Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/HPRE78hg4t1aYjEQPZG29UT0QOA.roa
File:                     HPRE78hg4t1aYjEQPZG29UT0QOA.roa (raw, json)
Hash identifier:          A1oXXGq6GKY+VUtgixd06CMPLo5j1Dz220sTg4O4C18=
Subject key identifier:   1C:F4:44:EF:C8:60:E2:DD:5A:62:31:10:3D:91:B6:F5:44:F4:40:E0
Certificate issuer:       /CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
Certificate serial:       019B79ED3809634D04D34E5CB596A34BD382
Authority key identifier: F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/HPRE78hg4t1aYjEQPZG29UT0QOA.roa
Signing time:             Thu 01 Jan 2026 14:19:08 +0000
ROA not before:           Thu 01 Jan 2026 14:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213173
IP address blocks:        31.3.216.0/24 maxlen: 24
                          84.54.12.0/24 maxlen: 24
                          193.176.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:38:09:63:4d:04:d3:4e:5c:b5:96:a3:4b:d3:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
        Validity
            Not Before: Jan  1 14:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cf444efc860e2dd5a6231103d91b6f544f440e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:90:f9:01:b0:87:ea:43:e1:a8:5b:84:67:b5:
                    32:fd:06:3f:d7:4b:6f:b1:09:ac:cf:da:ce:b0:e7:
                    59:61:fa:35:96:c5:f1:b8:68:22:63:ee:9a:39:1c:
                    38:54:81:ad:63:9e:3d:ce:71:dd:d9:65:fd:65:3e:
                    da:38:2c:85:b3:8b:98:68:8b:45:c9:92:11:07:ee:
                    1e:52:b7:b4:d0:69:2a:3f:3a:5c:ba:67:ea:f2:d3:
                    40:f2:8d:8c:b3:c3:a1:f9:5c:31:8a:b3:a4:6e:63:
                    6a:de:9c:49:1c:3b:08:16:69:42:1d:c3:87:a4:ad:
                    a6:ea:de:07:19:a2:8a:02:77:b3:18:20:02:dd:e0:
                    d2:1b:b6:47:01:da:77:89:d7:b9:55:db:6d:55:a0:
                    a1:19:01:f6:b9:ff:e8:77:13:a5:34:71:43:b8:e0:
                    26:17:10:7b:fa:0f:21:fe:cc:90:b0:1a:5f:96:a9:
                    41:d4:04:25:79:15:ae:8b:77:a9:da:d5:6f:55:e6:
                    8a:35:df:1f:07:19:90:fd:24:f4:f4:9a:34:59:75:
                    df:6f:f0:bc:c5:00:d2:b7:0e:25:7e:ae:f4:15:de:
                    9b:a6:e3:66:5a:f1:cc:d6:8d:44:e1:f0:59:7c:e5:
                    d5:38:aa:b4:5a:b8:b7:25:a2:00:29:32:55:ee:d8:
                    e5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F4:44:EF:C8:60:E2:DD:5A:62:31:10:3D:91:B6:F5:44:F4:40:E0
            X509v3 Authority Key Identifier:
                keyid:F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/HPRE78hg4t1aYjEQPZG29UT0QOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.216.0/24
                  84.54.12.0/24
                  193.176.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:41:10:e1:ec:71:8d:d8:e9:f3:ac:1c:33:28:30:6d:42:e1:
         62:45:8d:13:ec:10:90:62:bf:1c:33:23:c5:22:db:dc:4a:92:
         66:b5:bb:b0:0e:3e:3c:34:b8:03:85:85:a3:37:27:97:e5:92:
         53:72:ae:6c:64:ba:7f:24:b8:5c:50:10:e3:e3:49:c9:9c:e2:
         3f:12:d1:8e:37:bf:6c:84:fd:a9:ea:e5:03:d6:05:1a:28:69:
         09:dd:c5:fe:bd:b0:cb:c7:9d:6e:c7:86:99:05:c7:28:1c:69:
         04:66:b8:04:b0:32:d9:8a:ec:fb:a2:95:df:22:62:7c:6c:2e:
         86:6e:f7:2f:de:14:c6:33:e3:6c:df:08:9d:4d:ca:c7:ea:8f:
         8f:76:a7:69:c8:0b:af:e9:04:51:16:a8:69:d4:23:97:ec:4f:
         e2:ce:7e:c6:ce:5e:29:76:27:64:03:aa:75:8d:de:a2:71:5f:
         26:94:7b:11:41:c9:2e:ac:5a:f8:08:e7:d2:0e:d2:5a:75:19:
         03:ad:0f:bd:30:8d:14:3d:bf:4b:50:58:f0:d9:a9:de:9a:10:
         f3:8b:cd:fc:69:2e:38:d1:d8:e4:69:c3:a9:e4:8f:55:39:b4:
         83:9a:fc:9d:7b:df:17:90:f5:f6:c1:a3:6d:6d:80:9c:4e:0f:
         79:49:45:07
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt57TgJY00E005ctZajS9OCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OTc3YWY1ODBjODUwY2M4YmY5MDY0OWY5YmRhOGE2YTQ4
YmYzOTYwHhcNMjYwMTAxMTQxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2Y0NDRlZmM4NjBlMmRkNWE2MjMxMTAzZDkxYjZmNTQ0ZjQ0MGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJD5AbCH6kPhqFuEZ7Uy/QY/10tv
sQmsz9rOsOdZYfo1lsXxuGgiY+6aORw4VIGtY549znHd2WX9ZT7aOCyFs4uYaItF
yZIRB+4eUre00GkqPzpcumfq8tNA8o2Ms8Oh+VwxirOkbmNq3pxJHDsIFmlCHcOH
pK2m6t4HGaKKAnezGCAC3eDSG7ZHAdp3ide5VdttVaChGQH2uf/odxOlNHFDuOAm
FxB7+g8h/syQsBpflqlB1AQleRWui3ep2tVvVeaKNd8fBxmQ/ST09Jo0WXXfb/C8
xQDStw4lfq70Fd6bpuNmWvHM1o1E4fBZfOXVOKq0Wri3JaIAKTJV7tjlLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBz0RO/IYOLdWmIxED2RtvVE9EDgMB8GA1UdIwQY
MBaAFPeXevWAyFDMi/kGSfm9qKaki/OWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2Mt
MjExMjgwMjcyNTVkLzEvSFBSRTc4aGc0dDFhWWpFUVBaRzI5VVQwUU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2MtMjExMjgwMjcyNTVk
LzEvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHwPYAwQA
VDYMAwQAwbDvMA0GCSqGSIb3DQEBCwUAA4IBAQA1QRDh7HGN2OnzrBwzKDBtQuFi
RY0T7BCQYr8cMyPFItvcSpJmtbuwDj48NLgDhYWjNyeX5ZJTcq5sZLp/JLhcUBDj
40nJnOI/EtGON79shP2p6uUD1gUaKGkJ3cX+vbDLx51ux4aZBccoHGkEZrgEsDLZ
iuz7opXfImJ8bC6Gbvcv3hTGM+Ns3widTcrH6o+PdqdpyAuv6QRRFqhp1COX7E/i
zn7Gzl4pdidkA6p1jd6icV8mlHsRQckurFr4COfSDtJadRkDrQ+9MI0UPb9LUFjw
2anemhDzi838aS440djkacOp5I9VObSDmvyde98XkPX2waNtbYCcTg95SUUH
-----END CERTIFICATE-----