Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6sLZ1iPJaMUt7XNrS5b8_J-Hd74.roa
File:                     6sLZ1iPJaMUt7XNrS5b8_J-Hd74.roa (raw, json)
Hash identifier:          MuSFrlk2PQ21G8MGGnmx2pQE+GgU0tuz7/Dwd/1KCKk=
Subject key identifier:   EA:C2:D9:D6:23:C9:68:C5:2D:ED:73:6B:4B:96:FC:FC:9F:87:77:BE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E989EEA96B91F3543CCCA7B55C7AF100D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6sLZ1iPJaMUt7XNrS5b8_J-Hd74.roa
Signing time:             Fri 05 Jun 2026 16:30:11 +0000
ROA not before:           Fri 05 Jun 2026 16:30:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402276
IP address blocks:        31.77.115.0/24 maxlen: 24
                          31.77.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:98:9e:ea:96:b9:1f:35:43:cc:ca:7b:55:c7:af:10:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  5 16:30:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eac2d9d623c968c52ded736b4b96fcfc9f8777be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ae:cc:28:3b:10:7f:56:c1:d9:ab:e4:48:4e:
                    65:00:1c:ba:bb:8d:27:f5:4b:54:4a:50:8a:fd:6d:
                    da:5a:6d:52:35:6c:ec:56:5f:aa:c9:97:b0:a8:1c:
                    8d:47:ca:9f:42:5a:00:40:ce:43:f2:51:d4:8c:00:
                    04:65:b2:f8:94:ec:9a:ee:b2:a4:e4:4d:79:af:57:
                    75:da:bd:ff:6b:19:22:26:b3:29:1a:d1:e2:42:ca:
                    ea:45:7c:aa:d3:8d:a8:93:64:34:3a:32:17:b6:f2:
                    82:30:0a:c8:87:cb:18:7d:b4:40:a8:d7:b9:21:23:
                    13:93:d5:bc:25:30:a6:bd:90:34:75:f9:e2:1a:17:
                    00:05:6e:38:7c:20:2f:74:35:76:a3:25:33:f3:4d:
                    b2:31:82:8f:45:ca:0c:bb:0b:3e:4b:28:91:3a:1f:
                    1a:49:cc:2c:b1:5d:2f:46:54:97:64:63:4f:e7:9a:
                    71:de:fc:2c:24:38:bd:58:24:8d:dc:e7:d9:5c:85:
                    77:47:59:b0:18:66:6a:09:d7:44:1b:f9:c0:e7:ed:
                    cc:f9:07:3a:d9:45:9e:a0:4a:55:e3:0e:c2:f0:c6:
                    8f:5d:14:d7:83:ca:57:71:3e:78:59:10:9d:16:84:
                    f8:71:07:78:36:a3:7d:a1:03:92:32:12:ee:63:df:
                    24:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C2:D9:D6:23:C9:68:C5:2D:ED:73:6B:4B:96:FC:FC:9F:87:77:BE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6sLZ1iPJaMUt7XNrS5b8_J-Hd74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.115.0/24
                  31.77.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3c:37:71:26:be:3b:d2:af:f8:aa:5f:72:37:de:3b:94:c7:
         cc:cc:f9:af:42:51:fa:25:6e:94:3b:e3:c7:82:ac:66:9e:9d:
         ee:3a:a6:cb:57:86:c9:f6:ec:ee:4b:03:66:95:81:21:6a:b6:
         3a:ae:b8:1d:9e:0b:68:d6:7c:af:3d:bf:2c:b4:df:69:ca:a5:
         86:f2:bd:8e:1a:db:ee:dd:77:eb:3c:1c:6a:3a:06:87:91:db:
         71:ac:32:9d:c2:48:9c:d6:d5:e3:bb:45:86:10:cc:e7:70:57:
         5b:65:7d:89:c6:90:ae:fa:1b:43:83:a9:ea:63:3b:c6:00:10:
         92:38:76:cd:2e:a7:b2:8e:31:e0:a1:b8:06:07:4a:2e:84:36:
         c3:ce:d5:95:0c:5e:01:d0:83:d8:47:3a:bd:70:28:68:62:29:
         8b:33:b5:db:b0:87:b6:1c:01:ed:45:d5:d1:30:85:a4:32:70:
         a0:22:7a:69:04:4a:78:96:4f:43:74:a4:b0:ea:4a:1a:b5:df:
         9a:f9:0e:3b:d8:3f:ee:25:38:d4:95:f0:7b:73:75:2c:d9:82:
         75:1b:ff:14:86:3e:af:41:68:d4:5b:e3:e4:87:01:7b:00:86:
         37:4c:ee:2b:ac:45:7a:c9:3a:41:9b:86:a7:61:f1:7b:92:4e:
         ff:91:6b:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6YnuqWuR81Q8zKe1XHrxANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA1MTYzMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMyZDlkNjIzYzk2OGM1MmRlZDczNmI0Yjk2ZmNmYzlmODc3N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK7MKDsQf1bB2avkSE5lABy6u40n
9UtUSlCK/W3aWm1SNWzsVl+qyZewqByNR8qfQloAQM5D8lHUjAAEZbL4lOya7rKk
5E15r1d12r3/axkiJrMpGtHiQsrqRXyq042ok2Q0OjIXtvKCMArIh8sYfbRAqNe5
ISMTk9W8JTCmvZA0dfniGhcABW44fCAvdDV2oyUz802yMYKPRcoMuws+SyiROh8a
ScwssV0vRlSXZGNP55px3vwsJDi9WCSN3OfZXIV3R1mwGGZqCddEG/nA5+3M+Qc6
2UWeoEpV4w7C8MaPXRTXg8pXcT54WRCdFoT4cQd4NqN9oQOSMhLuY98kIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOrC2dYjyWjFLe1za0uW/Pyfh3e+MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNnNMWjFpUEphTVV0N1hOclM1YjhfSi1IZDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH01zAwQA
H03RMA0GCSqGSIb3DQEBCwUAA4IBAQBAPDdxJr470q/4ql9yN947lMfMzPmvQlH6
JW6UO+PHgqxmnp3uOqbLV4bJ9uzuSwNmlYEharY6rrgdngto1nyvPb8stN9pyqWG
8r2OGtvu3XfrPBxqOgaHkdtxrDKdwkic1tXju0WGEMzncFdbZX2JxpCu+htDg6nq
YzvGABCSOHbNLqeyjjHgobgGB0ouhDbDztWVDF4B0IPYRzq9cChoYimLM7XbsIe2
HAHtRdXRMIWkMnCgInppBEp4lk9DdKSw6koatd+a+Q472D/uJTjUlfB7c3Us2YJ1
G/8Uhj6vQWjUW+PkhwF7AIY3TO4rrEV6yTpBm4anYfF7kk7/kWtn
-----END CERTIFICATE-----