Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/m5Gs-bwBwHbCHC6YxnLFxi7KYxU.roa
File:                     m5Gs-bwBwHbCHC6YxnLFxi7KYxU.roa (raw, json)
Hash identifier:          RAepP/8ZP41TLvXW25aXxC7WWV0+2+871UzGsqnSZnM=
Subject key identifier:   9B:91:AC:F9:BC:01:C0:76:C2:1C:2E:98:C6:72:C5:C6:2E:CA:63:15
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D305F31D4975E71AB99903C2E3EFE177D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/m5Gs-bwBwHbCHC6YxnLFxi7KYxU.roa
Signing time:             Fri 27 Mar 2026 17:37:18 +0000
ROA not before:           Fri 27 Mar 2026 17:37:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205772
IP address blocks:        2.27.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:5f:31:d4:97:5e:71:ab:99:90:3c:2e:3e:fe:17:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 27 17:37:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b91acf9bc01c076c21c2e98c672c5c62eca6315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:19:12:3a:97:75:d0:6e:26:54:d7:33:a8:ea:
                    43:27:52:03:32:c2:21:de:7d:c3:1e:cb:ab:b7:22:
                    ec:51:55:0c:d2:30:a6:17:58:48:6d:8b:78:95:a4:
                    c9:41:df:7b:b2:97:49:9c:d4:7e:7d:2a:64:28:01:
                    08:35:a3:87:01:b7:3d:c3:c1:e1:c7:fa:fd:ee:90:
                    85:c0:a8:12:82:a3:6c:22:eb:9d:54:e0:1c:93:78:
                    93:52:38:6c:93:69:b1:e4:dc:07:0b:bb:be:dc:f5:
                    7d:eb:69:04:42:bd:75:6c:95:34:95:e9:68:7e:a4:
                    82:8f:c7:81:a6:2f:a4:8d:83:a2:ab:f0:b9:35:1f:
                    98:be:db:d3:d2:4c:8b:62:c2:d2:cc:f3:cc:c9:82:
                    2a:f2:90:09:61:1c:2c:a2:76:5e:b4:a0:b1:fe:c7:
                    eb:59:f8:42:f3:8f:47:31:1c:6d:6b:82:3e:93:fd:
                    a3:33:b1:9a:3a:31:f4:5b:7b:8d:79:05:50:31:12:
                    8b:50:40:c8:5c:ab:2c:07:3e:93:60:8b:33:b8:f5:
                    34:77:81:50:02:a2:d6:24:9d:f2:e8:dc:13:37:fe:
                    94:ac:01:5f:eb:51:19:43:74:bc:37:e7:00:41:dd:
                    af:7c:39:1b:6c:52:17:93:91:c0:4a:93:db:eb:b8:
                    42:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:91:AC:F9:BC:01:C0:76:C2:1C:2E:98:C6:72:C5:C6:2E:CA:63:15
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/m5Gs-bwBwHbCHC6YxnLFxi7KYxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:5e:85:1c:36:e7:9c:4e:1e:6e:c2:11:61:63:58:94:5c:1f:
         29:22:d4:df:cc:50:35:09:f8:dc:d5:7f:ef:8f:30:c6:3b:38:
         12:b0:45:e7:9d:fe:40:e1:71:85:52:c6:65:41:4f:74:1a:5d:
         fa:51:cc:09:5f:c6:bb:90:78:16:c9:7a:32:6e:65:d3:0e:c4:
         6e:c3:02:cf:81:d6:79:ce:3d:45:bf:e9:17:dc:4c:53:df:4b:
         22:11:7b:9f:e3:d5:1e:50:3e:0e:6d:24:10:9d:79:6e:77:84:
         50:92:ae:36:4b:81:8a:8b:e3:3c:60:36:d1:13:a7:88:2c:93:
         28:d0:37:29:ad:f0:16:6b:9f:90:cb:af:81:12:02:40:2b:18:
         a5:a4:44:60:34:ac:f9:23:8e:dd:65:36:71:9b:e9:8c:70:c9:
         c1:2f:7e:b6:09:1c:f2:c4:c2:dd:6b:b8:84:16:52:b5:74:a4:
         e4:ac:3a:63:c4:4c:ae:16:2f:02:10:b4:87:b2:44:a0:1e:2e:
         1b:f1:e4:b2:71:4f:88:4a:a2:73:c8:ac:47:4f:ce:36:4d:0e:
         b6:b2:dd:d7:79:cc:2c:4d:8a:43:3f:7b:e4:b0:c7:85:4b:e7:
         f4:51:ec:bd:80:63:9b:4d:2b:fd:a5:0f:b7:66:0a:52:6a:13:
         1f:b2:3b:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wXzHUl15xq5mQPC4+/hd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI3MTczNzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjkxYWNmOWJjMDFjMDc2YzIxYzJlOThjNjcyYzVjNjJlY2E2MzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhkSOpd10G4mVNczqOpDJ1IDMsIh
3n3DHsurtyLsUVUM0jCmF1hIbYt4laTJQd97spdJnNR+fSpkKAEINaOHAbc9w8Hh
x/r97pCFwKgSgqNsIuudVOAck3iTUjhsk2mx5NwHC7u+3PV962kEQr11bJU0lelo
fqSCj8eBpi+kjYOiq/C5NR+YvtvT0kyLYsLSzPPMyYIq8pAJYRwsonZetKCx/sfr
WfhC849HMRxta4I+k/2jM7GaOjH0W3uNeQVQMRKLUEDIXKssBz6TYIszuPU0d4FQ
AqLWJJ3y6NwTN/6UrAFf61EZQ3S8N+cAQd2vfDkbbFIXk5HASpPb67hCLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuRrPm8AcB2whwumMZyxcYuymMVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbTVHcy1id0J3SGJDSEM2WXhuTEZ4aTdLWXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhuXMA0G
CSqGSIb3DQEBCwUAA4IBAQB7XoUcNuecTh5uwhFhY1iUXB8pItTfzFA1Cfjc1X/v
jzDGOzgSsEXnnf5A4XGFUsZlQU90Gl36UcwJX8a7kHgWyXoybmXTDsRuwwLPgdZ5
zj1Fv+kX3ExT30siEXuf49UeUD4ObSQQnXlud4RQkq42S4GKi+M8YDbRE6eILJMo
0DcprfAWa5+Qy6+BEgJAKxilpERgNKz5I47dZTZxm+mMcMnBL362CRzyxMLda7iE
FlK1dKTkrDpjxEyuFi8CELSHskSgHi4b8eSycU+ISqJzyKxHT842TQ62st3Xecws
TYpDP3vksMeFS+f0Uey9gGObTSv9pQ+3ZgpSahMfsjvt
-----END CERTIFICATE-----