Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g9_cG2ur5eE9f4E2EVWM-NJK2os.roa
File:                     g9_cG2ur5eE9f4E2EVWM-NJK2os.roa (raw, json)
Hash identifier:          qayBogOlsfpJ8O0Ch3rusfKBf3nFOTUbW5ILhdqN2N4=
Subject key identifier:   83:DF:DC:1B:6B:AB:E5:E1:3D:7F:81:36:11:55:8C:F8:D2:4A:DA:8B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D8D3DA6C14CCC52CC4DF8151F88D1DF84
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g9_cG2ur5eE9f4E2EVWM-NJK2os.roa
Signing time:             Tue 14 Apr 2026 18:25:20 +0000
ROA not before:           Tue 14 Apr 2026 18:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50053
IP address blocks:        2.26.136.0/24 maxlen: 24
                          2.26.137.0/24 maxlen: 24
                          2.26.141.0/24 maxlen: 24
                          2.26.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:3d:a6:c1:4c:cc:52:cc:4d:f8:15:1f:88:d1:df:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 14 18:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83dfdc1b6babe5e13d7f813611558cf8d24ada8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:63:c0:70:3e:67:7e:91:a6:bb:dd:e4:dd:cb:
                    bb:ea:7e:f4:55:e0:d7:bd:8c:62:75:34:98:c6:93:
                    45:c9:ab:48:b7:58:46:0e:1d:22:ff:e8:05:bb:aa:
                    c1:10:78:43:47:7d:fb:b6:5b:5c:7a:c3:78:00:fd:
                    72:56:25:7a:fc:f4:c0:74:86:5b:8a:d1:d3:88:98:
                    df:88:ef:5f:d7:07:e2:bc:f4:1d:c6:6f:72:1b:ea:
                    01:e4:10:dc:0c:08:ff:65:9a:9e:3e:3e:3d:f6:ae:
                    a8:d0:1f:f6:69:12:2b:94:96:59:55:bf:de:7f:37:
                    73:28:a7:eb:28:7e:16:71:4a:bc:47:9e:7b:7b:65:
                    ec:62:06:2e:af:35:b1:ea:f3:17:05:a9:53:fb:00:
                    f3:05:08:38:c0:5f:0a:00:32:c8:08:8b:c3:82:45:
                    ac:f1:6f:0d:41:45:01:e0:6c:b3:67:68:b2:32:b1:
                    47:8c:dc:38:5a:39:e6:35:18:93:06:90:79:4c:1a:
                    1e:62:b7:7a:6e:0e:8a:75:ed:77:30:ea:e5:c5:81:
                    98:b5:22:67:4a:b4:6c:9b:02:76:9c:6c:f6:76:a8:
                    a3:46:bd:07:4c:10:a7:e2:da:85:01:6e:58:b7:75:
                    b7:1a:44:d8:47:18:2c:58:c5:29:90:3b:40:7c:f1:
                    d7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:DF:DC:1B:6B:AB:E5:E1:3D:7F:81:36:11:55:8C:F8:D2:4A:DA:8B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/g9_cG2ur5eE9f4E2EVWM-NJK2os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.136.0/23
                  2.26.141.0-2.26.142.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:1a:8a:5d:03:96:37:3a:26:f0:3e:fc:c1:b2:21:47:13:67:
         97:0c:da:b3:26:5b:30:ec:9b:1a:bd:da:09:92:a2:9d:79:3e:
         55:c4:d6:be:87:be:33:cc:24:95:31:62:11:d7:7f:c1:3f:cf:
         08:13:a4:bd:ef:b5:63:5b:59:81:a3:50:10:f1:46:08:7a:6f:
         be:8b:d8:46:27:54:45:87:ed:b1:76:15:be:94:89:94:1f:73:
         21:45:9e:59:ce:ef:a8:77:ae:c2:46:35:ae:e7:3c:f5:91:4d:
         52:fa:10:28:ad:23:86:80:04:fa:56:ee:97:b0:3f:9c:d0:0d:
         94:2e:cb:ec:31:16:40:10:1b:72:6d:d1:26:95:47:06:e6:e7:
         e3:13:a3:62:2c:45:54:3b:f8:5b:09:4e:62:90:9a:a7:85:32:
         2c:dd:e3:a4:2d:47:d8:83:bc:47:4a:7f:5f:1d:ad:b2:c7:0f:
         5e:33:b3:eb:4f:46:09:3f:e9:4c:78:6c:06:76:89:09:77:aa:
         9f:6e:53:57:96:e7:fa:5c:90:fa:96:e5:0c:a3:33:73:b1:6d:
         e0:de:f5:76:ac:2e:bc:61:35:f1:45:27:ea:0e:6d:35:cb:06:
         f6:81:76:44:d7:a8:6b:9a:2e:2c:0d:b7:7e:d5:92:f5:38:a0:
         dd:79:6a:ca
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2NPabBTMxSzE34FR+I0d+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MTgyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2RmZGMxYjZiYWJlNWUxM2Q3ZjgxMzYxMTU1OGNmOGQyNGFkYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2PAcD5nfpGmu93k3cu76n70VeDX
vYxidTSYxpNFyatIt1hGDh0i/+gFu6rBEHhDR337tltcesN4AP1yViV6/PTAdIZb
itHTiJjfiO9f1wfivPQdxm9yG+oB5BDcDAj/ZZqePj499q6o0B/2aRIrlJZZVb/e
fzdzKKfrKH4WcUq8R557e2XsYgYurzWx6vMXBalT+wDzBQg4wF8KADLICIvDgkWs
8W8NQUUB4GyzZ2iyMrFHjNw4WjnmNRiTBpB5TBoeYrd6bg6Kde13MOrlxYGYtSJn
SrRsmwJ2nGz2dqijRr0HTBCn4tqFAW5Yt3W3GkTYRxgsWMUpkDtAfPHX1QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIPf3Btrq+XhPX+BNhFVjPjSStqLMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZzlfY0cydXI1ZUU5ZjRFMkVWV00tTkpLMm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBAhqIMAwD
BAACGo0DBAACGo4wDQYJKoZIhvcNAQELBQADggEBAH8ail0Dljc6JvA+/MGyIUcT
Z5cM2rMmWzDsmxq92gmSop15PlXE1r6HvjPMJJUxYhHXf8E/zwgTpL3vtWNbWYGj
UBDxRgh6b76L2EYnVEWH7bF2Fb6UiZQfcyFFnlnO76h3rsJGNa7nPPWRTVL6ECit
I4aABPpW7pewP5zQDZQuy+wxFkAQG3Jt0SaVRwbm5+MTo2IsRVQ7+FsJTmKQmqeF
Mizd46QtR9iDvEdKf18drbLHD14zs+tPRgk/6Ux4bAZ2iQl3qp9uU1eW5/pckPqW
5QyjM3OxbeDe9XasLrxhNfFFJ+oObTXLBvaBdkTXqGuaLiwNt37VkvU4oN15aso=
-----END CERTIFICATE-----