Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rFqfryzPv4rnP0hjavm8nU7UNUw.roa
File:                     rFqfryzPv4rnP0hjavm8nU7UNUw.roa (raw, json)
Hash identifier:          3s9Z6gvddHllc6AJkJJlbU1fh5mxAi8TOzC8BHoZ1f4=
Subject key identifier:   AC:5A:9F:AF:2C:CF:BF:8A:E7:3F:48:63:6A:F9:BC:9D:4E:D4:35:4C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3F74E47671E60B8E2169C18514999D86
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rFqfryzPv4rnP0hjavm8nU7UNUw.roa
Signing time:             Mon 30 Mar 2026 15:55:18 +0000
ROA not before:           Mon 30 Mar 2026 15:55:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151407
IP address blocks:        2.27.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:74:e4:76:71:e6:0b:8e:21:69:c1:85:14:99:9d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 15:55:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac5a9faf2ccfbf8ae73f48636af9bc9d4ed4354c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:50:3b:8a:df:b8:ad:70:65:37:96:17:ae:91:
                    40:99:a2:61:06:d6:ad:41:f1:20:a2:9c:6d:3e:72:
                    e8:ae:e6:3a:fe:7c:09:f1:ca:2c:a9:87:5f:27:37:
                    12:65:1e:98:a4:f8:b1:87:53:61:5f:b5:7e:e3:7d:
                    c2:11:ab:10:7b:de:78:b6:e7:d3:8f:ae:de:6c:f2:
                    c6:1e:77:28:ff:c1:5f:1e:6a:1d:84:ff:70:93:cd:
                    99:31:5c:aa:84:6d:9c:b8:78:2f:78:4c:d0:95:57:
                    84:45:1e:11:b8:36:e3:ff:86:24:18:8f:bd:b3:48:
                    33:06:c7:d5:60:94:e0:bd:48:d9:c2:36:d5:8e:25:
                    57:8b:64:0f:57:dc:9c:33:77:66:0d:53:05:65:9a:
                    58:58:4f:36:6d:18:38:81:4d:3f:c3:22:04:0f:90:
                    7b:e8:17:5c:cd:d6:66:a0:2d:1c:0d:68:51:e3:d9:
                    42:4e:1f:28:0b:1a:94:1a:9b:09:03:46:ac:55:da:
                    70:f4:a6:ce:ec:b7:09:e9:40:37:e7:86:78:5a:2f:
                    e5:7d:56:3e:31:bc:0b:fa:4b:18:8c:a9:31:1b:9b:
                    8f:99:34:fd:f1:99:0e:2b:6e:89:56:b5:a5:81:1d:
                    94:4a:95:80:ad:f4:0a:cf:d3:cb:d2:cc:5b:72:f2:
                    8c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5A:9F:AF:2C:CF:BF:8A:E7:3F:48:63:6A:F9:BC:9D:4E:D4:35:4C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rFqfryzPv4rnP0hjavm8nU7UNUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:7c:a5:12:f9:80:74:39:20:ba:14:81:53:26:3a:00:1c:c5:
         09:e9:46:73:1f:17:eb:f5:85:21:78:da:a3:51:5d:98:11:85:
         33:c8:ef:97:b7:c0:68:09:39:a5:ff:83:bf:e6:be:71:2d:66:
         ca:6e:6b:2a:e5:6e:e1:83:ef:9e:a5:6e:39:7e:40:71:f3:4e:
         48:8b:d0:70:af:a0:75:af:14:15:df:d6:99:d5:4c:6d:a3:58:
         15:8a:0b:a5:08:fd:c8:f8:ff:31:97:8f:4f:a6:94:19:99:b4:
         b1:6c:b1:8f:7b:e3:3b:57:68:64:64:8d:7d:92:c9:9e:2c:02:
         6e:a1:5c:fa:a6:8f:2b:ae:87:7f:b4:68:41:f6:6e:9e:e2:ff:
         ea:70:6c:db:16:f9:35:05:39:06:44:2b:e8:da:50:1f:85:bd:
         c4:16:6f:3b:80:10:6d:9d:4c:13:75:50:c1:4d:7e:ae:87:61:
         f0:06:4c:1f:96:ca:fe:7b:b1:a2:09:bf:30:cc:db:af:93:2d:
         3e:f7:f5:42:39:f8:55:27:c1:95:5f:fb:95:7b:29:4b:e2:08:
         b8:85:07:92:63:f8:76:45:e5:17:da:74:36:bd:82:b6:5b:67:
         1a:64:aa:39:bc:76:f6:62:4e:6e:f7:2c:2b:77:ca:fa:1b:ac:
         ae:14:45:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0/dOR2ceYLjiFpwYUUmZ2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVhOWZhZjJjY2ZiZjhhZTczZjQ4NjM2YWY5YmM5ZDRlZDQzNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilA7it+4rXBlN5YXrpFAmaJhBtat
QfEgopxtPnLoruY6/nwJ8cosqYdfJzcSZR6YpPixh1NhX7V+433CEasQe954tufT
j67ebPLGHnco/8FfHmodhP9wk82ZMVyqhG2cuHgveEzQlVeERR4RuDbj/4YkGI+9
s0gzBsfVYJTgvUjZwjbVjiVXi2QPV9ycM3dmDVMFZZpYWE82bRg4gU0/wyIED5B7
6BdczdZmoC0cDWhR49lCTh8oCxqUGpsJA0asVdpw9KbO7LcJ6UA354Z4Wi/lfVY+
MbwL+ksYjKkxG5uPmTT98ZkOK26JVrWlgR2USpWArfQKz9PL0sxbcvKM7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxan68sz7+K5z9IY2r5vJ1O1DVMMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvckZxZnJ5elB2NHJuUDBoamF2bThuVTdVTlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtjMA0G
CSqGSIb3DQEBCwUAA4IBAQA/fKUS+YB0OSC6FIFTJjoAHMUJ6UZzHxfr9YUheNqj
UV2YEYUzyO+Xt8BoCTml/4O/5r5xLWbKbmsq5W7hg++epW45fkBx805Ii9Bwr6B1
rxQV39aZ1Uxto1gVigulCP3I+P8xl49PppQZmbSxbLGPe+M7V2hkZI19ksmeLAJu
oVz6po8rrod/tGhB9m6e4v/qcGzbFvk1BTkGRCvo2lAfhb3EFm87gBBtnUwTdVDB
TX6uh2HwBkwflsr+e7GiCb8wzNuvky0+9/VCOfhVJ8GVX/uVeylL4gi4hQeSY/h2
ReUX2nQ2vYK2W2caZKo5vHb2Yk5u9ywrd8r6G6yuFEWB
-----END CERTIFICATE-----