Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xbnpwzjsOr2emRCLaLP9lbpoIlM.roa
File:                     xbnpwzjsOr2emRCLaLP9lbpoIlM.roa (raw, json)
Hash identifier:          SCaEH0F3+OL1lOsAoFYf8p0RpWbYwDoLoob9tKVQ5OM=
Subject key identifier:   C5:B9:E9:C3:38:EC:3A:BD:9E:99:10:8B:68:B3:FD:95:BA:68:22:53
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D9726971F2CF0757D2FD0946AB8E6E6B3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xbnpwzjsOr2emRCLaLP9lbpoIlM.roa
Signing time:             Thu 16 Apr 2026 16:36:21 +0000
ROA not before:           Thu 16 Apr 2026 16:36:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402203
IP address blocks:        2.27.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:26:97:1f:2c:f0:75:7d:2f:d0:94:6a:b8:e6:e6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 16:36:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5b9e9c338ec3abd9e99108b68b3fd95ba682253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:31:d7:89:6d:e1:87:8a:34:83:a7:9c:e7:fa:
                    ae:45:57:1e:be:c5:0e:4e:58:93:f8:95:3d:35:c7:
                    fd:82:08:00:0d:fe:12:a8:e1:65:01:28:8c:8a:a5:
                    ec:ba:2f:5f:1e:d1:98:3f:7a:a0:93:c4:0f:f5:66:
                    b3:35:3b:42:e8:6d:30:bb:7d:30:27:68:d9:e5:68:
                    a7:cb:b7:9c:9d:56:cd:46:9e:d5:55:c7:f6:01:43:
                    c1:99:fc:99:be:2f:5c:4a:5f:25:f8:10:6a:cb:3d:
                    ab:df:35:1c:95:b2:d0:d0:b7:f0:d6:65:e2:2b:be:
                    b2:ef:00:c4:75:76:14:09:1f:3c:fe:17:20:22:d7:
                    d2:21:dd:76:23:e1:9d:03:8f:39:a5:52:46:88:56:
                    b9:74:f7:dc:96:8f:6c:29:3b:22:61:63:ba:f2:a1:
                    1b:43:5c:91:14:e0:52:8e:8e:64:d9:c7:5a:43:8d:
                    f3:db:08:c5:7f:d2:39:4e:44:38:c0:af:9b:47:72:
                    fa:8f:6d:e5:38:10:24:4a:6f:ec:39:ca:b6:4d:36:
                    d2:fd:d5:b5:83:98:12:3a:b0:c4:d6:21:cb:e6:8d:
                    74:59:b0:42:c6:31:19:5c:0e:5c:9c:10:2c:5a:cc:
                    2e:9c:3a:ac:3b:94:ed:37:53:ad:77:62:1f:50:d0:
                    c9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B9:E9:C3:38:EC:3A:BD:9E:99:10:8B:68:B3:FD:95:BA:68:22:53
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xbnpwzjsOr2emRCLaLP9lbpoIlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:e7:a3:dc:4b:ac:29:c7:0e:30:ef:67:46:b0:b4:59:86:26:
         68:63:a4:45:58:f5:d8:26:ed:67:39:f9:4d:b6:f2:fd:06:21:
         c5:ee:04:6f:2a:81:b8:1f:d0:c1:88:43:ea:09:c1:e2:94:72:
         71:05:36:24:52:8c:c6:70:34:7e:09:aa:1f:4e:06:fd:47:fd:
         f6:dc:3c:35:ee:e2:cb:af:f6:f3:0c:71:2c:a4:7a:29:28:0c:
         fe:52:c9:76:52:28:8e:2b:d4:03:66:14:cd:5a:45:95:5d:2f:
         73:dc:ad:b5:c5:f0:3e:32:dc:e2:83:1b:3e:f7:58:7b:20:20:
         cf:67:1c:95:f1:05:35:1d:6b:1d:ab:3b:5a:06:27:5e:6a:c6:
         40:32:54:3e:3f:e9:65:ad:0b:aa:ae:2b:03:40:53:1c:48:59:
         7a:dd:87:3e:14:45:a3:ff:82:4e:00:be:eb:47:6a:f2:38:71:
         8e:8a:49:d0:59:90:14:06:6e:fd:83:bb:b4:71:45:0c:4c:92:
         74:ba:2f:58:4b:c9:da:43:e8:29:ea:9f:ba:d5:41:c1:33:75:
         34:61:30:9e:47:db:fc:e1:9e:09:d4:2a:39:80:70:9c:d2:e4:
         3e:61:16:9a:31:23:17:4e:23:3d:38:c3:43:a5:0c:f5:8c:d5:
         4f:83:12:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2XJpcfLPB1fS/QlGq45uazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MTYzNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWI5ZTljMzM4ZWMzYWJkOWU5OTEwOGI2OGIzZmQ5NWJhNjgyMjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzHXiW3hh4o0g6ec5/quRVcevsUO
TliT+JU9Ncf9gggADf4SqOFlASiMiqXsui9fHtGYP3qgk8QP9WazNTtC6G0wu30w
J2jZ5Winy7ecnVbNRp7VVcf2AUPBmfyZvi9cSl8l+BBqyz2r3zUclbLQ0Lfw1mXi
K76y7wDEdXYUCR88/hcgItfSId12I+GdA485pVJGiFa5dPfclo9sKTsiYWO68qEb
Q1yRFOBSjo5k2cdaQ43z2wjFf9I5TkQ4wK+bR3L6j23lOBAkSm/sOcq2TTbS/dW1
g5gSOrDE1iHL5o10WbBCxjEZXA5cnBAsWswunDqsO5TtN1Otd2IfUNDJ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMW56cM47Dq9npkQi2iz/ZW6aCJTMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveGJucHd6anNPcjJlbVJDTGFMUDlsYnBvSWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhuvMA0G
CSqGSIb3DQEBCwUAA4IBAQAp56PcS6wpxw4w72dGsLRZhiZoY6RFWPXYJu1nOflN
tvL9BiHF7gRvKoG4H9DBiEPqCcHilHJxBTYkUozGcDR+CaofTgb9R/323Dw17uLL
r/bzDHEspHopKAz+Usl2UiiOK9QDZhTNWkWVXS9z3K21xfA+Mtzigxs+91h7ICDP
ZxyV8QU1HWsdqztaBideasZAMlQ+P+llrQuqrisDQFMcSFl63Yc+FEWj/4JOAL7r
R2ryOHGOiknQWZAUBm79g7u0cUUMTJJ0ui9YS8naQ+gp6p+61UHBM3U0YTCeR9v8
4Z4J1Co5gHCc0uQ+YRaaMSMXTiM9OMNDpQz1jNVPgxJD
-----END CERTIFICATE-----