Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kw_2BoIFErtcEVva-7bcc6J3faw.roa
File:                     kw_2BoIFErtcEVva-7bcc6J3faw.roa (raw, json)
Hash identifier:          fdY1RhCjjVoW3tNCEd9To49J8oPaQE1YWU/sGiq/RhE=
Subject key identifier:   93:0F:F6:06:82:05:12:BB:5C:11:5B:DA:FB:B6:DC:73:A2:77:7D:AC
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D6DF9326C38364003C22A7ABA6A3658AB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kw_2BoIFErtcEVva-7bcc6J3faw.roa
Signing time:             Wed 08 Apr 2026 16:42:21 +0000
ROA not before:           Wed 08 Apr 2026 16:42:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402221
IP address blocks:        2.26.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:f9:32:6c:38:36:40:03:c2:2a:7a:ba:6a:36:58:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  8 16:42:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=930ff606820512bb5c115bdafbb6dc73a2777dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f2:2a:70:f1:6d:ce:f5:b2:02:94:53:32:de:
                    cd:5a:02:3f:93:b5:d5:d2:1b:cc:bd:1b:53:60:01:
                    b1:75:d3:38:6e:6d:1e:a4:29:fd:76:e6:7e:03:17:
                    7e:55:76:29:81:b0:34:5c:3d:e2:5a:37:90:29:71:
                    12:d2:40:3f:26:38:2e:1a:8d:0e:46:f6:f3:26:ab:
                    93:50:9f:f9:ca:14:ae:a0:04:56:28:5c:2f:b5:c9:
                    b4:f5:7f:ab:95:a0:89:81:a8:3c:b1:5a:31:ca:c4:
                    51:29:11:b2:6f:ba:98:c7:bc:b2:07:3f:31:5c:d2:
                    bc:f4:42:8e:24:35:1f:5d:7e:a3:b2:ed:46:cd:68:
                    10:f9:8b:38:d1:c2:09:6e:22:18:91:38:2b:11:44:
                    5d:c2:43:30:8e:61:0f:3f:87:34:e2:92:ec:f1:a8:
                    11:3b:48:29:b8:05:92:68:f3:ce:d3:f0:1d:dc:df:
                    bf:22:ff:e6:29:2e:72:d2:30:9b:67:e2:f6:60:e9:
                    af:e3:6f:90:1f:bb:d5:0e:ab:8a:95:fb:96:97:c7:
                    74:31:0d:94:38:55:e4:1f:f0:fc:83:b5:a3:4c:a6:
                    ee:ab:af:fe:9b:ac:ab:3a:d3:f5:bf:ee:7a:3f:2b:
                    3d:36:e9:d8:1f:bd:a5:87:32:a4:da:eb:4a:c9:bb:
                    0e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:0F:F6:06:82:05:12:BB:5C:11:5B:DA:FB:B6:DC:73:A2:77:7D:AC
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kw_2BoIFErtcEVva-7bcc6J3faw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a8:72:fc:ec:10:f6:14:ce:7a:b9:8c:b6:84:bd:88:03:38:
         02:ca:04:1b:ca:2f:f2:d1:c1:2f:a6:c4:d7:69:c5:b4:21:b0:
         26:8b:df:98:f2:11:9e:a3:cc:ae:35:12:58:92:0e:6c:77:9e:
         4d:76:b2:27:8f:7b:43:1a:4a:30:15:a5:f6:92:b6:7d:cf:e9:
         ed:62:d8:0e:a9:58:bc:40:28:ca:da:5d:0d:3c:cc:bf:53:95:
         12:1e:90:95:99:04:f8:b8:a6:a1:4a:b9:a2:75:27:12:c2:10:
         2e:43:1f:7d:1b:9c:10:89:44:0b:e9:68:30:d0:fc:ea:6d:47:
         96:2c:81:b6:73:5c:81:47:d3:8e:ad:fc:ed:60:ce:1a:6c:12:
         3b:6d:83:08:93:14:99:45:6d:5c:e6:d6:98:77:05:ff:ac:cc:
         34:32:45:be:c2:46:28:12:e3:e7:55:41:c0:4d:92:27:75:47:
         9e:9f:8e:a6:08:ca:be:3c:af:56:4f:7a:b3:bc:c1:de:f8:7f:
         8f:d9:4f:67:ec:78:87:ba:10:c5:e3:7a:7e:5c:9c:6b:0a:fb:
         06:82:17:b9:88:b5:b5:32:fd:c9:c8:85:7a:55:17:c6:df:35:
         7c:04:71:7d:30:44:b2:65:db:c0:d8:1e:a9:12:ef:d0:e6:b9:
         24:54:da:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1t+TJsODZAA8IqerpqNlirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA4MTY0MjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBmZjYwNjgyMDUxMmJiNWMxMTViZGFmYmI2ZGM3M2EyNzc3ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfIqcPFtzvWyApRTMt7NWgI/k7XV
0hvMvRtTYAGxddM4bm0epCn9duZ+Axd+VXYpgbA0XD3iWjeQKXES0kA/JjguGo0O
RvbzJquTUJ/5yhSuoARWKFwvtcm09X+rlaCJgag8sVoxysRRKRGyb7qYx7yyBz8x
XNK89EKOJDUfXX6jsu1GzWgQ+Ys40cIJbiIYkTgrEURdwkMwjmEPP4c04pLs8agR
O0gpuAWSaPPO0/Ad3N+/Iv/mKS5y0jCbZ+L2YOmv42+QH7vVDquKlfuWl8d0MQ2U
OFXkH/D8g7WjTKbuq6/+m6yrOtP1v+56Pys9NunYH72lhzKk2utKybsORwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMP9gaCBRK7XBFb2vu23HOid32sMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva3dfMkJvSUZFcnRjRVZ2YS03YmNjNkozZmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqdMA0G
CSqGSIb3DQEBCwUAA4IBAQBpqHL87BD2FM56uYy2hL2IAzgCygQbyi/y0cEvpsTX
acW0IbAmi9+Y8hGeo8yuNRJYkg5sd55NdrInj3tDGkowFaX2krZ9z+ntYtgOqVi8
QCjK2l0NPMy/U5USHpCVmQT4uKahSrmidScSwhAuQx99G5wQiUQL6Wgw0PzqbUeW
LIG2c1yBR9OOrfztYM4abBI7bYMIkxSZRW1c5taYdwX/rMw0MkW+wkYoEuPnVUHA
TZIndUeen46mCMq+PK9WT3qzvMHe+H+P2U9n7HiHuhDF43p+XJxrCvsGghe5iLW1
Mv3JyIV6VRfG3zV8BHF9MESyZdvA2B6pEu/Q5rkkVNqu
-----END CERTIFICATE-----