Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y9D8OQm-opDc3UFQnKzYVMrpbUs.roa
File:                     y9D8OQm-opDc3UFQnKzYVMrpbUs.roa (raw, json)
Hash identifier:          om4ZCyT9qVBes4R37MxEcIOjvubIxnhbJs8zT3P1mRo=
Subject key identifier:   CB:D0:FC:39:09:BE:A2:90:DC:DD:41:50:9C:AC:D8:54:CA:E9:6D:4B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D91E5AB2F0C1B36DF403A16A9EFE99239
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y9D8OQm-opDc3UFQnKzYVMrpbUs.roa
Signing time:             Wed 15 Apr 2026 16:07:20 +0000
ROA not before:           Wed 15 Apr 2026 16:07:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        2.26.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:e5:ab:2f:0c:1b:36:df:40:3a:16:a9:ef:e9:92:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 15 16:07:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbd0fc3909bea290dcdd41509cacd854cae96d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:55:44:b6:28:02:8c:27:c4:ed:ae:21:0b:6c:
                    1a:7b:bf:61:0b:26:51:70:10:9a:a3:d8:cf:bc:5f:
                    31:b7:b2:8a:bd:78:d3:22:da:cb:c3:5c:51:20:cf:
                    dd:a3:44:0d:60:72:2b:8d:4b:9b:f5:9f:dd:98:cb:
                    3f:b8:bb:e7:6b:2c:1a:90:e7:64:2b:a9:12:f4:d8:
                    3a:87:83:af:1d:7a:14:c8:55:c7:ed:d1:6d:a0:9b:
                    fe:8c:08:d3:3f:53:b7:81:a4:4e:65:51:23:f0:5a:
                    6a:be:fb:05:73:a0:eb:a4:5b:ba:15:42:19:d5:5b:
                    eb:de:3b:ee:21:a6:c2:e3:44:d7:8d:3e:76:a2:ce:
                    8f:21:b6:20:67:db:c9:6a:73:cc:90:36:fb:42:16:
                    82:a6:91:82:a1:80:13:54:4e:4a:90:8a:38:89:7a:
                    1c:95:5e:1d:b3:8f:43:77:ec:eb:b6:c1:98:26:b0:
                    58:c6:f3:37:c7:09:c3:88:93:70:85:02:97:80:85:
                    a5:0a:91:36:d6:8f:b4:0b:b6:a7:73:9b:29:4d:11:
                    6a:c2:11:44:7c:14:a8:76:7b:ff:7f:0d:dc:75:63:
                    4c:b0:c0:dd:ca:fd:ca:a1:14:b9:75:4b:13:24:fe:
                    b3:c2:ad:4d:98:ac:8c:46:6f:80:e9:8e:a1:48:a4:
                    6d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:D0:FC:39:09:BE:A2:90:DC:DD:41:50:9C:AC:D8:54:CA:E9:6D:4B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/y9D8OQm-opDc3UFQnKzYVMrpbUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:55:49:70:f2:c3:78:38:81:e1:1e:cb:83:81:14:81:a3:5f:
         f9:1a:90:0f:01:71:2c:b3:c5:78:5d:b9:06:95:2f:71:0c:5b:
         81:a0:d7:da:46:0c:bf:7e:fc:94:dd:46:ba:68:9c:64:11:65:
         77:9d:87:e1:88:49:20:a9:54:71:be:04:91:7d:b5:ec:2b:1e:
         52:f3:60:6a:36:35:b7:aa:dc:76:a8:bb:22:d4:42:8d:e6:51:
         f3:7d:29:c3:31:0c:76:02:55:28:58:bb:b1:01:63:ed:10:c4:
         19:d9:ba:5a:24:12:2f:03:48:ac:f1:96:10:52:33:80:d3:be:
         dc:11:07:8b:1c:e0:39:a0:58:bc:f5:89:25:d1:75:22:ae:90:
         07:80:39:02:f7:e6:05:aa:d7:97:7e:cf:69:0a:f2:dd:b2:76:
         ac:f2:fd:45:39:ec:5f:ac:91:92:17:18:f3:18:65:b9:13:54:
         69:1c:c4:d8:2a:81:7d:70:a8:b2:ad:7e:83:02:c6:35:b2:b8:
         44:a1:50:ee:db:c8:e9:15:3f:45:d5:7d:54:c8:c4:a6:e2:89:
         c0:24:dc:89:cf:c2:ef:bd:c5:42:3c:33:cb:83:2e:24:bf:27:
         33:4d:0d:76:82:f6:27:bf:13:f3:fe:b5:95:46:a1:33:48:0e:
         bb:36:39:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2R5asvDBs230A6Fqnv6ZI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE1MTYwNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmQwZmMzOTA5YmVhMjkwZGNkZDQxNTA5Y2FjZDg1NGNhZTk2ZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VVEtigCjCfE7a4hC2wae79hCyZR
cBCao9jPvF8xt7KKvXjTItrLw1xRIM/do0QNYHIrjUub9Z/dmMs/uLvnaywakOdk
K6kS9Ng6h4OvHXoUyFXH7dFtoJv+jAjTP1O3gaROZVEj8FpqvvsFc6DrpFu6FUIZ
1Vvr3jvuIabC40TXjT52os6PIbYgZ9vJanPMkDb7QhaCppGCoYATVE5KkIo4iXoc
lV4ds49Dd+zrtsGYJrBYxvM3xwnDiJNwhQKXgIWlCpE21o+0C7anc5spTRFqwhFE
fBSodnv/fw3cdWNMsMDdyv3KoRS5dUsTJP6zwq1NmKyMRm+A6Y6hSKRtywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvQ/DkJvqKQ3N1BUJys2FTK6W1LMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveTlEOE9RbS1vcERjM1VGUW5LellWTXJwYlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqlMA0G
CSqGSIb3DQEBCwUAA4IBAQBbVUlw8sN4OIHhHsuDgRSBo1/5GpAPAXEss8V4XbkG
lS9xDFuBoNfaRgy/fvyU3Ua6aJxkEWV3nYfhiEkgqVRxvgSRfbXsKx5S82BqNjW3
qtx2qLsi1EKN5lHzfSnDMQx2AlUoWLuxAWPtEMQZ2bpaJBIvA0is8ZYQUjOA077c
EQeLHOA5oFi89Ykl0XUirpAHgDkC9+YFqteXfs9pCvLdsnas8v1FOexfrJGSFxjz
GGW5E1RpHMTYKoF9cKiyrX6DAsY1srhEoVDu28jpFT9F1X1UyMSm4onAJNyJz8Lv
vcVCPDPLgy4kvyczTQ12gvYnvxPz/rWVRqEzSA67Njkr
-----END CERTIFICATE-----