Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9xb9zeC2g_udIHM8cpgr2_8oRyM.roa
File:                     9xb9zeC2g_udIHM8cpgr2_8oRyM.roa (raw, json)
Hash identifier:          tG5tvZFm5GNt7/A008HapxZ3NtNv7feWSlTrjwdw0sA=
Subject key identifier:   F7:16:FD:CD:E0:B6:83:FB:9D:20:73:3C:72:98:2B:DB:FF:28:47:23
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EA55108F09706BCCB04EFE317674C4ADB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9xb9zeC2g_udIHM8cpgr2_8oRyM.roa
Signing time:             Mon 08 Jun 2026 03:40:11 +0000
ROA not before:           Mon 08 Jun 2026 03:40:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214716
IP address blocks:        31.77.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:51:08:f0:97:06:bc:cb:04:ef:e3:17:67:4c:4a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  8 03:40:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f716fdcde0b683fb9d20733c72982bdbff284723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fd:05:d3:76:2c:3f:2d:6d:ae:25:3b:9d:0d:
                    5f:dc:28:7d:78:25:cd:e3:5c:69:e3:67:9e:0d:53:
                    4d:aa:b2:fd:f0:cc:a7:e1:49:50:4f:b1:57:ea:16:
                    7c:6d:ed:1b:f3:30:12:98:51:b8:30:7d:a8:12:60:
                    84:5a:c3:70:51:a3:bb:4f:c5:72:57:f4:13:ac:fc:
                    a6:98:e4:3d:a8:3f:8f:90:13:e9:0e:6c:75:90:9d:
                    a7:6a:24:1b:e5:af:5d:ca:fe:1a:cd:14:02:24:1a:
                    15:61:6d:39:1d:6f:ca:63:0c:8d:4a:2f:5a:5c:bd:
                    a5:d4:de:a2:c3:07:32:c4:ff:b6:48:66:92:49:01:
                    c5:03:a2:c6:4e:82:75:bd:ad:10:02:3f:3c:36:5a:
                    56:c4:43:d7:4b:16:28:96:98:df:e0:51:66:7d:0a:
                    6a:52:c9:b0:3f:8b:d8:be:fe:a9:10:b2:41:b5:e8:
                    0a:40:9a:3f:50:4f:bb:62:b3:ef:08:6e:36:48:e6:
                    4c:d6:0e:7b:9a:50:e7:96:0a:d0:fa:1c:e0:e3:ad:
                    35:eb:46:ab:a1:9e:35:9a:7a:a8:8e:da:e8:51:66:
                    c0:c6:33:3f:c7:16:a6:03:44:b6:eb:e1:81:a5:5f:
                    ca:f3:5f:44:7b:0f:09:17:52:1f:1f:3c:4d:90:d2:
                    56:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:16:FD:CD:E0:B6:83:FB:9D:20:73:3C:72:98:2B:DB:FF:28:47:23
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9xb9zeC2g_udIHM8cpgr2_8oRyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:72:c6:0c:fc:cf:a5:a9:bc:13:be:92:87:59:b4:76:d7:e6:
         13:5b:99:32:a5:ee:de:59:ce:ec:8d:04:68:2e:b1:8f:7d:ae:
         09:7b:6f:d5:09:a8:e4:11:7e:40:1a:aa:19:b5:65:3e:cd:66:
         94:4a:e9:19:38:ae:ec:a3:ac:f0:94:14:cc:e1:05:f9:07:c4:
         67:fd:57:ed:7c:31:f4:8e:86:7b:aa:ae:72:44:52:b1:ae:96:
         9b:37:17:0e:cb:a7:cb:40:5b:67:0c:c2:1c:89:ef:b7:8c:56:
         97:73:44:7e:88:85:0c:bb:99:6a:d7:17:71:df:97:d7:5f:89:
         e1:7f:a9:a8:95:82:39:5d:70:78:de:1e:8e:dd:7e:4c:20:b6:
         33:98:c8:03:ff:ac:a3:29:9f:cf:14:1a:ed:8c:5f:9c:19:8e:
         18:c9:f3:04:ca:06:b0:8c:e5:21:d1:0d:a7:93:f4:54:7f:5f:
         3e:ed:1c:46:99:ba:4b:ca:ca:a7:65:af:ec:18:b3:d7:09:87:
         2a:82:a1:51:21:43:a6:71:be:37:1c:18:98:6a:7b:88:ea:c4:
         fb:15:f4:11:a0:9d:dd:d0:5d:b4:4d:75:11:0f:a2:55:17:a7:
         a2:e3:d1:59:30:14:85:19:98:9d:78:59:b6:ab:bc:5d:ef:be:
         fd:b2:ab:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6lUQjwlwa8ywTv4xdnTErbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA4MDM0MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzE2ZmRjZGUwYjY4M2ZiOWQyMDczM2M3Mjk4MmJkYmZmMjg0NzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtv0F03YsPy1triU7nQ1f3Ch9eCXN
41xp42eeDVNNqrL98Myn4UlQT7FX6hZ8be0b8zASmFG4MH2oEmCEWsNwUaO7T8Vy
V/QTrPymmOQ9qD+PkBPpDmx1kJ2naiQb5a9dyv4azRQCJBoVYW05HW/KYwyNSi9a
XL2l1N6iwwcyxP+2SGaSSQHFA6LGToJ1va0QAj88NlpWxEPXSxYolpjf4FFmfQpq
UsmwP4vYvv6pELJBtegKQJo/UE+7YrPvCG42SOZM1g57mlDnlgrQ+hzg460160ar
oZ41mnqojtroUWbAxjM/xxamA0S26+GBpV/K819Eew8JF1IfHzxNkNJWwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcW/c3gtoP7nSBzPHKYK9v/KEcjMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOXhiOXplQzJnX3VkSUhNOGNwZ3IyXzhvUnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH00+MA0G
CSqGSIb3DQEBCwUAA4IBAQCVcsYM/M+lqbwTvpKHWbR21+YTW5kype7eWc7sjQRo
LrGPfa4Je2/VCajkEX5AGqoZtWU+zWaUSukZOK7so6zwlBTM4QX5B8Rn/VftfDH0
joZ7qq5yRFKxrpabNxcOy6fLQFtnDMIcie+3jFaXc0R+iIUMu5lq1xdx35fXX4nh
f6molYI5XXB43h6O3X5MILYzmMgD/6yjKZ/PFBrtjF+cGY4YyfMEygawjOUh0Q2n
k/RUf18+7RxGmbpLysqnZa/sGLPXCYcqgqFRIUOmcb43HBiYanuI6sT7FfQRoJ3d
0F20TXURD6JVF6ei49FZMBSFGZideFm2q7xd7779sqvW
-----END CERTIFICATE-----