Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0yVB95NKBWNl5RKmrvOsw53VjwI.roa
File:                     0yVB95NKBWNl5RKmrvOsw53VjwI.roa (raw, json)
Hash identifier:          nK6omnJRuGu9suqt07hR/E6pCHBojtnDjNC/g6t00MY=
Subject key identifier:   D3:25:41:F7:93:4A:05:63:65:E5:12:A6:AE:F3:AC:C3:9D:D5:8F:02
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E4BFC78BD3DFD39BEAF39DD98702035C1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0yVB95NKBWNl5RKmrvOsw53VjwI.roa
Signing time:             Thu 21 May 2026 19:21:37 +0000
ROA not before:           Thu 21 May 2026 19:21:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402270
IP address blocks:        31.77.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:fc:78:bd:3d:fd:39:be:af:39:dd:98:70:20:35:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 21 19:21:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d32541f7934a056365e512a6aef3acc39dd58f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7d:78:b8:6a:59:13:4f:0e:76:c5:97:a9:f8:
                    72:c5:c0:b9:ab:8f:d6:7d:c5:7a:5a:69:c1:2d:41:
                    cf:ba:d3:40:b7:65:90:fd:7e:34:07:3d:9f:7f:aa:
                    d3:bd:3e:3a:2f:78:21:de:61:a9:ee:e6:05:32:5f:
                    ab:86:04:db:c6:34:90:50:eb:10:c2:7c:e4:da:fb:
                    00:ef:42:9e:6d:cf:c0:94:0b:69:e9:ec:84:f2:60:
                    40:6d:a9:e3:39:e5:16:8e:c9:6e:fa:35:3d:68:4e:
                    1c:c6:6e:d9:fb:55:dc:94:03:86:3a:1e:33:a8:f8:
                    4f:7b:d0:5c:6f:38:d9:e5:b0:36:f9:66:4f:09:74:
                    27:8d:c9:0b:c1:85:b6:fd:f0:7e:f6:51:69:ef:9b:
                    be:48:2f:72:65:2b:3b:04:40:4d:aa:2c:54:26:fb:
                    29:3f:1f:26:11:5e:c1:90:90:ab:14:b6:ea:8e:c1:
                    ab:ab:36:2f:16:b4:a1:d2:02:22:0f:8a:10:fe:2b:
                    1c:4c:2d:1a:31:2d:8e:90:06:31:bf:0e:06:24:83:
                    b8:36:58:57:d7:d4:ef:18:55:07:ca:91:fe:8e:de:
                    54:2c:b6:15:ce:66:63:f4:67:f4:dc:3b:20:e0:ee:
                    54:16:c7:1d:07:8f:ea:f9:bd:7c:7e:39:9b:50:cc:
                    2c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:25:41:F7:93:4A:05:63:65:E5:12:A6:AE:F3:AC:C3:9D:D5:8F:02
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0yVB95NKBWNl5RKmrvOsw53VjwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:5e:05:82:61:c6:c0:5e:98:2b:60:9e:b9:e2:6b:0d:18:a4:
         b7:a2:c3:fd:1e:92:66:67:54:35:47:2d:c5:c1:18:be:04:e3:
         eb:27:ed:c9:c5:0a:55:68:ec:a6:fc:56:26:be:d5:38:c2:1c:
         26:f8:10:36:1f:a8:b7:dc:4a:3c:03:a9:26:d1:9d:ed:e8:6e:
         40:42:1a:33:de:76:0c:d3:43:ff:30:2d:dc:48:be:3e:09:15:
         dc:44:5e:50:2b:64:2e:20:da:36:c3:cd:fd:58:40:85:ec:e6:
         56:26:55:03:06:a9:b1:27:f6:9f:a4:7f:9f:db:74:54:7e:0d:
         c0:66:7e:45:36:62:7f:cd:9b:ec:0a:64:67:bd:bc:11:c0:74:
         93:d2:85:2a:5f:21:a6:44:8e:77:f2:89:e3:62:6a:a3:fd:eb:
         a1:5f:36:71:49:8d:70:9a:df:71:f6:b4:26:69:58:e9:f4:ff:
         30:e0:46:e8:24:15:31:80:d9:4b:d3:1d:af:75:aa:1d:ae:a2:
         bf:b6:2d:bd:ed:83:a2:a4:93:1b:73:b7:dc:63:4c:6d:0c:ec:
         dc:a1:94:2d:60:e9:6a:b4:e9:ae:72:92:aa:70:da:f0:54:08:
         ad:6f:37:6f:77:be:d5:3b:30:e2:fa:34:ea:ad:aa:b9:f5:d8:
         2f:1f:05:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5L/Hi9Pf05vq853ZhwIDXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIxMTkyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzI1NDFmNzkzNGEwNTYzNjVlNTEyYTZhZWYzYWNjMzlkZDU4ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX14uGpZE08OdsWXqfhyxcC5q4/W
fcV6WmnBLUHPutNAt2WQ/X40Bz2ff6rTvT46L3gh3mGp7uYFMl+rhgTbxjSQUOsQ
wnzk2vsA70Kebc/AlAtp6eyE8mBAbanjOeUWjslu+jU9aE4cxm7Z+1XclAOGOh4z
qPhPe9BcbzjZ5bA2+WZPCXQnjckLwYW2/fB+9lFp75u+SC9yZSs7BEBNqixUJvsp
Px8mEV7BkJCrFLbqjsGrqzYvFrSh0gIiD4oQ/iscTC0aMS2OkAYxvw4GJIO4NlhX
19TvGFUHypH+jt5ULLYVzmZj9Gf03Dsg4O5UFscdB4/q+b18fjmbUMwsUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMlQfeTSgVjZeUSpq7zrMOd1Y8CMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMHlWQjk1TktCV05sNVJLbXJ2T3N3NTNWandJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03zMA0G
CSqGSIb3DQEBCwUAA4IBAQCmXgWCYcbAXpgrYJ654msNGKS3osP9HpJmZ1Q1Ry3F
wRi+BOPrJ+3JxQpVaOym/FYmvtU4whwm+BA2H6i33Eo8A6km0Z3t6G5AQhoz3nYM
00P/MC3cSL4+CRXcRF5QK2QuINo2w839WECF7OZWJlUDBqmxJ/afpH+f23RUfg3A
Zn5FNmJ/zZvsCmRnvbwRwHST0oUqXyGmRI538onjYmqj/euhXzZxSY1wmt9x9rQm
aVjp9P8w4EboJBUxgNlL0x2vdaodrqK/ti297YOipJMbc7fcY0xtDOzcoZQtYOlq
tOmucpKqcNrwVAitbzdvd77VOzDi+jTqraq59dgvHwW2
-----END CERTIFICATE-----