Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fnphCuRioYmRNWvaj68Jc9ERRfM.roa
File:                     fnphCuRioYmRNWvaj68Jc9ERRfM.roa (raw, json)
Hash identifier:          RpXMm5wrjV2ibp8z4C3duFwlcWpD2yv+dmwcX3um9vU=
Subject key identifier:   7E:7A:61:0A:E4:62:A1:89:91:35:6B:DA:8F:AF:09:73:D1:11:45:F3
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D9726969D7F2D3899567742BBFF5A35FF
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fnphCuRioYmRNWvaj68Jc9ERRfM.roa
Signing time:             Thu 16 Apr 2026 16:36:21 +0000
ROA not before:           Thu 16 Apr 2026 16:36:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61272
IP address blocks:        2.26.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:26:96:9d:7f:2d:38:99:56:77:42:bb:ff:5a:35:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 16:36:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e7a610ae462a18991356bda8faf0973d11145f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a2:ea:43:11:c6:20:e5:89:e9:fa:8b:84:b0:
                    f9:5b:a8:d0:7b:91:53:4f:2f:8c:ef:e7:9d:42:55:
                    14:cc:20:4d:f9:1f:3a:fa:88:d0:f6:db:2b:ee:a0:
                    45:51:eb:fa:cc:fb:38:b1:83:1a:5b:ae:7f:2b:fb:
                    01:2d:6f:2d:72:4f:e3:78:25:18:74:dc:06:7d:7e:
                    5d:1c:3e:47:3d:37:23:a8:21:7a:d6:c4:09:89:09:
                    1c:8e:49:7c:ad:c8:d3:d4:d5:48:8f:a3:f3:d6:93:
                    bd:75:59:be:02:05:3a:67:4f:6d:f4:7f:5e:8c:c8:
                    44:61:86:90:00:9f:11:14:46:ee:9e:86:59:f3:a3:
                    b9:52:e4:95:a8:35:01:52:4f:ba:4b:70:5b:62:5b:
                    6e:0e:2e:7a:28:27:ac:08:4e:ca:70:5a:54:c7:2e:
                    9d:2c:5a:05:05:c8:7e:3b:a7:ea:bf:04:65:f5:dd:
                    33:88:96:98:1f:79:b9:90:5e:b2:c5:9d:3f:4d:65:
                    4c:e8:93:64:f5:1e:ec:40:c4:97:72:eb:42:b2:c7:
                    52:9b:32:5e:0a:c1:fe:ea:97:ed:23:2c:21:ce:64:
                    ba:27:54:b3:60:83:0e:77:b8:f0:92:bc:f0:6f:5d:
                    59:8d:23:2d:bc:26:10:0a:28:8c:e4:34:4c:92:28:
                    9c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7A:61:0A:E4:62:A1:89:91:35:6B:DA:8F:AF:09:73:D1:11:45:F3
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fnphCuRioYmRNWvaj68Jc9ERRfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:46:70:f8:be:3f:1c:a7:76:4f:f5:47:32:db:48:6f:63:35:
         ea:ee:8f:fe:a8:e1:3f:34:c4:6d:09:03:14:3f:28:d0:2e:e2:
         9f:89:4b:ed:6c:34:85:05:c1:4f:88:50:2b:0d:41:2c:70:f3:
         63:c3:f9:57:e6:49:46:ef:c4:27:d9:db:8a:7b:b3:2c:cd:04:
         c9:eb:58:83:ca:85:14:06:fb:07:13:59:4b:a9:ac:f9:18:32:
         08:65:a6:f5:22:20:5f:1a:17:c8:97:95:b0:88:f8:2b:07:3e:
         76:a3:59:66:e1:5e:3e:8a:74:0e:26:70:63:2a:1a:88:7d:ba:
         fd:46:76:5c:3f:11:f0:57:ed:be:59:17:00:3d:5b:99:33:c5:
         f2:89:82:35:44:ba:f7:5c:0f:88:2c:6c:06:5c:11:c3:66:0a:
         21:7e:82:f6:0f:a3:62:52:1e:e0:be:7e:7a:1d:c1:f7:f0:26:
         11:1d:41:80:80:27:d3:dc:b7:9b:6f:70:4c:f9:53:f5:17:83:
         b3:ea:f7:3c:27:34:c1:dd:ea:8c:c7:36:16:a5:28:0f:e9:0e:
         ad:5d:b5:51:b2:f8:a0:35:57:90:1e:c4:2f:1c:03:16:89:af:
         d0:8a:80:85:00:7f:3a:58:84:ba:ee:96:79:a2:f5:3a:16:aa:
         86:0d:20:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2XJpadfy04mVZ3Qrv/WjX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MTYzNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdhNjEwYWU0NjJhMTg5OTEzNTZiZGE4ZmFmMDk3M2QxMTE0NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqLqQxHGIOWJ6fqLhLD5W6jQe5FT
Ty+M7+edQlUUzCBN+R86+ojQ9tsr7qBFUev6zPs4sYMaW65/K/sBLW8tck/jeCUY
dNwGfX5dHD5HPTcjqCF61sQJiQkcjkl8rcjT1NVIj6Pz1pO9dVm+AgU6Z09t9H9e
jMhEYYaQAJ8RFEbunoZZ86O5UuSVqDUBUk+6S3BbYltuDi56KCesCE7KcFpUxy6d
LFoFBch+O6fqvwRl9d0ziJaYH3m5kF6yxZ0/TWVM6JNk9R7sQMSXcutCssdSmzJe
CsH+6pftIywhzmS6J1SzYIMOd7jwkrzwb11ZjSMtvCYQCiiM5DRMkiictQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH56YQrkYqGJkTVr2o+vCXPREUXzMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZm5waEN1UmlvWW1STld2YWo2OEpjOUVSUmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhquMA0G
CSqGSIb3DQEBCwUAA4IBAQBXRnD4vj8cp3ZP9Ucy20hvYzXq7o/+qOE/NMRtCQMU
PyjQLuKfiUvtbDSFBcFPiFArDUEscPNjw/lX5klG78Qn2duKe7MszQTJ61iDyoUU
BvsHE1lLqaz5GDIIZab1IiBfGhfIl5WwiPgrBz52o1lm4V4+inQOJnBjKhqIfbr9
RnZcPxHwV+2+WRcAPVuZM8XyiYI1RLr3XA+ILGwGXBHDZgohfoL2D6NiUh7gvn56
HcH38CYRHUGAgCfT3Lebb3BM+VP1F4Oz6vc8JzTB3eqMxzYWpSgP6Q6tXbVRsvig
NVeQHsQvHAMWia/QioCFAH86WIS67pZ5ovU6FqqGDSA4
-----END CERTIFICATE-----