Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zluSHznHTa_AXPeqswvs8NjtjlU.roa
File:                     zluSHznHTa_AXPeqswvs8NjtjlU.roa (raw, json)
Hash identifier:          AGp6pmzKq+qV7TQvZ1GS1AMzeaw6ccHoHB+Kbfh+HoY=
Subject key identifier:   CE:5B:92:1F:39:C7:4D:AF:C0:5C:F7:AA:B3:0B:EC:F0:D8:ED:8E:55
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D79D343D04D1897E909C6CD96989F73F9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zluSHznHTa_AXPeqswvs8NjtjlU.roa
Signing time:             Fri 10 Apr 2026 23:56:21 +0000
ROA not before:           Fri 10 Apr 2026 23:56:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214432
IP address blocks:        2.26.151.0/24 maxlen: 24
                          144.31.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:79:d3:43:d0:4d:18:97:e9:09:c6:cd:96:98:9f:73:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 10 23:56:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce5b921f39c74dafc05cf7aab30becf0d8ed8e55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ca:34:48:f8:87:8f:f5:d2:17:74:ed:65:37:
                    05:97:f7:39:31:27:d0:70:36:ac:81:0c:63:33:50:
                    1b:e7:62:d7:01:22:60:0d:a0:69:63:34:75:bc:b7:
                    57:7a:e3:a7:00:fc:80:b2:4f:5b:46:67:0b:68:41:
                    41:20:4a:ef:56:dc:08:77:cf:8c:54:ca:db:36:32:
                    3d:fb:38:37:78:cb:24:40:c8:9a:90:7c:ce:74:f1:
                    4b:2f:2c:a2:b8:07:86:5e:fb:10:4b:1e:67:7f:53:
                    c2:b0:4e:8a:00:7a:fc:e6:c1:a7:5f:af:21:d2:bd:
                    e5:67:d1:36:a4:58:b9:48:93:ac:ac:d1:ed:46:e2:
                    3a:c8:91:5f:b5:aa:c5:c0:83:f3:de:2c:49:32:61:
                    d0:81:f6:98:a3:26:d8:33:14:0a:6b:c4:7c:3d:70:
                    e4:15:9e:61:b3:02:68:15:dd:2b:3a:ba:b8:94:37:
                    3b:07:27:78:4f:de:7f:a0:6f:ca:eb:46:a3:50:fd:
                    14:d9:85:31:a6:9e:bc:4d:d5:21:07:bf:75:55:d8:
                    c0:3c:08:ff:c9:10:94:37:c8:84:40:5f:08:f9:31:
                    f3:8d:6b:b2:0d:95:55:4a:86:1d:13:81:4e:79:6d:
                    09:ba:3d:b4:50:16:a8:20:81:78:19:68:8e:9b:ed:
                    5a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5B:92:1F:39:C7:4D:AF:C0:5C:F7:AA:B3:0B:EC:F0:D8:ED:8E:55
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zluSHznHTa_AXPeqswvs8NjtjlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.151.0/24
                  144.31.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c3:f2:3d:4a:cc:03:6b:8e:55:29:63:f6:9b:2b:0e:7e:01:
         3c:a0:3b:f3:4d:fa:8e:b9:e6:0c:4a:cd:f7:94:65:39:2b:66:
         ca:91:e2:7c:dc:15:20:ee:10:c0:cf:ba:7a:4c:81:f9:2d:61:
         fc:da:9a:0c:22:b2:1f:0a:dc:b2:5b:c5:bc:9d:90:b4:0c:5d:
         bc:7c:33:c2:8e:12:78:ac:c0:34:90:25:c1:2f:90:ea:8b:4c:
         17:e5:08:45:82:cb:58:df:de:0f:53:4c:77:b2:14:ee:bf:3a:
         68:38:e1:2e:f1:20:1e:e9:06:01:7b:65:86:70:3e:3e:ea:1e:
         47:cf:8f:9d:8b:50:79:d3:d5:85:16:38:26:b7:57:ab:7f:33:
         4a:c6:d1:6c:6d:d5:10:88:08:42:a2:42:25:3a:d0:82:fd:2b:
         6a:45:bd:0a:6a:bb:2a:f2:2a:37:c0:66:18:83:2c:82:ea:17:
         e4:56:b1:e3:1b:b2:a6:26:bf:ba:07:e2:5f:28:ed:ad:c5:20:
         79:6d:31:64:5f:23:78:28:91:94:8e:8a:c0:c9:93:51:eb:10:
         70:5a:01:f4:06:1a:0b:ae:62:87:66:8b:c3:92:7d:18:b4:1c:
         c0:ae:82:9a:bc:5e:3d:58:c7:9b:cf:c8:e7:9f:83:a6:bc:07:
         62:a1:bf:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1500PQTRiX6QnGzZaYn3P5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDEwMjM1NjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTViOTIxZjM5Yzc0ZGFmYzA1Y2Y3YWFiMzBiZWNmMGQ4ZWQ4ZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvso0SPiHj/XSF3TtZTcFl/c5MSfQ
cDasgQxjM1Ab52LXASJgDaBpYzR1vLdXeuOnAPyAsk9bRmcLaEFBIErvVtwId8+M
VMrbNjI9+zg3eMskQMiakHzOdPFLLyyiuAeGXvsQSx5nf1PCsE6KAHr85sGnX68h
0r3lZ9E2pFi5SJOsrNHtRuI6yJFftarFwIPz3ixJMmHQgfaYoybYMxQKa8R8PXDk
FZ5hswJoFd0rOrq4lDc7Byd4T95/oG/K60ajUP0U2YUxpp68TdUhB791VdjAPAj/
yRCUN8iEQF8I+THzjWuyDZVVSoYdE4FOeW0Juj20UBaoIIF4GWiOm+1aWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM5bkh85x02vwFz3qrML7PDY7Y5VMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvemx1U0h6bkhUYV9BWFBlcXN3dnM4Tmp0amxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqXAwQA
kB8rMA0GCSqGSIb3DQEBCwUAA4IBAQBtw/I9SswDa45VKWP2mysOfgE8oDvzTfqO
ueYMSs33lGU5K2bKkeJ83BUg7hDAz7p6TIH5LWH82poMIrIfCtyyW8W8nZC0DF28
fDPCjhJ4rMA0kCXBL5Dqi0wX5QhFgstY394PU0x3shTuvzpoOOEu8SAe6QYBe2WG
cD4+6h5Hz4+di1B509WFFjgmt1erfzNKxtFsbdUQiAhCokIlOtCC/StqRb0Karsq
8io3wGYYgyyC6hfkVrHjG7KmJr+6B+JfKO2txSB5bTFkXyN4KJGUjorAyZNR6xBw
WgH0BhoLrmKHZovDkn0YtBzAroKavF49WMebz8jnn4OmvAdiob9z
-----END CERTIFICATE-----