Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l_0OjgzLGON0Y2gz_4oUNMes1SA.roa
File:                     l_0OjgzLGON0Y2gz_4oUNMes1SA.roa (raw, json)
Hash identifier:          23ASqdtbmEJvxTiZsgMD8N8btkUCBTvdBDrkq/6+qEA=
Subject key identifier:   97:FD:0E:8E:0C:CB:18:E3:74:63:68:33:FF:8A:14:34:C7:AC:D5:20
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D5A2856A46DBB943D71A227014E03B109
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l_0OjgzLGON0Y2gz_4oUNMes1SA.roa
Signing time:             Sat 04 Apr 2026 20:21:26 +0000
ROA not before:           Sat 04 Apr 2026 20:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152460
IP address blocks:        2.27.169.0/24 maxlen: 24
                          2.27.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:28:56:a4:6d:bb:94:3d:71:a2:27:01:4e:03:b1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  4 20:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97fd0e8e0ccb18e374636833ff8a1434c7acd520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:cc:c9:a4:1a:a5:fa:f4:31:7d:67:87:e5:a3:
                    32:37:ac:61:5f:04:ae:5a:a8:76:80:2d:5c:e7:ad:
                    1d:d7:4a:b6:79:9b:ae:0c:e5:98:c2:77:01:8d:4d:
                    79:67:48:51:f7:b5:db:30:b0:00:e3:ea:68:62:ca:
                    f2:75:7a:21:7a:be:5d:0e:f3:a7:5b:93:33:d6:85:
                    c9:1e:5d:17:27:3e:80:44:8b:0b:97:fe:56:d6:b6:
                    d4:00:f0:83:f2:0b:50:46:d6:88:2a:5b:9f:bd:35:
                    d0:59:c4:2a:1c:50:a1:d3:4a:29:8c:ae:62:d1:c1:
                    c1:f3:3c:62:59:36:fb:63:5d:13:9f:83:4e:5b:b2:
                    70:66:d8:85:b4:d7:f6:de:cc:c9:fa:40:17:34:eb:
                    29:cf:4f:06:7c:b2:3a:40:78:6f:04:78:f8:76:9b:
                    44:63:62:91:5f:fb:9e:02:9b:53:aa:4f:a5:5c:7e:
                    c3:8a:c9:bf:0a:34:7a:ca:1f:b1:a5:51:1c:cb:50:
                    a7:64:f8:0d:c7:6e:57:28:69:63:d2:98:60:6d:57:
                    32:ae:7d:25:44:e6:08:aa:d1:f4:f3:e3:35:f9:92:
                    f5:29:e0:77:bb:11:15:c9:30:64:f7:40:d0:4d:01:
                    1e:7d:64:7a:46:3c:89:d6:93:49:3d:a2:35:6f:ce:
                    a8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FD:0E:8E:0C:CB:18:E3:74:63:68:33:FF:8A:14:34:C7:AC:D5:20
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l_0OjgzLGON0Y2gz_4oUNMes1SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.169.0/24
                  2.27.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c0:5f:9c:b6:d9:60:69:5b:30:52:e9:9c:fc:47:75:49:c5:
         c1:cd:8b:bd:2b:af:95:2a:33:81:0e:27:23:31:96:70:16:06:
         4d:e2:3f:bd:58:60:ad:4e:85:f6:b3:cd:88:a1:a7:5f:5b:b3:
         41:ad:0f:ae:01:16:4b:3e:47:b9:22:d4:0c:5c:34:21:a1:b4:
         e1:34:24:79:a2:b6:34:91:44:3d:5a:d3:f3:d9:87:51:2e:03:
         f0:33:6b:9f:19:06:af:f2:c3:2a:8f:03:41:cf:eb:6c:5b:a7:
         1b:18:77:ab:61:74:f9:23:18:6f:a1:c1:02:e8:6e:5d:37:5b:
         1c:ac:5b:01:44:a7:7c:4b:36:89:a2:36:33:f1:95:61:ed:a0:
         9f:4c:0d:cb:0e:a8:65:66:db:d3:25:7e:01:10:0c:de:89:04:
         62:c3:0a:a0:ed:10:9d:89:b5:1e:40:0b:0b:78:5d:b9:79:b5:
         b3:36:47:41:4b:06:66:fe:44:9b:54:4a:c0:5e:62:c1:eb:1f:
         c8:94:67:dd:3b:31:16:95:4c:38:97:7e:1a:d3:25:e5:e9:97:
         57:0e:0d:32:b4:cf:60:59:9e:e7:a8:66:b9:dd:c3:c6:56:bf:
         ae:3c:77:ff:9c:fa:46:8f:b3:3c:89:87:3a:8c:9f:80:3e:e2:
         77:3e:a8:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1aKFakbbuUPXGiJwFOA7EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA0MjAyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZkMGU4ZTBjY2IxOGUzNzQ2MzY4MzNmZjhhMTQzNGM3YWNkNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7czJpBql+vQxfWeH5aMyN6xhXwSu
Wqh2gC1c560d10q2eZuuDOWYwncBjU15Z0hR97XbMLAA4+poYsrydXoher5dDvOn
W5Mz1oXJHl0XJz6ARIsLl/5W1rbUAPCD8gtQRtaIKlufvTXQWcQqHFCh00opjK5i
0cHB8zxiWTb7Y10Tn4NOW7JwZtiFtNf23szJ+kAXNOspz08GfLI6QHhvBHj4dptE
Y2KRX/ueAptTqk+lXH7Dism/CjR6yh+xpVEcy1CnZPgNx25XKGlj0phgbVcyrn0l
ROYIqtH08+M1+ZL1KeB3uxEVyTBk90DQTQEefWR6RjyJ1pNJPaI1b86oPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJf9Do4MyxjjdGNoM/+KFDTHrNUgMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbF8wT2pnekxHT04wWTJnel80b1VOTWVzMVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhupAwQA
Ahv1MA0GCSqGSIb3DQEBCwUAA4IBAQBJwF+cttlgaVswUumc/Ed1ScXBzYu9K6+V
KjOBDicjMZZwFgZN4j+9WGCtToX2s82IoadfW7NBrQ+uARZLPke5ItQMXDQhobTh
NCR5orY0kUQ9WtPz2YdRLgPwM2ufGQav8sMqjwNBz+tsW6cbGHerYXT5IxhvocEC
6G5dN1scrFsBRKd8SzaJojYz8ZVh7aCfTA3LDqhlZtvTJX4BEAzeiQRiwwqg7RCd
ibUeQAsLeF25ebWzNkdBSwZm/kSbVErAXmLB6x/IlGfdOzEWlUw4l34a0yXl6ZdX
Dg0ytM9gWZ7nqGa53cPGVr+uPHf/nPpGj7M8iYc6jJ+APuJ3Pqie
-----END CERTIFICATE-----