Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZwJCknQERKx3ymNehax30x1e8c.roa
File:                     vZwJCknQERKx3ymNehax30x1e8c.roa (raw, json)
Hash identifier:          JKgLSe5OJWjst5CPGsYOsQazkk0ApVb6TNyRihZhHQc=
Subject key identifier:   BD:9C:09:0A:49:D0:11:12:B1:DF:29:8D:7A:16:B1:DF:4C:75:7B:C7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3F6727C331C023E1867484EB2474B652
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZwJCknQERKx3ymNehax30x1e8c.roa
Signing time:             Mon 30 Mar 2026 15:40:18 +0000
ROA not before:           Mon 30 Mar 2026 15:40:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200239
IP address blocks:        2.27.78.0/24 maxlen: 24
                          185.229.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3f:67:27:c3:31:c0:23:e1:86:74:84:eb:24:74:b6:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 15:40:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd9c090a49d01112b1df298d7a16b1df4c757bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:35:ef:3c:5e:c6:f5:e5:31:da:bc:80:f9:dd:
                    71:b8:75:30:67:f9:c4:ad:4f:a0:0f:50:fb:bf:4e:
                    24:8a:48:80:d9:72:f1:c7:01:1c:e2:ef:53:dc:03:
                    c5:31:95:de:eb:c0:01:87:9f:8c:81:04:40:30:ff:
                    f0:f9:22:0a:b6:4a:30:fb:f6:21:e0:31:cd:e4:b4:
                    31:4d:5f:71:3f:4f:d7:91:18:1c:73:97:1e:1a:0d:
                    0e:0f:90:ee:b7:6f:43:1a:f4:15:91:3d:83:cd:ba:
                    52:8e:ad:fd:7e:4e:26:0e:79:82:1b:3b:4e:3d:30:
                    bd:b0:ed:3a:14:75:63:a4:c5:0b:82:c7:fc:f9:fe:
                    47:7a:ee:14:95:13:07:cc:2d:a2:b8:ee:2c:6d:9f:
                    6f:fe:ec:36:8a:68:dc:cd:4c:ec:84:2f:1a:51:33:
                    04:68:1c:17:4a:43:43:e6:64:8b:bc:06:0a:79:59:
                    7d:87:fa:1e:25:cd:4b:8c:a2:55:d3:be:7c:00:f1:
                    19:a0:9e:31:9e:49:15:28:ef:2c:d0:6e:56:fa:cb:
                    9c:f4:14:fc:07:6c:5a:da:c7:99:09:ed:5d:cd:1d:
                    92:b6:87:23:25:f8:4d:5b:dc:dc:9a:a5:5d:aa:23:
                    02:ee:d4:ee:f0:dc:70:a0:6d:b8:d4:e0:ba:07:84:
                    b9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9C:09:0A:49:D0:11:12:B1:DF:29:8D:7A:16:B1:DF:4C:75:7B:C7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZwJCknQERKx3ymNehax30x1e8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.78.0/24
                  185.229.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1e:ab:80:67:c5:23:a9:91:c6:70:27:b7:6f:cb:f9:97:9a:
         1a:bb:53:88:d5:a1:bb:b8:a9:5e:81:70:bd:b4:91:7c:e4:9e:
         f5:5a:30:c1:69:7f:51:7f:15:5b:d4:75:60:7b:06:d7:fc:7f:
         a7:e5:7d:79:7a:fd:d4:66:3c:ae:52:88:87:e2:c3:f9:9b:06:
         b1:ff:63:ee:84:7b:70:21:ac:28:0c:19:4f:0b:98:ec:23:8b:
         ac:65:de:03:62:05:8f:02:96:d5:1b:39:39:1a:25:e8:5e:37:
         ba:9a:13:e4:0c:7e:7d:9f:8e:6b:33:8f:39:94:8b:e9:c2:17:
         44:d4:bd:25:62:b3:f3:db:11:1b:50:86:61:a2:0a:bc:86:2f:
         c4:4c:08:db:9d:89:ce:31:41:06:e5:93:7b:41:15:b0:b8:f9:
         4d:fd:ea:c6:95:72:77:3c:2d:32:79:0c:99:ef:a3:6e:4d:b2:
         71:fe:f6:cb:0c:4b:99:97:5e:65:17:73:06:2d:4b:b8:76:cd:
         45:d6:ce:02:78:31:40:90:e9:81:c6:32:89:fc:43:fd:1f:23:
         10:14:9c:d9:51:03:86:1a:93:13:24:a7:42:bb:7f:28:ef:86:
         7c:49:02:61:15:74:39:95:23:dc:38:9c:74:37:ec:66:45:e2:
         b9:5e:e4:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0/ZyfDMcAj4YZ0hOskdLZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMTU0MDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDljMDkwYTQ5ZDAxMTEyYjFkZjI5OGQ3YTE2YjFkZjRjNzU3YmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTXvPF7G9eUx2ryA+d1xuHUwZ/nE
rU+gD1D7v04kikiA2XLxxwEc4u9T3APFMZXe68ABh5+MgQRAMP/w+SIKtkow+/Yh
4DHN5LQxTV9xP0/XkRgcc5ceGg0OD5Dut29DGvQVkT2DzbpSjq39fk4mDnmCGztO
PTC9sO06FHVjpMULgsf8+f5Heu4UlRMHzC2iuO4sbZ9v/uw2imjczUzshC8aUTME
aBwXSkND5mSLvAYKeVl9h/oeJc1LjKJV0758APEZoJ4xnkkVKO8s0G5W+suc9BT8
B2xa2seZCe1dzR2StocjJfhNW9zcmqVdqiMC7tTu8NxwoG241OC6B4S5LQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL2cCQpJ0BESsd8pjXoWsd9MdXvHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdlp3SkNrblFFUkt4M3ltTmVoYXgzMHgxZThjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtOAwQA
ueXcMA0GCSqGSIb3DQEBCwUAA4IBAQApHquAZ8UjqZHGcCe3b8v5l5oau1OI1aG7
uKlegXC9tJF85J71WjDBaX9RfxVb1HVgewbX/H+n5X15ev3UZjyuUoiH4sP5mwax
/2PuhHtwIawoDBlPC5jsI4usZd4DYgWPApbVGzk5GiXoXje6mhPkDH59n45rM485
lIvpwhdE1L0lYrPz2xEbUIZhogq8hi/ETAjbnYnOMUEG5ZN7QRWwuPlN/erGlXJ3
PC0yeQyZ76NuTbJx/vbLDEuZl15lF3MGLUu4ds1F1s4CeDFAkOmBxjKJ/EP9HyMQ
FJzZUQOGGpMTJKdCu38o74Z8SQJhFXQ5lSPcOJx0N+xmReK5XuSI
-----END CERTIFICATE-----