Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/op2r2LRrtK_B38sj2IMu0Dz44f0.roa
File:                     op2r2LRrtK_B38sj2IMu0Dz44f0.roa (raw, json)
Hash identifier:          4oYj/JiVBVb8gioS23xoZJyqmT0+R2g4RoiwdRuGUaw=
Subject key identifier:   A2:9D:AB:D8:B4:6B:B4:AF:C1:DF:CB:23:D8:83:2E:D0:3C:F8:E1:FD
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D2AEA1B58ACF109C5407F02CA8F9A492C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/op2r2LRrtK_B38sj2IMu0Dz44f0.roa
Signing time:             Thu 26 Mar 2026 16:11:18 +0000
ROA not before:           Thu 26 Mar 2026 16:11:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        2.27.115.0/24 maxlen: 24
                          2.27.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:ea:1b:58:ac:f1:09:c5:40:7f:02:ca:8f:9a:49:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 26 16:11:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a29dabd8b46bb4afc1dfcb23d8832ed03cf8e1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:23:7f:31:47:60:3a:72:25:38:d7:53:c8:58:
                    96:af:8e:ce:1c:2e:e1:90:7e:75:b8:32:47:00:df:
                    ad:a2:4b:e4:0a:f3:46:3e:8b:8a:d4:5c:3c:c0:1c:
                    ad:f7:ab:f1:0f:80:d7:55:60:7e:a1:d7:3d:72:7c:
                    1c:45:21:33:13:52:5d:de:9c:47:2b:4e:b9:c6:72:
                    15:e8:22:e7:b3:4a:3b:52:6c:07:55:c2:66:e9:5b:
                    6b:6a:47:0e:c4:79:d6:2d:1c:77:fa:4b:ba:53:06:
                    12:bb:6d:bc:d0:74:a9:dc:84:c6:7c:18:c5:e8:02:
                    25:56:d9:e2:26:12:d0:af:19:0d:58:0a:9f:15:c8:
                    70:b5:36:dc:84:b8:99:b2:b8:67:89:72:2f:86:7f:
                    7e:f2:fc:36:9a:d0:4c:62:97:3b:ad:53:6a:c2:91:
                    7d:36:c7:94:59:1f:16:69:34:53:65:bd:a9:b4:ca:
                    c5:75:c4:1a:df:d6:69:d6:3c:be:3a:3a:3d:24:d7:
                    cb:89:35:27:6b:17:c8:3b:b9:4a:3b:ad:42:53:f8:
                    03:be:f3:c2:54:e4:45:9b:8e:23:6b:64:0f:60:25:
                    6d:2a:e8:8c:24:8f:87:6c:50:8d:f0:23:10:2f:f3:
                    34:cf:69:16:b1:b6:3b:ef:61:f9:a4:44:5d:98:a7:
                    dd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9D:AB:D8:B4:6B:B4:AF:C1:DF:CB:23:D8:83:2E:D0:3C:F8:E1:FD
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/op2r2LRrtK_B38sj2IMu0Dz44f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.115.0/24
                  2.27.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:64:83:67:b9:78:99:45:e3:88:0e:39:94:37:52:00:52:2f:
         c4:cf:e1:cc:ee:fb:b3:57:18:7d:3b:46:82:86:78:de:0a:73:
         95:e1:61:e7:ee:72:4c:d3:02:b5:27:b4:cc:63:d6:95:82:f3:
         5e:86:90:5f:13:19:8d:e8:21:97:04:f2:8e:00:3e:b7:25:89:
         b5:cb:3e:d4:15:28:62:1f:b3:c4:a2:83:71:0e:f7:68:aa:7b:
         5a:08:bb:7b:e6:05:4d:33:17:98:88:18:11:85:a3:67:a1:2d:
         28:30:3e:4b:1d:34:e8:aa:4b:7c:ca:e8:40:1f:b6:70:f1:61:
         7b:f4:ec:9b:0d:52:5d:db:f2:40:04:71:fa:a6:b2:f2:b7:66:
         77:f1:1b:e9:c4:fe:b5:44:4c:5e:07:4f:d4:c6:69:4f:06:9c:
         6d:66:94:05:a4:8b:1d:d7:76:4b:89:81:84:0a:bc:bd:f5:8f:
         3c:67:99:bf:e5:df:fa:2d:ec:91:d4:57:81:71:f8:b4:4e:f0:
         79:3f:a9:2b:e4:06:4e:59:ad:5d:bb:fd:0b:d2:1e:d5:9e:2e:
         f5:44:b5:e4:cc:a0:5f:2e:3a:38:81:5c:63:0a:6a:88:31:6a:
         47:fd:f5:58:f0:eb:59:8c:7a:f2:be:25:df:3a:c8:04:99:19:
         17:61:60:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0q6htYrPEJxUB/AsqPmkksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI2MTYxMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlkYWJkOGI0NmJiNGFmYzFkZmNiMjNkODgzMmVkMDNjZjhlMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCN/MUdgOnIlONdTyFiWr47OHC7h
kH51uDJHAN+tokvkCvNGPouK1Fw8wByt96vxD4DXVWB+odc9cnwcRSEzE1Jd3pxH
K065xnIV6CLns0o7UmwHVcJm6VtrakcOxHnWLRx3+ku6UwYSu2280HSp3ITGfBjF
6AIlVtniJhLQrxkNWAqfFchwtTbchLiZsrhniXIvhn9+8vw2mtBMYpc7rVNqwpF9
NseUWR8WaTRTZb2ptMrFdcQa39Zp1jy+Ojo9JNfLiTUnaxfIO7lKO61CU/gDvvPC
VORFm44ja2QPYCVtKuiMJI+HbFCN8CMQL/M0z2kWsbY772H5pERdmKfdvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKKdq9i0a7Svwd/LI9iDLtA8+OH9MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb3AycjJMUnJ0S19CMzhzajJJTXUwRHo0NGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtzAwQA
AhvpMA0GCSqGSIb3DQEBCwUAA4IBAQAiZINnuXiZReOIDjmUN1IAUi/Ez+HM7vuz
Vxh9O0aChnjeCnOV4WHn7nJM0wK1J7TMY9aVgvNehpBfExmN6CGXBPKOAD63JYm1
yz7UFShiH7PEooNxDvdoqntaCLt75gVNMxeYiBgRhaNnoS0oMD5LHTToqkt8yuhA
H7Zw8WF79OybDVJd2/JABHH6prLyt2Z38RvpxP61RExeB0/UxmlPBpxtZpQFpIsd
13ZLiYGECry99Y88Z5m/5d/6LeyR1FeBcfi0TvB5P6kr5AZOWa1du/0L0h7Vni71
RLXkzKBfLjo4gVxjCmqIMWpH/fVY8OtZjHryviXfOsgEmRkXYWCk
-----END CERTIFICATE-----