Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xeUZxn-U4uRvZlpBkbGlspDjK2o.roa
File:                     xeUZxn-U4uRvZlpBkbGlspDjK2o.roa (raw, json)
Hash identifier:          rdbnMFDU0TjC4RKfA2te6Xdsgc/rYrBA06Yi0V+jkVk=
Subject key identifier:   C5:E5:19:C6:7F:94:E2:E4:6F:66:5A:41:91:B1:A5:B2:90:E3:2B:6A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D9CB4662958A097278B2CD631DCFE9F0A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xeUZxn-U4uRvZlpBkbGlspDjK2o.roa
Signing time:             Fri 17 Apr 2026 18:29:21 +0000
ROA not before:           Fri 17 Apr 2026 18:29:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210980
IP address blocks:        2.26.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 20:49:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:b4:66:29:58:a0:97:27:8b:2c:d6:31:dc:fe:9f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 17 18:29:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5e519c67f94e2e46f665a4191b1a5b290e32b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9f:c4:25:14:c3:8c:72:91:96:0a:1c:14:4d:
                    d8:fd:c1:cf:cf:f9:be:c7:47:93:fb:f6:28:16:02:
                    32:00:cc:e2:20:f3:89:7e:a5:48:1f:59:2a:24:5c:
                    76:42:be:43:2e:47:f8:57:3c:c1:22:df:97:eb:ae:
                    66:09:d0:16:7f:28:bd:ba:1d:fc:57:0a:65:fc:9c:
                    9e:b7:96:65:37:0e:8e:11:81:da:53:8e:ae:37:51:
                    05:4e:ec:97:0a:30:fc:f7:82:ff:55:e5:b8:02:52:
                    15:04:b3:27:92:7d:06:cb:4f:29:3b:c8:cb:d6:5c:
                    1e:cc:6b:91:75:d3:d6:b2:0f:75:b9:40:5b:0e:55:
                    65:d0:67:4b:80:c2:de:78:89:fa:33:7b:53:44:b4:
                    34:ac:73:ca:c2:69:37:b7:c1:9b:e8:f6:8f:aa:d1:
                    69:cb:ef:df:03:0c:0a:4a:3c:11:dd:f8:05:55:29:
                    78:cf:d4:ae:11:4d:36:4e:37:48:bb:ed:9e:d0:66:
                    16:59:c2:2d:3b:20:bb:48:3f:10:0c:c2:67:39:11:
                    03:8b:57:db:f2:e1:26:83:6f:1d:41:7c:22:9f:e0:
                    c6:ff:57:42:3f:be:26:cb:db:df:87:52:d5:cc:1a:
                    56:da:d5:36:d6:31:96:3d:cd:e4:d7:e4:e2:c8:66:
                    a3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E5:19:C6:7F:94:E2:E4:6F:66:5A:41:91:B1:A5:B2:90:E3:2B:6A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xeUZxn-U4uRvZlpBkbGlspDjK2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:27:8a:9f:cb:75:f5:33:ff:89:28:aa:5d:ae:62:12:9c:1f:
         0d:96:94:2a:a7:18:f1:b5:36:43:59:11:1d:88:c7:16:00:a5:
         1f:3b:31:fc:a5:55:ba:7b:ce:ad:cb:85:c7:21:b1:56:86:77:
         15:21:3b:93:44:30:89:84:93:93:cd:02:dc:f7:a8:bd:32:8c:
         dc:c5:83:8c:e7:96:1c:f9:1e:b5:e9:59:27:ed:17:71:e9:5c:
         5e:d8:11:e7:36:65:7a:a2:c4:5a:b8:5e:78:12:e6:b3:7a:3c:
         4e:f3:69:88:1b:ff:b8:6f:dd:39:13:06:dd:a1:62:ae:52:9e:
         9b:37:73:3f:a7:ab:49:99:ee:eb:f8:21:bf:6e:9e:8d:ac:85:
         ab:11:47:58:da:c6:9e:26:45:9e:3d:9b:63:88:71:98:58:09:
         c1:63:e9:e3:00:ad:9d:64:9a:0d:fe:59:1c:e6:b5:b1:a8:0c:
         80:73:aa:64:86:78:3a:37:d8:ad:56:85:e8:79:83:bf:a6:50:
         1e:04:2d:03:d3:45:7c:71:db:4f:21:a7:46:30:6a:58:4e:54:
         cd:af:c3:a6:e5:70:78:cd:c2:ce:8a:45:20:cb:1c:f9:b7:87:
         83:07:d0:13:77:96:91:a2:0e:2e:f9:34:db:d8:de:47:93:98:
         68:c1:2c:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2ctGYpWKCXJ4ss1jHc/p8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE3MTgyOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU1MTljNjdmOTRlMmU0NmY2NjVhNDE5MWIxYTViMjkwZTMyYjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ/EJRTDjHKRlgocFE3Y/cHPz/m+
x0eT+/YoFgIyAMziIPOJfqVIH1kqJFx2Qr5DLkf4VzzBIt+X665mCdAWfyi9uh38
Vwpl/Jyet5ZlNw6OEYHaU46uN1EFTuyXCjD894L/VeW4AlIVBLMnkn0Gy08pO8jL
1lwezGuRddPWsg91uUBbDlVl0GdLgMLeeIn6M3tTRLQ0rHPKwmk3t8Gb6PaPqtFp
y+/fAwwKSjwR3fgFVSl4z9SuEU02TjdIu+2e0GYWWcItOyC7SD8QDMJnOREDi1fb
8uEmg28dQXwin+DG/1dCP74my9vfh1LVzBpW2tU21jGWPc3k1+TiyGajqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXlGcZ/lOLkb2ZaQZGxpbKQ4ytqMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveGVVWnhuLVU0dVJ2WmxwQmtiR2xzcERqSzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqHMA0G
CSqGSIb3DQEBCwUAA4IBAQBJJ4qfy3X1M/+JKKpdrmISnB8NlpQqpxjxtTZDWREd
iMcWAKUfOzH8pVW6e86ty4XHIbFWhncVITuTRDCJhJOTzQLc96i9MozcxYOM55Yc
+R616Vkn7Rdx6Vxe2BHnNmV6osRauF54EuazejxO82mIG/+4b905EwbdoWKuUp6b
N3M/p6tJme7r+CG/bp6NrIWrEUdY2saeJkWePZtjiHGYWAnBY+njAK2dZJoN/lkc
5rWxqAyAc6pkhng6N9itVoXoeYO/plAeBC0D00V8cdtPIadGMGpYTlTNr8Om5XB4
zcLOikUgyxz5t4eDB9ATd5aRog4u+TTb2N5Hk5howSyE
-----END CERTIFICATE-----