Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wqhNYt1SWMBuH_REXuvNpA-ObWQ.roa
File:                     wqhNYt1SWMBuH_REXuvNpA-ObWQ.roa (raw, json)
Hash identifier:          P+fRL5o+jjs4VJmhL9VxMYZiOoIZxfHC+2s0LZZdc0s=
Subject key identifier:   C2:A8:4D:62:DD:52:58:C0:6E:1F:F4:44:5E:EB:CD:A4:0F:8E:6D:64
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D8D3DA5CDCB8DAD9B82DDD7EF2F7AD2FB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wqhNYt1SWMBuH_REXuvNpA-ObWQ.roa
Signing time:             Tue 14 Apr 2026 18:25:20 +0000
ROA not before:           Tue 14 Apr 2026 18:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48678
IP address blocks:        2.26.140.0/24 maxlen: 24
                          193.23.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8d:3d:a5:cd:cb:8d:ad:9b:82:dd:d7:ef:2f:7a:d2:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 14 18:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2a84d62dd5258c06e1ff4445eebcda40f8e6d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:96:c7:8c:96:c4:94:53:aa:cb:bd:97:45:7e:
                    10:f4:6c:fd:7b:9f:17:57:a1:20:f1:86:42:a1:7e:
                    98:e2:c8:1f:ba:67:7f:d2:a0:9c:96:e8:30:91:a9:
                    61:3a:8c:27:7b:de:56:55:81:11:f9:e8:50:68:0e:
                    ec:7d:20:3c:c8:99:a4:24:3d:16:1c:3a:1b:f9:b6:
                    96:5c:3c:9d:f5:a2:cf:6b:50:1e:cb:b0:ba:8b:dc:
                    68:b0:fd:d8:96:22:d6:38:38:92:f2:00:15:7b:18:
                    e2:d4:1a:a5:bb:99:be:f6:a4:9b:d9:1c:5f:8e:08:
                    ec:ca:98:a8:db:9c:c9:63:ba:fd:0c:f6:52:23:59:
                    2d:13:c9:77:a3:22:f6:b0:0e:cd:7b:20:1a:fa:15:
                    3e:b0:18:9f:15:c2:57:2e:0a:ce:30:08:7a:3b:68:
                    0c:a0:e3:91:ad:eb:a0:6e:81:73:05:dc:47:3d:5c:
                    90:5d:10:dc:1c:c3:28:5e:6d:0d:d7:35:03:b8:49:
                    53:34:5d:2f:01:45:78:e2:bf:6b:8e:df:c5:1f:8d:
                    22:c8:94:7d:53:76:d5:8f:7e:01:5b:3c:96:bd:aa:
                    03:05:c2:b7:38:c8:08:3f:43:39:52:8a:a2:50:9b:
                    f0:f0:16:14:39:cf:d1:c6:8e:4b:11:ca:55:82:ef:
                    7a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A8:4D:62:DD:52:58:C0:6E:1F:F4:44:5E:EB:CD:A4:0F:8E:6D:64
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wqhNYt1SWMBuH_REXuvNpA-ObWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.140.0/24
                  193.23.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:6a:3d:01:f6:0f:49:d7:a0:4d:80:bc:79:3f:5a:c0:b7:82:
         e5:84:b3:5e:f9:5d:3e:8f:4c:2c:da:ea:f7:c7:23:a1:e6:f6:
         a9:dc:4a:a9:a7:22:37:04:7d:34:78:61:69:02:16:64:3e:9b:
         dd:61:b9:53:fd:7c:90:0a:35:79:41:b6:0d:91:88:67:d0:8e:
         3d:de:fa:02:e2:4f:2e:9e:13:82:db:cf:47:37:10:5a:51:e2:
         b3:0d:e6:45:8b:77:91:af:13:82:c4:9d:c7:3e:2a:e3:f8:df:
         71:1d:bd:78:79:46:17:a8:88:1c:57:c3:4e:25:a0:b8:9e:41:
         f8:a3:36:c5:92:47:33:c0:c6:94:ec:f4:0d:3f:d8:44:4e:5f:
         86:39:4b:ed:ce:ed:78:3f:53:49:33:42:2e:fb:13:6d:59:62:
         72:eb:d6:6c:7b:ba:41:d9:fd:6f:0a:94:4e:68:ce:d5:a0:bb:
         ae:17:d1:8d:da:85:5f:5f:c6:42:f9:03:eb:7f:ee:cc:90:22:
         33:9d:4b:39:98:bc:32:1c:2b:fb:ea:f4:84:33:83:33:a4:4b:
         08:61:d2:05:e8:6a:5c:fa:e6:03:97:b8:6e:ec:1b:9d:1f:d1:
         5a:c3:c4:13:89:e4:2b:6a:44:a6:7f:cb:5e:80:cd:48:39:e8:
         62:11:c5:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2NPaXNy42tm4Ld1+8vetL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MTgyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE4NGQ2MmRkNTI1OGMwNmUxZmY0NDQ1ZWViY2RhNDBmOGU2ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZbHjJbElFOqy72XRX4Q9Gz9e58X
V6Eg8YZCoX6Y4sgfumd/0qCclugwkalhOowne95WVYER+ehQaA7sfSA8yJmkJD0W
HDob+baWXDyd9aLPa1Aey7C6i9xosP3YliLWODiS8gAVexji1Bqlu5m+9qSb2Rxf
jgjsypio25zJY7r9DPZSI1ktE8l3oyL2sA7NeyAa+hU+sBifFcJXLgrOMAh6O2gM
oOORreugboFzBdxHPVyQXRDcHMMoXm0N1zUDuElTNF0vAUV44r9rjt/FH40iyJR9
U3bVj34BWzyWvaoDBcK3OMgIP0M5UoqiUJvw8BYUOc/Rxo5LEcpVgu96MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKoTWLdUljAbh/0RF7rzaQPjm1kMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvd3FoTll0MVNXTUJ1SF9SRVh1dk5wQS1PYldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqMAwQA
wRffMA0GCSqGSIb3DQEBCwUAA4IBAQCJaj0B9g9J16BNgLx5P1rAt4LlhLNe+V0+
j0ws2ur3xyOh5vap3EqppyI3BH00eGFpAhZkPpvdYblT/XyQCjV5QbYNkYhn0I49
3voC4k8unhOC289HNxBaUeKzDeZFi3eRrxOCxJ3HPirj+N9xHb14eUYXqIgcV8NO
JaC4nkH4ozbFkkczwMaU7PQNP9hETl+GOUvtzu14P1NJM0Iu+xNtWWJy69Zse7pB
2f1vCpROaM7VoLuuF9GN2oVfX8ZC+QPrf+7MkCIznUs5mLwyHCv76vSEM4MzpEsI
YdIF6Gpc+uYDl7hu7BudH9Faw8QTieQrakSmf8tegM1IOehiEcVG
-----END CERTIFICATE-----