Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xBEXJnGEkfnccMEgBFjh0XzVRv0.roa
File:                     xBEXJnGEkfnccMEgBFjh0XzVRv0.roa (raw, json)
Hash identifier:          EuaJVBi14Z2aC5G0C+m6rZzHdDp/B2wMBvkhrgZ29mI=
Subject key identifier:   C4:11:17:26:71:84:91:F9:DC:70:C1:20:04:58:E1:D1:7C:D5:46:FD
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D7B7CF77D86EF69CE76820FB7A274AA13
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xBEXJnGEkfnccMEgBFjh0XzVRv0.roa
Signing time:             Sat 11 Apr 2026 07:41:20 +0000
ROA not before:           Sat 11 Apr 2026 07:41:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400529
IP address blocks:        2.27.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7b:7c:f7:7d:86:ef:69:ce:76:82:0f:b7:a2:74:aa:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 11 07:41:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4111726718491f9dc70c1200458e1d17cd546fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dc:fb:21:85:49:ed:7d:fc:f3:a8:ac:d7:71:
                    02:35:5c:07:1f:c4:33:22:db:1c:56:fd:a8:da:2a:
                    7c:9c:ec:01:b7:2f:fd:8a:ac:e7:d1:d2:3d:37:1a:
                    b4:f8:ae:b7:ca:ef:7b:5e:02:43:82:73:b6:0b:cd:
                    fb:46:70:1d:c6:82:55:76:40:fe:4d:b8:7a:e7:98:
                    46:c6:83:e0:56:64:62:2e:59:90:4d:7d:e6:b1:42:
                    c5:ae:f5:77:d5:13:cf:61:25:28:cc:84:c1:7f:fc:
                    24:d8:7a:b6:1f:0f:0f:6b:8e:4b:51:88:5f:38:7c:
                    4c:dc:06:f7:11:45:34:77:68:aa:01:4a:e9:52:53:
                    2a:98:1e:8f:3b:5f:ab:15:d9:e4:12:3e:c4:7e:ed:
                    e0:06:3a:3c:1f:81:ea:3c:c5:e1:70:40:0a:2d:14:
                    73:58:33:92:33:bc:33:2f:c5:70:57:85:93:90:7e:
                    b5:93:70:b8:ab:36:a7:0a:12:4c:49:8c:27:a0:ff:
                    a8:43:df:4f:76:42:4b:38:d4:9a:c6:4e:4c:cf:6e:
                    64:ee:0c:92:56:de:ee:72:9a:e1:ea:6d:19:49:84:
                    35:49:42:2c:6c:00:6a:6f:86:f5:b5:e2:58:0b:0d:
                    6e:2d:b2:5c:40:2a:8e:c7:49:a1:36:69:b9:98:86:
                    82:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:11:17:26:71:84:91:F9:DC:70:C1:20:04:58:E1:D1:7C:D5:46:FD
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xBEXJnGEkfnccMEgBFjh0XzVRv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:3e:d7:fd:cd:6b:c7:04:eb:5c:20:02:0b:a4:19:85:7b:c7:
         21:bd:30:c3:8c:cb:3a:bd:7b:a6:7b:ab:fd:f4:64:c8:1c:fe:
         f8:12:ce:15:96:55:16:55:05:49:10:7b:a2:0d:36:52:ba:ce:
         88:59:f0:d2:db:31:56:5b:c0:c0:7b:a9:34:81:13:ec:4b:c6:
         11:76:9b:3d:06:a0:e3:6b:0e:4a:a7:98:f4:07:e8:40:de:b4:
         2a:df:ed:0b:13:0d:1b:8e:e3:26:1b:13:31:88:aa:31:c4:14:
         fa:7c:4f:82:e3:d2:f3:ac:22:19:08:bc:af:22:1a:36:42:82:
         58:78:d9:b2:c8:d5:dc:76:53:14:06:c4:6c:92:42:46:0e:1a:
         48:f5:6f:6a:05:a5:b3:04:28:8a:a5:39:18:af:de:26:a5:e3:
         63:ea:93:a6:93:fb:d4:81:36:ba:0f:42:e3:91:d1:66:89:c2:
         77:e0:e6:4f:a5:e7:4e:da:84:d8:4f:2f:3d:36:f8:f6:77:c0:
         9a:0d:74:cf:dd:3f:5d:7b:98:39:66:15:a5:4f:36:44:6d:2b:
         49:4d:d7:41:0c:eb:6c:db:fa:5c:30:ee:6e:4e:0a:01:81:19:
         cb:f9:43:94:ff:4d:5b:dd:a4:85:c6:89:8f:e6:7c:52:ef:9f:
         07:cb:a9:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ17fPd9hu9pznaCD7eidKoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDExMDc0MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDExMTcyNjcxODQ5MWY5ZGM3MGMxMjAwNDU4ZTFkMTdjZDU0NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNz7IYVJ7X3886is13ECNVwHH8Qz
ItscVv2o2ip8nOwBty/9iqzn0dI9Nxq0+K63yu97XgJDgnO2C837RnAdxoJVdkD+
Tbh655hGxoPgVmRiLlmQTX3msULFrvV31RPPYSUozITBf/wk2Hq2Hw8Pa45LUYhf
OHxM3Ab3EUU0d2iqAUrpUlMqmB6PO1+rFdnkEj7Efu3gBjo8H4HqPMXhcEAKLRRz
WDOSM7wzL8VwV4WTkH61k3C4qzanChJMSYwnoP+oQ99PdkJLONSaxk5Mz25k7gyS
Vt7ucprh6m0ZSYQ1SUIsbABqb4b1teJYCw1uLbJcQCqOx0mhNmm5mIaCJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQRFyZxhJH53HDBIARY4dF81Ub9MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveEJFWEpuR0VrZm5jY01FZ0JGamgwWHpWUnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhunMA0G
CSqGSIb3DQEBCwUAA4IBAQBvPtf9zWvHBOtcIAILpBmFe8chvTDDjMs6vXume6v9
9GTIHP74Es4VllUWVQVJEHuiDTZSus6IWfDS2zFWW8DAe6k0gRPsS8YRdps9BqDj
aw5Kp5j0B+hA3rQq3+0LEw0bjuMmGxMxiKoxxBT6fE+C49LzrCIZCLyvIho2QoJY
eNmyyNXcdlMUBsRskkJGDhpI9W9qBaWzBCiKpTkYr94mpeNj6pOmk/vUgTa6D0Lj
kdFmicJ34OZPpedO2oTYTy89Nvj2d8CaDXTP3T9de5g5ZhWlTzZEbStJTddBDOts
2/pcMO5uTgoBgRnL+UOU/01b3aSFxomP5nxS758Hy6kK
-----END CERTIFICATE-----