Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/aj-7Q6-jz1X5ml3Zo_ezji9nyp0.roa
File:                     aj-7Q6-jz1X5ml3Zo_ezji9nyp0.roa (raw, json)
Hash identifier:          ctiS31QHzRCLWu4eXUhOOHg5pxlmeJ2+c2/2FvVGuLc=
Subject key identifier:   6A:3F:BB:43:AF:A3:CF:55:F9:9A:5D:D9:A3:F7:B3:8E:2F:67:CA:9D
Certificate issuer:       /CN=078ed1a0153762a922e55e0f948cd1a5411c7a89
Certificate serial:       019B77C6870BCA736F5AE0EEF08247667E7C
Authority key identifier: 07:8E:D1:A0:15:37:62:A9:22:E5:5E:0F:94:8C:D1:A5:41:1C:7A:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/aj-7Q6-jz1X5ml3Zo_ezji9nyp0.roa
Signing time:             Thu 01 Jan 2026 04:17:37 +0000
ROA not before:           Thu 01 Jan 2026 04:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211741
IP address blocks:        31.43.188.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:87:0b:ca:73:6f:5a:e0:ee:f0:82:47:66:7e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=078ed1a0153762a922e55e0f948cd1a5411c7a89
        Validity
            Not Before: Jan  1 04:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a3fbb43afa3cf55f99a5dd9a3f7b38e2f67ca9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:15:56:3e:13:0c:22:01:b4:6a:2e:29:e0:ce:
                    d0:1a:1c:10:e7:29:61:13:e5:79:7b:2e:98:e9:d2:
                    0c:e9:73:56:e9:01:0d:e3:a1:3a:27:ff:42:35:16:
                    d6:91:6e:fa:75:84:34:17:4d:2f:52:ac:b2:41:6a:
                    9c:7e:86:3d:2a:e0:07:ae:39:53:03:94:5c:80:6b:
                    73:fb:04:af:dc:57:48:cf:c4:b8:02:8a:23:6f:f5:
                    48:de:d7:c2:d8:4a:c4:03:8f:02:70:63:3f:91:42:
                    43:37:76:9d:aa:ed:1b:91:1b:ad:64:4b:8d:04:e6:
                    14:af:db:1a:bb:b0:6e:5b:5b:24:73:4b:c5:fb:3d:
                    f9:30:c1:b7:e5:73:b3:53:6a:ea:7a:8b:c5:5f:94:
                    df:cc:a0:de:c5:39:74:7e:bc:dd:6a:55:6d:a0:56:
                    c6:18:f4:9c:a2:6c:98:e4:26:ed:63:87:78:8e:c5:
                    50:f6:34:26:0b:08:0e:94:70:23:a0:93:72:75:83:
                    17:73:ec:56:e2:b0:de:72:13:27:8a:8d:df:e2:34:
                    7a:f0:6e:7f:72:95:d5:de:8e:5c:b4:a1:8e:7c:3d:
                    c5:44:6a:8c:b1:af:8a:4f:37:a5:68:81:17:b0:7f:
                    8b:67:5b:ad:7f:eb:62:c7:58:1f:18:c7:77:98:4c:
                    6a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:3F:BB:43:AF:A3:CF:55:F9:9A:5D:D9:A3:F7:B3:8E:2F:67:CA:9D
            X509v3 Authority Key Identifier:
                keyid:07:8E:D1:A0:15:37:62:A9:22:E5:5E:0F:94:8C:D1:A5:41:1C:7A:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/aj-7Q6-jz1X5ml3Zo_ezji9nyp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:df:69:46:c1:fd:36:33:98:ca:cb:2e:bc:08:50:e5:1a:b7:
         98:02:8e:a3:b3:93:4c:a5:a7:39:47:10:09:e0:3c:71:e7:91:
         6c:86:3c:e6:49:84:b7:ab:ef:05:eb:df:47:64:97:ba:b7:07:
         b8:c5:54:d6:a7:74:7c:fd:c3:13:1e:29:9b:e2:47:b0:f7:ab:
         85:f8:bc:b7:be:3c:16:d1:02:8e:e2:13:2a:9c:69:0e:7c:96:
         3f:d6:b1:d7:b0:d8:94:7f:99:01:cd:d3:1f:4e:0d:7b:4a:b4:
         5f:d0:d0:e2:f1:ce:91:26:5b:d8:b1:c5:66:9c:d2:5c:ac:51:
         4d:37:4e:01:ea:9e:01:fb:32:f7:22:cd:a9:9f:3a:e5:0d:08:
         78:7a:bb:41:a4:f7:9c:cc:60:31:e6:bf:5b:60:e0:16:de:d5:
         a7:32:ac:41:5b:10:30:b3:91:e2:d6:58:fd:2b:42:ff:ce:bd:
         e5:c9:87:9d:f1:69:21:12:c8:d1:52:a1:cd:f3:9e:0c:fb:2c:
         e5:c4:e3:67:48:ec:24:f1:c1:59:af:64:a4:a3:5e:89:7d:63:
         74:31:95:70:7f:61:c8:70:36:db:d9:77:50:a6:61:b1:4a:b4:
         c2:7a:de:03:d0:9f:e8:04:46:80:cd:43:e3:f3:bf:77:79:25:
         3d:b5:aa:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xocLynNvWuDu8IJHZn58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OGVkMWEwMTUzNzYyYTkyMmU1NWUwZjk0OGNkMWE1NDEx
YzdhODkwHhcNMjYwMTAxMDQxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTNmYmI0M2FmYTNjZjU1Zjk5YTVkZDlhM2Y3YjM4ZTJmNjdjYTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohVWPhMMIgG0ai4p4M7QGhwQ5ylh
E+V5ey6Y6dIM6XNW6QEN46E6J/9CNRbWkW76dYQ0F00vUqyyQWqcfoY9KuAHrjlT
A5RcgGtz+wSv3FdIz8S4Aoojb/VI3tfC2ErEA48CcGM/kUJDN3adqu0bkRutZEuN
BOYUr9sau7BuW1skc0vF+z35MMG35XOzU2rqeovFX5TfzKDexTl0frzdalVtoFbG
GPScomyY5CbtY4d4jsVQ9jQmCwgOlHAjoJNydYMXc+xW4rDechMnio3f4jR68G5/
cpXV3o5ctKGOfD3FRGqMsa+KTzelaIEXsH+LZ1utf+tix1gfGMd3mExqWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGo/u0Ovo89V+Zpd2aP3s44vZ8qdMB8GA1UdIwQY
MBaAFAeO0aAVN2KpIuVeD5SM0aVBHHqJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjQ3Um9CVTNZcWtpNVY0UGxJelJwVUVjZW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy85MmQzM2MtOGE2OS00ZGIzLWI2Mjgt
YjYyZGI3NzJiYmZhLzEvYWotN1E2LWp6MVg1bWwzWm9fZXpqaTlueXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy85MmQzM2MtOGE2OS00ZGIzLWI2MjgtYjYyZGI3NzJiYmZh
LzEvQjQ3Um9CVTNZcWtpNVY0UGxJelJwVUVjZW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyu8MA0G
CSqGSIb3DQEBCwUAA4IBAQBz32lGwf02M5jKyy68CFDlGreYAo6js5NMpac5RxAJ
4Dxx55FshjzmSYS3q+8F699HZJe6twe4xVTWp3R8/cMTHimb4kew96uF+Ly3vjwW
0QKO4hMqnGkOfJY/1rHXsNiUf5kBzdMfTg17SrRf0NDi8c6RJlvYscVmnNJcrFFN
N04B6p4B+zL3Is2pnzrlDQh4ertBpPeczGAx5r9bYOAW3tWnMqxBWxAws5Hi1lj9
K0L/zr3lyYed8WkhEsjRUqHN854M+yzlxONnSOwk8cFZr2Sko16JfWN0MZVwf2HI
cDbb2XdQpmGxSrTCet4D0J/oBEaAzUPj8793eSU9tapv
-----END CERTIFICATE-----