Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vBB2S6dINX2WOC4D12FUpL1GtCg.roa
File:                     vBB2S6dINX2WOC4D12FUpL1GtCg.roa (raw, json)
Hash identifier:          P88HMW3JGBKmU8pajQlDPkW5MoHoGcMQRgSDBe/uq/w=
Subject key identifier:   BC:10:76:4B:A7:48:35:7D:96:38:2E:03:D7:61:54:A4:BD:46:B4:28
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E56AFBBFB5911495CFA4A1A724C03F5F2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vBB2S6dINX2WOC4D12FUpL1GtCg.roa
Signing time:             Sat 23 May 2026 21:13:37 +0000
ROA not before:           Sat 23 May 2026 21:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215120
IP address blocks:        2.27.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:56:af:bb:fb:59:11:49:5c:fa:4a:1a:72:4c:03:f5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 23 21:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc10764ba748357d96382e03d76154a4bd46b428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ea:b0:4a:fd:7b:62:80:57:e1:f7:85:dd:b9:
                    51:7f:9d:c7:47:b3:b1:f5:36:a9:67:e2:0b:86:42:
                    fc:f7:19:b7:be:8d:1b:82:a6:c0:b6:d5:af:51:7b:
                    f3:ab:76:2f:6d:24:dd:22:c6:5b:82:0c:83:59:0d:
                    a1:a7:99:23:96:87:93:e5:b2:21:26:66:ab:1d:e1:
                    aa:5e:de:e1:ea:a5:6b:7b:29:68:d4:f5:2f:45:a6:
                    f5:96:97:a7:2e:1c:97:3c:bc:cd:41:67:76:01:4f:
                    f1:77:05:6f:a6:11:7d:4b:9c:e8:d9:5f:ad:3d:93:
                    ce:2f:92:1e:41:6d:ac:25:1e:c4:64:1b:6e:39:90:
                    6c:7f:b4:41:22:d6:9c:43:75:71:ec:ea:9f:fa:c8:
                    ca:49:66:34:63:ea:16:bd:e9:b6:68:bf:8c:87:a4:
                    14:0f:50:2c:04:91:9f:53:4a:fb:63:17:78:70:43:
                    3f:d4:ee:6a:95:80:11:4b:e0:a7:ea:af:06:8f:d1:
                    47:ac:89:8c:73:18:fd:6e:e2:dc:70:95:c8:27:24:
                    39:f4:2b:6d:ac:74:38:6b:01:f8:26:c0:a6:bb:31:
                    e4:f2:5a:db:f9:47:6d:be:9f:38:e9:c9:b1:d4:ff:
                    f6:4e:40:30:40:31:03:93:7b:33:f9:43:59:22:f7:
                    75:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:10:76:4B:A7:48:35:7D:96:38:2E:03:D7:61:54:A4:BD:46:B4:28
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vBB2S6dINX2WOC4D12FUpL1GtCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b1:be:a3:63:3f:4e:26:4d:63:54:ab:72:0c:e4:90:33:3a:
         99:3e:8e:47:01:de:10:81:6e:b9:57:af:bd:da:25:29:f0:1e:
         b9:e8:79:76:69:c4:6e:b6:e7:7e:8c:23:89:7b:85:ed:53:b2:
         68:13:2e:90:d1:94:50:04:14:48:1b:1d:c0:42:62:8b:2c:fa:
         65:49:e9:2a:21:18:e6:96:0f:86:5d:7f:a7:cc:76:fc:a2:f0:
         7c:5d:7f:ea:1a:41:35:ce:f7:14:34:a9:97:f0:19:c8:eb:09:
         0f:29:af:36:1a:22:98:54:5f:64:89:ca:64:94:a5:73:e7:3e:
         7b:8b:09:2e:a7:72:4c:d1:a9:d6:9b:d9:ab:9e:81:93:18:d9:
         21:b6:72:8e:65:01:43:61:4e:65:dd:69:cd:4d:16:2a:e4:5c:
         48:2f:55:f1:2c:48:c6:f5:c0:b4:06:21:96:20:d5:b7:61:fa:
         68:e0:b0:ed:6f:07:7b:de:c9:3f:2e:c7:d4:d8:73:ba:44:af:
         70:aa:d4:c3:40:e4:2d:53:5c:d3:96:da:a8:66:b7:a0:d6:19:
         19:5b:27:47:c0:3f:ed:02:05:e6:9a:9a:11:ec:7d:20:c2:68:
         ca:34:b7:6a:1f:d4:f5:6f:e9:00:08:fb:90:e6:5b:bb:d6:e1:
         40:6e:76:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Wr7v7WRFJXPpKGnJMA/XyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIzMjExMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzEwNzY0YmE3NDgzNTdkOTYzODJlMDNkNzYxNTRhNGJkNDZiNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuqwSv17YoBX4feF3blRf53HR7Ox
9TapZ+ILhkL89xm3vo0bgqbAttWvUXvzq3YvbSTdIsZbggyDWQ2hp5kjloeT5bIh
JmarHeGqXt7h6qVreylo1PUvRab1lpenLhyXPLzNQWd2AU/xdwVvphF9S5zo2V+t
PZPOL5IeQW2sJR7EZBtuOZBsf7RBItacQ3Vx7Oqf+sjKSWY0Y+oWvem2aL+Mh6QU
D1AsBJGfU0r7Yxd4cEM/1O5qlYARS+Cn6q8Gj9FHrImMcxj9buLccJXIJyQ59Ctt
rHQ4awH4JsCmuzHk8lrb+Udtvp846cmx1P/2TkAwQDEDk3sz+UNZIvd1VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwQdkunSDV9ljguA9dhVKS9RrQoMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdkJCMlM2ZElOWDJXT0M0RDEyRlVwTDFHdENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtuMA0G
CSqGSIb3DQEBCwUAA4IBAQCcsb6jYz9OJk1jVKtyDOSQMzqZPo5HAd4QgW65V6+9
2iUp8B656Hl2acRutud+jCOJe4XtU7JoEy6Q0ZRQBBRIGx3AQmKLLPplSekqIRjm
lg+GXX+nzHb8ovB8XX/qGkE1zvcUNKmX8BnI6wkPKa82GiKYVF9kicpklKVz5z57
iwkup3JM0anWm9mrnoGTGNkhtnKOZQFDYU5l3WnNTRYq5FxIL1XxLEjG9cC0BiGW
INW3Yfpo4LDtbwd73sk/LsfU2HO6RK9wqtTDQOQtU1zTltqoZreg1hkZWydHwD/t
AgXmmpoR7H0gwmjKNLdqH9T1b+kACPuQ5lu71uFAbnZ8
-----END CERTIFICATE-----