Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ksXB5Wr2ChMtS9U4Ne7ryrWdITs.roa
File:                     ksXB5Wr2ChMtS9U4Ne7ryrWdITs.roa (raw, json)
Hash identifier:          zv/+/vGtJD3jAWQ0RYyn+qusjikhrdgtCFplBj78B5A=
Subject key identifier:   92:C5:C1:E5:6A:F6:0A:13:2D:4B:D5:38:35:EE:EB:CA:B5:9D:21:3B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D787BEDDAA9E1550C114555A6B61C21E2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ksXB5Wr2ChMtS9U4Ne7ryrWdITs.roa
Signing time:             Fri 10 Apr 2026 17:41:20 +0000
ROA not before:           Fri 10 Apr 2026 17:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207158
IP address blocks:        2.27.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:7b:ed:da:a9:e1:55:0c:11:45:55:a6:b6:1c:21:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 10 17:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92c5c1e56af60a132d4bd53835eeebcab59d213b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0a:05:be:51:20:e1:6e:70:4f:72:96:fa:64:
                    2d:85:5f:4e:3e:b9:a1:b7:f9:da:00:62:72:4d:2e:
                    ab:93:ba:0b:40:cc:00:4a:99:62:b4:58:89:9e:87:
                    52:aa:2e:42:6b:2d:8c:cc:de:95:49:60:e0:a6:00:
                    17:a2:4f:f0:0b:7e:ad:1b:9d:ee:01:72:a3:bb:03:
                    a5:12:dd:a0:c0:58:43:c1:6a:9e:82:69:ad:5f:05:
                    7c:6b:e1:07:fe:a5:86:71:c3:93:18:56:c5:b0:65:
                    e2:a5:35:d5:ce:e3:40:52:f6:43:46:c9:3c:cd:26:
                    2c:db:30:e5:4c:7c:c2:16:67:96:b4:6f:76:3a:0a:
                    05:3b:19:bf:c3:e8:8d:30:5f:d5:77:53:20:6e:60:
                    59:5a:ff:de:c4:d3:f9:fc:9f:54:52:d0:c6:3d:d6:
                    a2:dc:5c:8c:b4:ed:f5:77:46:06:ae:e1:48:d9:0b:
                    99:9b:13:43:0c:cf:57:9c:c6:db:6b:c6:a9:d1:72:
                    27:3e:3f:bd:aa:9c:7c:66:4f:b2:e8:e5:90:2c:59:
                    9c:5f:65:6f:3b:29:9b:98:55:a9:43:28:1c:47:88:
                    f3:56:26:57:2d:3a:de:ee:e2:15:5e:a4:7e:3f:27:
                    a0:96:ec:11:00:41:c7:89:4b:c3:39:94:67:e2:09:
                    fc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C5:C1:E5:6A:F6:0A:13:2D:4B:D5:38:35:EE:EB:CA:B5:9D:21:3B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ksXB5Wr2ChMtS9U4Ne7ryrWdITs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:66:bc:a7:f1:47:2b:39:f4:51:27:51:ea:ef:e4:d8:ea:17:
         35:8a:3e:ea:58:cf:51:80:11:5e:5a:92:2e:f4:14:74:10:09:
         9d:59:c2:eb:24:df:ae:5f:5b:88:c9:05:1b:f6:50:c1:e6:6f:
         de:92:52:65:6a:9e:01:87:60:0c:e2:6b:55:f3:77:a8:b1:59:
         e0:56:37:f7:fd:5f:09:64:51:64:24:fa:36:a1:be:0d:36:fd:
         83:bf:5b:42:ec:91:de:a6:b6:ef:af:44:0f:4d:59:14:f0:bb:
         84:bf:92:17:13:a2:e1:0b:df:ba:50:b8:87:be:a9:c2:c9:5e:
         db:d8:15:97:d7:17:e7:48:95:2b:6d:52:70:1f:0d:01:a4:89:
         9c:9b:06:e4:6b:ad:a4:51:23:73:d4:e4:a2:13:f6:d9:8c:6c:
         30:08:39:6e:56:66:98:af:02:b0:81:62:37:b6:84:a0:e8:03:
         dc:15:b6:33:f7:0d:03:c3:ee:47:df:42:e3:90:ec:a1:b4:97:
         b8:08:88:12:7d:94:27:f5:75:5e:1d:c4:cc:81:6f:ef:6e:9e:
         05:81:d2:e7:a3:70:07:9b:76:47:37:17:6b:c5:ec:ef:7b:43:
         81:5b:a3:f4:fe:5d:35:82:1a:f5:b6:b0:17:4d:b0:7d:cb:82:
         e1:2c:4a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14e+3aqeFVDBFFVaa2HCHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDEwMTc0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM1YzFlNTZhZjYwYTEzMmQ0YmQ1MzgzNWVlZWJjYWI1OWQyMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4woFvlEg4W5wT3KW+mQthV9OPrmh
t/naAGJyTS6rk7oLQMwASplitFiJnodSqi5Cay2MzN6VSWDgpgAXok/wC36tG53u
AXKjuwOlEt2gwFhDwWqegmmtXwV8a+EH/qWGccOTGFbFsGXipTXVzuNAUvZDRsk8
zSYs2zDlTHzCFmeWtG92OgoFOxm/w+iNMF/Vd1MgbmBZWv/exNP5/J9UUtDGPdai
3FyMtO31d0YGruFI2QuZmxNDDM9XnMbba8ap0XInPj+9qpx8Zk+y6OWQLFmcX2Vv
OymbmFWpQygcR4jzViZXLTre7uIVXqR+PyegluwRAEHHiUvDOZRn4gn8PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLFweVq9goTLUvVODXu68q1nSE7MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva3NYQjVXcjJDaE10UzlVNE5lN3J5cldkSVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtyMA0G
CSqGSIb3DQEBCwUAA4IBAQBiZryn8UcrOfRRJ1Hq7+TY6hc1ij7qWM9RgBFeWpIu
9BR0EAmdWcLrJN+uX1uIyQUb9lDB5m/eklJlap4Bh2AM4mtV83eosVngVjf3/V8J
ZFFkJPo2ob4NNv2Dv1tC7JHeprbvr0QPTVkU8LuEv5IXE6LhC9+6ULiHvqnCyV7b
2BWX1xfnSJUrbVJwHw0BpImcmwbka62kUSNz1OSiE/bZjGwwCDluVmaYrwKwgWI3
toSg6APcFbYz9w0Dw+5H30LjkOyhtJe4CIgSfZQn9XVeHcTMgW/vbp4FgdLno3AH
m3ZHNxdrxezve0OBW6P0/l01ghr1trAXTbB9y4LhLErz
-----END CERTIFICATE-----