Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p-wGtZRVl-wSFpoYZNEvkOT7aw0.roa
File:                     p-wGtZRVl-wSFpoYZNEvkOT7aw0.roa (raw, json)
Hash identifier:          oqqcYBRc35V3jsaR4ntPeH1HJvsDVwwS0ZaRYMySCyI=
Subject key identifier:   A7:EC:06:B5:94:55:97:EC:12:16:9A:18:64:D1:2F:90:E4:FB:6B:0D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3CCE7C8926C09E9F1B652696EB4B6F6B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p-wGtZRVl-wSFpoYZNEvkOT7aw0.roa
Signing time:             Mon 30 Mar 2026 03:34:18 +0000
ROA not before:           Mon 30 Mar 2026 03:34:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212173
IP address blocks:        2.27.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3c:ce:7c:89:26:c0:9e:9f:1b:65:26:96:eb:4b:6f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 03:34:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7ec06b5945597ec12169a1864d12f90e4fb6b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:eb:95:0d:62:40:41:07:13:be:16:fe:af:5a:
                    5d:8f:6e:2c:81:f6:0b:b6:66:bf:36:f7:f1:93:31:
                    62:5b:5d:3a:e2:11:14:c6:64:83:65:31:19:e8:cf:
                    83:d9:42:3f:f4:54:f7:e2:65:52:74:8e:ea:c0:cf:
                    07:13:7e:44:ab:e3:8e:8d:60:9b:59:b8:6d:30:2d:
                    af:0e:71:87:02:a2:49:5a:81:7c:47:cf:a8:4b:24:
                    3b:aa:46:78:0c:d1:ac:a1:fc:64:d6:d1:e4:a4:23:
                    5a:df:bc:46:ef:be:a9:d1:71:44:c3:f9:2f:32:2c:
                    67:ae:3b:c7:03:fb:65:9b:69:87:4a:44:e0:d4:15:
                    22:3e:20:cd:3c:4b:33:5e:40:f7:e3:7a:a1:73:9d:
                    dc:31:08:7d:79:5e:3c:60:62:ea:b7:5c:09:a3:50:
                    a6:90:3b:d6:9c:30:aa:06:d9:02:4b:9a:41:81:6b:
                    8d:5a:27:95:5e:78:c6:67:a5:f8:6f:31:4a:95:62:
                    d7:32:4c:4c:93:66:a7:a1:14:54:a3:b5:d4:50:03:
                    2a:bb:16:0e:d3:0c:e1:54:69:7a:01:36:f5:11:bf:
                    30:27:b3:cb:22:80:36:93:15:2a:0e:26:a6:0e:8e:
                    e2:00:1b:36:58:b3:d8:7a:96:c7:b3:ff:82:f8:8f:
                    72:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:EC:06:B5:94:55:97:EC:12:16:9A:18:64:D1:2F:90:E4:FB:6B:0D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p-wGtZRVl-wSFpoYZNEvkOT7aw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:03:f2:3a:ae:a6:4d:4b:b7:0b:cb:6f:e6:10:87:94:54:48:
         5e:e2:7e:15:8d:99:c0:1a:87:89:8f:48:e3:aa:5d:7f:0c:0b:
         dc:bf:d5:e7:31:b0:14:b7:10:1b:7d:31:f3:dc:1c:13:35:98:
         08:9f:91:ad:06:a7:35:c0:f0:91:77:32:98:5b:16:f9:04:7c:
         32:f7:14:66:28:29:b1:3d:bf:4f:72:53:cd:59:81:83:ae:5c:
         4d:29:c4:37:35:c6:92:41:43:e6:5a:43:ad:2a:cd:8b:f9:4f:
         fc:94:bc:13:ff:12:52:18:f0:64:3f:46:17:6c:01:33:4f:f0:
         70:57:e1:25:58:1f:63:25:5b:cc:fc:d3:35:00:c3:8a:c1:ef:
         c7:c8:61:11:a8:5a:42:ab:83:0a:23:4d:b2:d9:17:db:26:a6:
         25:09:d8:76:c3:7a:8a:5f:65:5d:a3:0c:30:e5:4d:59:14:4d:
         cc:39:16:c8:79:26:f9:d7:68:f6:fa:4f:b4:e4:99:8b:e3:4c:
         9b:c3:57:69:df:fb:26:ec:83:75:9c:cf:c6:f3:e1:db:2d:2d:
         0e:4a:33:9e:06:ea:52:e4:80:2c:7f:3e:4d:45:17:e4:9c:df:
         0c:bd:40:10:6a:41:6a:1b:11:0f:9d:fb:12:99:34:5e:25:81:
         13:69:f6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ08znyJJsCenxtlJpbrS29rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMDMzNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2VjMDZiNTk0NTU5N2VjMTIxNjlhMTg2NGQxMmY5MGU0ZmI2YjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7euVDWJAQQcTvhb+r1pdj24sgfYL
tma/NvfxkzFiW1064hEUxmSDZTEZ6M+D2UI/9FT34mVSdI7qwM8HE35Eq+OOjWCb
WbhtMC2vDnGHAqJJWoF8R8+oSyQ7qkZ4DNGsofxk1tHkpCNa37xG776p0XFEw/kv
MixnrjvHA/tlm2mHSkTg1BUiPiDNPEszXkD343qhc53cMQh9eV48YGLqt1wJo1Cm
kDvWnDCqBtkCS5pBgWuNWieVXnjGZ6X4bzFKlWLXMkxMk2anoRRUo7XUUAMquxYO
0wzhVGl6ATb1Eb8wJ7PLIoA2kxUqDiamDo7iABs2WLPYepbHs/+C+I9yPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfsBrWUVZfsEhaaGGTRL5Dk+2sNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcC13R3RaUlZsLXdTRnBvWVpORXZrT1Q3YXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhubMA0G
CSqGSIb3DQEBCwUAA4IBAQARA/I6rqZNS7cLy2/mEIeUVEhe4n4VjZnAGoeJj0jj
ql1/DAvcv9XnMbAUtxAbfTHz3BwTNZgIn5GtBqc1wPCRdzKYWxb5BHwy9xRmKCmx
Pb9PclPNWYGDrlxNKcQ3NcaSQUPmWkOtKs2L+U/8lLwT/xJSGPBkP0YXbAEzT/Bw
V+ElWB9jJVvM/NM1AMOKwe/HyGERqFpCq4MKI02y2RfbJqYlCdh2w3qKX2Vdowww
5U1ZFE3MORbIeSb512j2+k+05JmL40ybw1dp3/sm7IN1nM/G8+HbLS0OSjOeBupS
5IAsfz5NRRfknN8MvUAQakFqGxEPnfsSmTReJYETafYJ
-----END CERTIFICATE-----