Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mm_yFWBrkSR2OV_By7qS0BD6ip8.roa
File:                     mm_yFWBrkSR2OV_By7qS0BD6ip8.roa (raw, json)
Hash identifier:          wVyR8Upr1jTEInlKq67rbd93HK2Gf5VPJ4wB3FPWmf8=
Subject key identifier:   9A:6F:F2:15:60:6B:91:24:76:39:5F:C1:CB:BA:92:D0:10:FA:8A:9F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3F74E55F48950D94246AF3AB8045A7F2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mm_yFWBrkSR2OV_By7qS0BD6ip8.roa
Signing time:             Mon 30 Mar 2026 15:55:18 +0000
ROA not before:           Mon 30 Mar 2026 15:55:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402279
IP address blocks:        2.27.132.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:74:e5:5f:48:95:0d:94:24:6a:f3:ab:80:45:a7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 15:55:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a6ff215606b912476395fc1cbba92d010fa8a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f4:09:c8:b5:ea:82:e1:78:18:2e:97:97:8e:
                    e5:c4:00:52:b1:1e:12:8d:db:9a:11:81:ee:66:a1:
                    51:e7:51:00:d4:cf:d8:30:07:7b:ce:53:9b:27:e3:
                    3f:fa:1c:2f:f0:aa:70:33:29:85:5b:f0:07:80:e3:
                    a1:f8:b8:b9:8b:00:a5:ec:7a:46:7e:80:ba:34:e3:
                    2a:13:11:cb:60:d5:af:86:0c:1c:30:a5:58:27:26:
                    0d:4b:fd:0a:2b:82:68:a0:4d:cf:b0:c1:c1:82:cd:
                    1c:59:7f:ed:7e:51:b9:d1:e2:0a:91:70:2b:44:99:
                    f6:34:46:db:b2:9e:c6:8f:e9:f3:1e:ce:6e:98:53:
                    90:99:bb:df:23:05:5b:aa:e1:02:4d:9c:2d:71:2c:
                    9d:1f:5f:b8:de:50:40:07:af:12:76:d9:56:e8:52:
                    27:4a:fa:7d:fd:06:08:d1:39:df:88:3d:42:da:1e:
                    36:38:9b:0d:16:82:9d:ae:b0:b7:31:70:67:b3:a5:
                    b1:e0:ae:f5:f6:9e:d1:28:e5:33:c4:c0:25:26:86:
                    8d:42:d2:60:41:8e:3d:f3:a9:16:19:30:38:e5:d1:
                    7e:7b:50:9a:31:c1:56:08:35:71:f5:9d:7b:c3:cc:
                    82:cc:81:e3:ae:1c:23:14:0f:eb:01:60:13:63:40:
                    5a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:6F:F2:15:60:6B:91:24:76:39:5F:C1:CB:BA:92:D0:10:FA:8A:9F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mm_yFWBrkSR2OV_By7qS0BD6ip8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:45:2d:04:4a:99:d3:ab:c8:b9:e1:dd:68:3a:8f:88:be:66:
         8d:dd:a0:c1:62:ad:51:4f:f9:25:5f:02:9e:0e:81:41:03:e9:
         64:95:62:67:c1:0e:e1:ba:55:65:a7:24:8e:2e:5b:ef:5a:9e:
         5d:7b:72:15:e4:59:9b:3b:47:5b:f4:aa:2e:3b:1e:20:3c:1e:
         4e:a0:d3:72:51:a9:da:2b:1d:65:a2:a4:60:68:d5:ce:f2:ce:
         bd:2b:4f:7f:ab:a5:fa:eb:91:dd:0e:01:0a:27:31:31:26:f4:
         d9:c7:16:02:af:5f:2e:2e:d8:d6:b7:df:d0:99:c6:b0:0d:96:
         7d:70:06:27:a3:4d:7b:ef:91:46:e1:d2:6e:96:47:d6:b2:a8:
         2f:ef:7b:27:a9:a2:2c:91:7d:59:00:8e:87:4f:e9:ae:4c:f1:
         28:ce:b0:94:92:81:5f:c3:23:62:37:bf:66:e2:c8:de:d7:67:
         56:d4:84:7b:29:03:b3:86:03:5d:7d:2a:e3:df:5b:42:e6:bb:
         77:63:ea:b0:63:49:b8:e3:da:dc:9a:f6:48:8e:9b:2d:c8:85:
         3b:c0:6e:35:5a:c2:8f:d7:a3:f2:03:0d:9e:4d:d0:ec:90:47:
         11:84:fc:3b:90:51:7c:5d:fb:eb:fa:88:ad:f1:93:0d:c5:d6:
         5f:a5:1e:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/dOVfSJUNlCRq86uARafyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTZmZjIxNTYwNmI5MTI0NzYzOTVmYzFjYmJhOTJkMDEwZmE4YTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfQJyLXqguF4GC6Xl47lxABSsR4S
jduaEYHuZqFR51EA1M/YMAd7zlObJ+M/+hwv8KpwMymFW/AHgOOh+Li5iwCl7HpG
foC6NOMqExHLYNWvhgwcMKVYJyYNS/0KK4JooE3PsMHBgs0cWX/tflG50eIKkXAr
RJn2NEbbsp7Gj+nzHs5umFOQmbvfIwVbquECTZwtcSydH1+43lBAB68SdtlW6FIn
Svp9/QYI0TnfiD1C2h42OJsNFoKdrrC3MXBns6Wx4K719p7RKOUzxMAlJoaNQtJg
QY4986kWGTA45dF+e1CaMcFWCDVx9Z17w8yCzIHjrhwjFA/rAWATY0BagQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpv8hVga5Ekdjlfwcu6ktAQ+oqfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbW1feUZXQnJrU1IyT1ZfQnk3cVMwQkQ2aXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhuEMA0G
CSqGSIb3DQEBCwUAA4IBAQA1RS0ESpnTq8i54d1oOo+IvmaN3aDBYq1RT/klXwKe
DoFBA+lklWJnwQ7hulVlpySOLlvvWp5de3IV5FmbO0db9KouOx4gPB5OoNNyUana
Kx1loqRgaNXO8s69K09/q6X665HdDgEKJzExJvTZxxYCr18uLtjWt9/QmcawDZZ9
cAYno01775FG4dJulkfWsqgv73snqaIskX1ZAI6HT+muTPEozrCUkoFfwyNiN79m
4sje12dW1IR7KQOzhgNdfSrj31tC5rt3Y+qwY0m449rcmvZIjpstyIU7wG41WsKP
16PyAw2eTdDskEcRhPw7kFF8Xfvr+oit8ZMNxdZfpR5+
-----END CERTIFICATE-----