Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tc8gvedeE9nNU6CtyMMKkjF2-A0.roa
File:                     tc8gvedeE9nNU6CtyMMKkjF2-A0.roa (raw, json)
Hash identifier:          5O3MvZpSPPle3P/gtfe+2kT875Am4nFde3CgknsULd8=
Subject key identifier:   B5:CF:20:BD:E7:5E:13:D9:CD:53:A0:AD:C8:C3:0A:92:31:76:F8:0D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D4F2F8072308A5C3947BDB0DF000CF76D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tc8gvedeE9nNU6CtyMMKkjF2-A0.roa
Signing time:             Thu 02 Apr 2026 17:13:26 +0000
ROA not before:           Thu 02 Apr 2026 17:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        2.27.112.0/24 maxlen: 24
                          2.27.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4f:2f:80:72:30:8a:5c:39:47:bd:b0:df:00:0c:f7:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  2 17:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5cf20bde75e13d9cd53a0adc8c30a923176f80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:df:dc:2d:d7:e0:a6:a6:93:da:be:12:9c:62:
                    76:93:1e:66:75:54:c6:9c:e2:d0:4c:0b:06:11:76:
                    2f:aa:9e:01:14:97:a7:bf:fa:dd:e5:4f:95:73:b5:
                    6c:ec:3b:28:eb:b0:ad:ed:a0:8c:b2:e2:80:bf:47:
                    56:48:22:c6:44:97:8c:19:15:11:f8:69:40:fa:b2:
                    d6:32:6a:dd:9c:1c:a4:c1:cf:d7:66:67:8c:77:99:
                    85:cb:38:b6:6f:77:74:39:67:be:0e:d4:30:29:df:
                    2d:db:a1:da:6b:3f:54:f6:8d:bb:4d:d6:8e:cf:6b:
                    b5:58:61:ac:cb:51:57:6f:99:19:7b:9d:2c:c1:d3:
                    57:38:f3:61:14:29:d2:ea:6d:bf:43:96:a6:2e:c0:
                    39:d3:8f:80:af:b2:5e:27:87:9b:74:ec:6b:cd:b1:
                    48:4c:26:be:40:bf:84:e9:e2:10:4f:0a:f7:c7:e0:
                    1d:d3:31:44:62:c4:70:0b:7b:76:63:8f:84:b4:73:
                    08:13:aa:1c:01:94:db:3c:f7:8a:f9:c2:4a:ad:df:
                    b9:98:ec:de:44:7e:68:24:40:d7:78:12:9f:77:15:
                    06:92:0c:de:e9:4c:38:ed:08:31:88:b1:81:18:1e:
                    4d:49:e1:22:d6:f3:6b:84:de:b6:38:66:61:8f:37:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CF:20:BD:E7:5E:13:D9:CD:53:A0:AD:C8:C3:0A:92:31:76:F8:0D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tc8gvedeE9nNU6CtyMMKkjF2-A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.112.0/24
                  2.27.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:cf:dc:a1:26:ca:1a:44:dd:66:bf:9f:ae:74:9b:e5:ff:b3:
         39:f2:30:8a:12:53:0f:b9:11:6c:bd:5c:cd:6f:5e:b1:71:c5:
         72:2b:79:51:58:dd:02:a5:33:a9:f5:43:7d:41:43:5d:71:51:
         49:b4:c0:34:86:7c:80:37:0f:3a:db:31:88:77:92:e4:87:19:
         8d:55:22:16:72:12:10:27:7b:14:05:54:6a:45:8a:0a:69:3d:
         7a:19:a1:e6:b8:8f:84:da:4a:cb:77:b5:4d:f6:7d:fb:4f:6a:
         42:59:a1:93:98:88:30:bd:bf:83:45:46:70:33:79:f3:a9:39:
         21:dc:3a:45:d0:02:0a:d5:39:54:95:75:c7:41:17:19:25:6b:
         35:f1:e6:f1:dd:e8:88:5e:c3:c9:95:3f:ed:ff:50:c7:b9:96:
         61:3a:99:8d:bf:3b:bc:38:38:5c:23:d3:ce:76:61:d3:c2:66:
         46:3b:48:63:a7:cd:a4:49:35:d5:3d:b8:d3:95:c4:2f:e5:41:
         38:8c:27:95:0a:ae:2e:e5:a0:22:36:8e:7f:1f:60:94:63:9a:
         19:56:9d:91:88:e5:82:ab:83:82:13:10:49:24:7f:34:9d:e7:
         d2:de:74:94:48:04:01:78:a3:da:f3:42:1b:40:3b:30:f4:71:
         4b:cb:3a:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1PL4ByMIpcOUe9sN8ADPdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAyMTcxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNmMjBiZGU3NWUxM2Q5Y2Q1M2EwYWRjOGMzMGE5MjMxNzZmODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAit/cLdfgpqaT2r4SnGJ2kx5mdVTG
nOLQTAsGEXYvqp4BFJenv/rd5U+Vc7Vs7Dso67Ct7aCMsuKAv0dWSCLGRJeMGRUR
+GlA+rLWMmrdnBykwc/XZmeMd5mFyzi2b3d0OWe+DtQwKd8t26Haaz9U9o27TdaO
z2u1WGGsy1FXb5kZe50swdNXOPNhFCnS6m2/Q5amLsA504+Ar7JeJ4ebdOxrzbFI
TCa+QL+E6eIQTwr3x+Ad0zFEYsRwC3t2Y4+EtHMIE6ocAZTbPPeK+cJKrd+5mOze
RH5oJEDXeBKfdxUGkgze6Uw47QgxiLGBGB5NSeEi1vNrhN62OGZhjzf7OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLXPIL3nXhPZzVOgrcjDCpIxdvgNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdGM4Z3ZlZGVFOW5OVTZDdHlNTUtrakYyLUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtwAwQA
AhuZMA0GCSqGSIb3DQEBCwUAA4IBAQCez9yhJsoaRN1mv5+udJvl/7M58jCKElMP
uRFsvVzNb16xccVyK3lRWN0CpTOp9UN9QUNdcVFJtMA0hnyANw862zGId5LkhxmN
VSIWchIQJ3sUBVRqRYoKaT16GaHmuI+E2krLd7VN9n37T2pCWaGTmIgwvb+DRUZw
M3nzqTkh3DpF0AIK1TlUlXXHQRcZJWs18ebx3eiIXsPJlT/t/1DHuZZhOpmNvzu8
ODhcI9POdmHTwmZGO0hjp82kSTXVPbjTlcQv5UE4jCeVCq4u5aAiNo5/H2CUY5oZ
Vp2RiOWCq4OCExBJJH80nefS3nSUSAQBeKPa80IbQDsw9HFLyzou
-----END CERTIFICATE-----