Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/817YtbFzBHcNS7fWrXF1UHd0lw4.roa
File:                     817YtbFzBHcNS7fWrXF1UHd0lw4.roa (raw, json)
Hash identifier:          RvhRELOZ84vdxRAnqp/HHBhqHjSXW4UbnT97mKTKcUQ=
Subject key identifier:   F3:5E:D8:B5:B1:73:04:77:0D:4B:B7:D6:AD:71:75:50:77:74:97:0E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E9DFFDBA475B56425521DD753A45C5434
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/817YtbFzBHcNS7fWrXF1UHd0lw4.roa
Signing time:             Sat 06 Jun 2026 17:34:11 +0000
ROA not before:           Sat 06 Jun 2026 17:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203113
IP address blocks:        31.77.103.0/24 maxlen: 24
                          31.77.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9d:ff:db:a4:75:b5:64:25:52:1d:d7:53:a4:5c:54:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  6 17:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f35ed8b5b17304770d4bb7d6ad7175507774970e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e7:7b:e5:e1:aa:76:7c:8f:e5:60:fd:67:ad:
                    0e:b8:1e:89:fa:2f:56:4f:bf:4e:b3:e2:44:50:3a:
                    25:f5:72:53:b7:a1:14:3c:81:1f:96:82:67:b8:b1:
                    b5:a5:eb:c5:5c:36:68:10:af:0f:42:cc:9f:9f:99:
                    8d:3b:b6:dc:78:d5:68:af:e9:35:60:08:3b:ef:d4:
                    da:f6:93:31:0b:33:10:68:4d:20:19:d6:f2:d3:74:
                    55:65:a2:64:5f:fd:09:58:22:11:bd:84:fd:22:b7:
                    10:c3:33:f2:1b:6d:09:e3:52:22:2d:4e:65:01:1a:
                    c8:7a:26:5d:c3:40:02:44:af:d2:e0:d3:14:73:cb:
                    85:ec:c3:2b:fa:ca:1c:bf:1d:82:db:2c:08:15:28:
                    76:a8:33:84:21:0f:9d:1a:d5:66:98:d0:c9:ca:9a:
                    87:4e:ac:94:af:75:52:35:c4:f7:de:40:14:52:e4:
                    39:77:5b:d3:d3:be:e4:d2:61:f9:de:9b:79:98:89:
                    b9:b3:d1:29:2d:83:f2:c6:4e:5d:04:14:f6:49:03:
                    b1:42:4f:4d:d1:72:cf:d7:e1:81:48:e8:e8:8f:3c:
                    15:52:42:50:dd:ed:38:ce:26:de:a8:a1:0a:cf:24:
                    8b:79:80:a8:42:a8:99:86:dc:cb:7e:06:0e:4f:7d:
                    46:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:5E:D8:B5:B1:73:04:77:0D:4B:B7:D6:AD:71:75:50:77:74:97:0E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/817YtbFzBHcNS7fWrXF1UHd0lw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.103.0/24
                  31.77.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:a6:0d:56:63:5b:ad:aa:dc:60:4b:54:50:03:ee:91:e1:91:
         50:c5:65:54:40:0f:21:b5:84:cb:b1:59:41:61:49:f2:d9:53:
         d3:77:04:d3:f8:63:c4:66:20:66:f6:26:e2:ae:08:5c:0f:db:
         7c:db:11:26:7b:13:b8:54:23:1c:c7:5d:fb:7e:ff:4b:c9:f0:
         55:72:58:f7:f9:8e:5f:28:ad:b2:b6:d9:b2:87:28:51:f0:88:
         56:6e:e8:21:a8:1b:b7:c2:61:d7:d1:ee:0f:43:71:58:d5:b2:
         21:30:62:ab:8e:2a:1c:00:1c:d6:34:42:70:00:e5:f1:6b:97:
         2c:9e:12:c0:eb:fa:9b:32:7e:d1:50:3e:cf:3b:f6:86:55:ca:
         ba:14:8e:8c:85:e4:b9:a1:8d:60:55:62:b5:81:46:e9:f6:18:
         7d:f1:7f:a4:65:b8:d9:51:48:ee:bc:c5:07:91:e9:f0:9e:05:
         ea:b6:84:23:cc:33:99:be:85:bf:53:76:a0:49:00:d7:58:dd:
         9c:43:17:d5:e2:32:4c:1e:ad:ca:00:f6:ea:a0:ff:7c:4f:c6:
         f3:04:b9:32:85:f0:d1:83:59:d5:75:ad:bf:36:b3:37:36:67:
         9b:0b:9a:7e:35:80:4b:5d:81:94:63:c4:20:a1:07:7a:8f:4b:
         0b:02:b4:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6d/9ukdbVkJVId11OkXFQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA2MTczNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzVlZDhiNWIxNzMwNDc3MGQ0YmI3ZDZhZDcxNzU1MDc3NzQ5NzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+d75eGqdnyP5WD9Z60OuB6J+i9W
T79Os+JEUDol9XJTt6EUPIEfloJnuLG1pevFXDZoEK8PQsyfn5mNO7bceNVor+k1
YAg779Ta9pMxCzMQaE0gGdby03RVZaJkX/0JWCIRvYT9IrcQwzPyG20J41IiLU5l
ARrIeiZdw0ACRK/S4NMUc8uF7MMr+socvx2C2ywIFSh2qDOEIQ+dGtVmmNDJypqH
TqyUr3VSNcT33kAUUuQ5d1vT077k0mH53pt5mIm5s9EpLYPyxk5dBBT2SQOxQk9N
0XLP1+GBSOjojzwVUkJQ3e04zibeqKEKzySLeYCoQqiZhtzLfgYOT31GqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPNe2LWxcwR3DUu31q1xdVB3dJcOMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvODE3WXRiRnpCSGNOUzdmV3JYRjFVSGQwbHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH01nAwQA
H03TMA0GCSqGSIb3DQEBCwUAA4IBAQCvpg1WY1utqtxgS1RQA+6R4ZFQxWVUQA8h
tYTLsVlBYUny2VPTdwTT+GPEZiBm9ibirghcD9t82xEmexO4VCMcx137fv9LyfBV
clj3+Y5fKK2yttmyhyhR8IhWbughqBu3wmHX0e4PQ3FY1bIhMGKrjiocABzWNEJw
AOXxa5csnhLA6/qbMn7RUD7PO/aGVcq6FI6MheS5oY1gVWK1gUbp9hh98X+kZbjZ
UUjuvMUHkenwngXqtoQjzDOZvoW/U3agSQDXWN2cQxfV4jJMHq3KAPbqoP98T8bz
BLkyhfDRg1nVda2/NrM3NmebC5p+NYBLXYGUY8QgoQd6j0sLArQX
-----END CERTIFICATE-----