Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/od9VAL7uGKz8vQDz-U26fKH3fUU.roa
File:                     od9VAL7uGKz8vQDz-U26fKH3fUU.roa (raw, json)
Hash identifier:          MuIiD2hftnKFkwfY2MVGeT1JPo42cvPf5wVzmgQmLkg=
Subject key identifier:   A1:DF:55:00:BE:EE:18:AC:FC:BD:00:F3:F9:4D:BA:7C:A1:F7:7D:45
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E221D7A5E92F73E882628D10CEA5BB394
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/od9VAL7uGKz8vQDz-U26fKH3fUU.roa
Signing time:             Wed 13 May 2026 16:13:37 +0000
ROA not before:           Wed 13 May 2026 16:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213468
IP address blocks:        2.26.147.0/24 maxlen: 24
                          2.26.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:22:1d:7a:5e:92:f7:3e:88:26:28:d1:0c:ea:5b:b3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 13 16:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1df5500beee18acfcbd00f3f94dba7ca1f77d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b7:ae:33:3c:30:e8:62:86:25:84:77:e3:bd:
                    12:9b:85:73:80:a3:2e:b5:4a:5f:32:c2:8d:1f:fb:
                    7a:cb:b3:35:99:77:aa:61:40:42:ec:bc:76:ae:45:
                    8f:08:cf:ef:71:e4:06:80:2b:1d:7f:82:18:16:81:
                    12:4f:ce:3f:2b:65:16:f7:45:9e:12:5e:58:ae:c5:
                    1e:1a:0e:0f:a8:54:74:0b:64:e9:91:84:60:ec:5f:
                    4d:0b:d2:44:65:da:1e:8a:13:c8:7d:0f:77:4a:c0:
                    27:69:c3:87:f2:d4:cf:59:65:1b:23:ce:c5:f8:bd:
                    ab:f2:23:c4:23:02:92:1c:97:ac:c6:89:53:ef:8d:
                    f8:24:47:76:cd:4e:e3:be:fc:bc:97:f8:25:df:7c:
                    a8:e1:6a:20:73:90:ac:a4:96:06:8d:15:d0:40:fe:
                    d4:53:2b:ca:0f:82:0d:8f:68:81:19:63:b9:74:0b:
                    c4:d3:ed:fe:73:3e:a6:68:1a:41:a5:5e:ff:81:33:
                    73:e9:b5:89:3a:ef:1d:d2:39:f9:25:4f:a4:c8:a6:
                    60:92:23:7b:49:b2:97:3b:04:69:b2:4f:11:23:c4:
                    15:f3:d1:bf:0e:73:7c:14:a2:e6:f1:ed:25:35:0c:
                    82:ab:10:70:49:95:31:81:03:f3:9c:21:8c:c5:78:
                    b2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:DF:55:00:BE:EE:18:AC:FC:BD:00:F3:F9:4D:BA:7C:A1:F7:7D:45
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/od9VAL7uGKz8vQDz-U26fKH3fUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.147.0/24
                  2.26.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:4a:dd:0a:f4:48:14:fe:cc:75:7b:63:a7:16:12:fd:f7:a2:
         0f:ac:83:b5:f1:5c:40:a3:9b:86:0f:33:4d:09:b2:1a:6a:b3:
         1d:11:e0:d1:24:09:be:51:d0:34:b2:f1:52:be:fe:97:9e:73:
         fd:28:f2:da:d0:4d:ac:c3:21:4d:96:cd:d9:b6:8c:17:79:fe:
         eb:f1:fc:d1:48:18:4a:ed:a7:9c:b1:84:00:43:2e:02:06:96:
         25:c2:7b:44:8b:e7:0b:64:2f:ee:03:f1:a9:a6:bd:f2:52:0d:
         44:a5:00:1c:db:c4:a6:e4:eb:48:e9:ec:e4:c0:bf:a7:fe:41:
         a2:25:16:99:d5:cf:14:a7:bc:d4:06:e6:bb:3f:66:09:7d:c3:
         a0:f7:3d:40:b4:de:79:95:5b:cc:92:e4:8f:66:40:f9:fb:58:
         e0:10:d7:78:44:78:4c:b7:39:2d:55:31:75:56:bd:ac:52:56:
         b6:a2:c5:8f:bc:c2:75:55:61:04:c0:f3:12:e8:88:22:a9:36:
         5f:3b:fb:27:15:26:8e:fc:12:ff:d1:c5:4c:fb:1c:08:af:0d:
         fa:44:dc:81:b6:1b:f4:92:24:f9:4e:fd:af:78:ae:0b:20:9c:
         26:8d:cd:c7:05:b9:e2:81:2d:85:cc:71:b2:e9:f4:52:95:11:
         b5:b5:24:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4iHXpekvc+iCYo0QzqW7OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEzMTYxMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRmNTUwMGJlZWUxOGFjZmNiZDAwZjNmOTRkYmE3Y2ExZjc3ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLeuMzww6GKGJYR3470Sm4VzgKMu
tUpfMsKNH/t6y7M1mXeqYUBC7Lx2rkWPCM/vceQGgCsdf4IYFoEST84/K2UW90We
El5YrsUeGg4PqFR0C2TpkYRg7F9NC9JEZdoeihPIfQ93SsAnacOH8tTPWWUbI87F
+L2r8iPEIwKSHJesxolT7434JEd2zU7jvvy8l/gl33yo4Wogc5CspJYGjRXQQP7U
UyvKD4INj2iBGWO5dAvE0+3+cz6maBpBpV7/gTNz6bWJOu8d0jn5JU+kyKZgkiN7
SbKXOwRpsk8RI8QV89G/DnN8FKLm8e0lNQyCqxBwSZUxgQPznCGMxXiyLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHfVQC+7his/L0A8/lNunyh931FMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb2Q5VkFMN3VHS3o4dlFEei1VMjZmS0gzZlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqTAwQA
AhqVMA0GCSqGSIb3DQEBCwUAA4IBAQBESt0K9EgU/sx1e2OnFhL996IPrIO18VxA
o5uGDzNNCbIaarMdEeDRJAm+UdA0svFSvv6XnnP9KPLa0E2swyFNls3ZtowXef7r
8fzRSBhK7aecsYQAQy4CBpYlwntEi+cLZC/uA/Gppr3yUg1EpQAc28Sm5OtI6ezk
wL+n/kGiJRaZ1c8Up7zUBua7P2YJfcOg9z1AtN55lVvMkuSPZkD5+1jgENd4RHhM
tzktVTF1Vr2sUla2osWPvMJ1VWEEwPMS6IgiqTZfO/snFSaO/BL/0cVM+xwIrw36
RNyBthv0kiT5Tv2veK4LIJwmjc3HBbnigS2FzHGy6fRSlRG1tSTh
-----END CERTIFICATE-----