9d:a7:18:22:f0:4a:e9:86:d6:
         ac:73:4d:7d:cf:50:89:8d:7f:57:44:45:6a:e5:2e:0b:45:eb:
         27:db:a5:5f:63:33:80:d8:26:fc:e8:aa:5c:84:4c:ea:65:05:
         04:57:e7:36:bc:91:ab:68:c5:68:ad:9e:c4:aa:b9:7e:7c:8a:
         dd:0d:48:7c:a1:ca:ed:b2:b2:4d:fd:7d:8b:26:40:b9:51:9d:
         05:73:99:43:32:fd:99:27:b6:59:99:61:88:f9:d1:16:82:c3:
         a1:9a:88:d3:78:96:ba:33:70:e9:9a:fe:41:ee:bd:b2:ac:ef:
         94:9c:5e:d7:0e:40:b5:ea:47:a0:4a:64:55:20:0f:62:8b:73:
         7d:16:ae:2b:10:58:ff:da:6d:16:2f:12:ad:42:e3:0e:52:a2:
         b3:08:b9:dd:bb:ee:62:37:f3:fe:43:87:ba:fa:6f:8a:76:3a:
         de:6a:b2:bd:e3:ca:6e:a8:2f:f9:3d:b7:fd:c7:5a:bf:b0:39:
         22:25:07:49:73:66:0a:fb:16:95:d6:7e:60:b9:dc:fc:34:7a:
         a7:09:b5:21:dd:d8:fe:ef:2b:48:4e:c9:be:97:e7:24:ed:3a:
         13:ca:99:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ48Vh91KfsKdRONvdLvq4PSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE4MTgyNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2MzNmY5NzNhYmVkYmJmNDUxZDI2NTAyNGVlYzUxODQxNTg1MjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IcRBu6r4gw8qizaEYsJTDXF9hrq
arUpwVE/zTb1SaYDBdVZyxK33K4EBSCS5TnlFXicXrv4gTQG1XORFFbagYPhyT+l
VKLvv/JKlypYzpQRawrSUvzkFlk8Y36RJ5yr7na2PbctzfqAGdApWF7kZWH/ZPjn
nLWP6KdVKZC/R/QDuUKCiZd8H2E9yV2z4QYtN7Ek16OdSF4y9NzTiRlqtFjytuw1
S80+HlmvsoT2tPr7MiY2lUQtV581V76FA7m+X5Fpj/t+GmkB4vDyFuImkjtygbeG
fvOComANe8CYIaDR8RxpfdGGy/HSOlbjJizMMn6GFNbqKFgsBQjHP/3UIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzDb5c6vtu/RR0mUCTuxRhBWFJnMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZk1Odmx6cS0yNzlGSFNaUUpPN0ZHRUZZVW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqoMA0G
CSqGSIb3DQEBCwUAA4IBAQA2pwTxSOD/rrFaBT5Hm4JPWOV+7qMpiERRYA2dpxgi
8Erphtasc019z1CJjX9XREVq5S4LResn26VfYzOA2Cb86KpchEzqZQUEV+c2vJGr
aMVorZ7Eqrl+fIrdDUh8ocrtsrJN/X2LJkC5UZ0Fc5lDMv2ZJ7ZZmWGI+dEWgsOh
mojTeJa6M3Dpmv5B7r2yrO+UnF7XDkC16kegSmRVIA9ii3N9Fq4rEFj/2m0WLxKt
QuMOUqKzCLndu+5iN/P+Q4e6+m+KdjrearK948puqC/5Pbf9x1q/sDkiJQdJc2YK
+xaV1n5gudz8NHqnCbUh3dj+7ytITsm+l+ck7ToTypnW
-----END CERTIFICATE-----