Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FV6AjieMDb9qV8N_s1DiicBKYIs.roa
File:                     FV6AjieMDb9qV8N_s1DiicBKYIs.roa (raw, json)
Hash identifier:          +zxX0vUZpiJdvjoHbTi6cpNqZAN2CKLbRVzDqTRF+8k=
Subject key identifier:   15:5E:80:8E:27:8C:0D:BF:6A:57:C3:7F:B3:50:E2:89:C0:4A:60:8B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E749DA31CC37F864BABEBBF251DC5D48A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FV6AjieMDb9qV8N_s1DiicBKYIs.roa
Signing time:             Fri 29 May 2026 16:42:28 +0000
ROA not before:           Fri 29 May 2026 16:42:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9318
IP address blocks:        31.77.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:9d:a3:1c:c3:7f:86:4b:ab:eb:bf:25:1d:c5:d4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 29 16:42:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=155e808e278c0dbf6a57c37fb350e289c04a608b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:70:43:a5:70:22:2b:13:2f:93:93:79:71:17:
                    85:0f:36:eb:76:0d:31:ce:f5:05:01:22:09:fe:95:
                    20:7a:00:c8:3b:ae:53:a7:64:3d:bc:2d:ad:e4:84:
                    3d:b6:4e:56:9e:c0:7f:07:af:79:0b:3a:ae:43:44:
                    57:de:50:50:9e:c2:22:39:a8:3f:7f:0f:85:1d:29:
                    22:d5:34:e4:cc:20:ed:05:13:14:5a:6d:41:d5:89:
                    25:63:79:2c:37:6f:7e:53:14:4a:eb:bc:a9:54:ef:
                    77:a1:0b:14:7b:39:79:62:de:8b:77:bc:96:c6:fb:
                    99:c2:38:6e:0d:52:14:c6:99:f6:1c:fd:95:2a:32:
                    12:77:c1:18:f5:18:78:27:ab:88:22:27:a0:0e:07:
                    15:26:f2:9d:f3:15:50:8d:25:0f:c4:08:6f:e5:44:
                    6a:b4:31:09:98:15:16:51:a6:49:36:6d:ad:d9:54:
                    39:e5:b7:c7:52:3c:38:7f:fb:a9:eb:da:72:87:67:
                    aa:41:32:2d:19:db:88:96:8c:08:d0:d5:1e:c3:01:
                    44:0f:bd:87:0c:0f:99:65:fc:18:98:ca:3e:ba:2e:
                    24:52:b6:7b:2e:0c:19:10:e9:a3:08:8f:e7:23:e1:
                    bf:12:49:11:d7:04:d6:8a:5a:90:07:1f:51:8b:f7:
                    3e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5E:80:8E:27:8C:0D:BF:6A:57:C3:7F:B3:50:E2:89:C0:4A:60:8B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FV6AjieMDb9qV8N_s1DiicBKYIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:79:f1:9c:73:46:44:21:93:78:da:79:d9:ea:76:c2:ce:ee:
         57:a4:fb:c5:04:e4:22:6d:39:29:4f:1e:b5:2a:5a:e2:f1:29:
         71:b0:12:b8:b9:1e:06:e9:e5:d8:4a:7e:1f:2f:ff:18:1b:3c:
         ad:74:7a:65:d9:2f:30:b6:dd:a1:86:c9:81:61:d2:45:1a:e9:
         69:6e:d2:ac:cb:d0:c8:43:e4:0e:16:a8:f1:15:fc:ae:65:79:
         cd:50:99:c4:75:21:4b:cb:68:32:43:d9:5c:16:e1:e2:e2:1a:
         2f:ef:d9:77:42:e3:fe:74:c6:e9:db:29:10:61:f0:41:be:35:
         4c:b7:42:fa:4b:0a:f6:67:7f:a0:23:eb:6e:74:e6:f5:da:23:
         9a:36:99:5e:58:85:9d:df:12:bd:27:45:1d:ab:1c:db:bd:08:
         8f:eb:de:bf:70:c2:ee:9e:d5:1b:de:d5:59:91:9f:c9:49:b5:
         12:ba:d9:ee:6b:4d:b8:75:b3:f4:9a:04:06:6b:2d:cc:12:63:
         e7:24:e2:cc:a6:76:7b:46:85:12:58:7f:39:91:4d:d5:89:32:
         76:8b:32:84:ac:b8:84:71:8d:55:3a:52:ab:e6:3b:e6:b9:c4:
         bf:39:4a:72:de:39:bf:cd:a4:71:22:ca:ee:fe:90:c7:2e:82:
         2e:c3:ef:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ50naMcw3+GS6vrvyUdxdSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI5MTY0MjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTVlODA4ZTI3OGMwZGJmNmE1N2MzN2ZiMzUwZTI4OWMwNGE2MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03BDpXAiKxMvk5N5cReFDzbrdg0x
zvUFASIJ/pUgegDIO65Tp2Q9vC2t5IQ9tk5WnsB/B695CzquQ0RX3lBQnsIiOag/
fw+FHSki1TTkzCDtBRMUWm1B1YklY3ksN29+UxRK67ypVO93oQsUezl5Yt6Ld7yW
xvuZwjhuDVIUxpn2HP2VKjISd8EY9Rh4J6uIIiegDgcVJvKd8xVQjSUPxAhv5URq
tDEJmBUWUaZJNm2t2VQ55bfHUjw4f/up69pyh2eqQTItGduIlowI0NUewwFED72H
DA+ZZfwYmMo+ui4kUrZ7LgwZEOmjCI/nI+G/EkkR1wTWilqQBx9Ri/c+WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVegI4njA2/alfDf7NQ4onASmCLMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRlY2QWppZU1EYjlxVjhOX3MxRGlpY0JLWUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH039MA0G
CSqGSIb3DQEBCwUAA4IBAQC0efGcc0ZEIZN42nnZ6nbCzu5XpPvFBOQibTkpTx61
Klri8SlxsBK4uR4G6eXYSn4fL/8YGzytdHpl2S8wtt2hhsmBYdJFGulpbtKsy9DI
Q+QOFqjxFfyuZXnNUJnEdSFLy2gyQ9lcFuHi4hov79l3QuP+dMbp2ykQYfBBvjVM
t0L6Swr2Z3+gI+tudOb12iOaNpleWIWd3xK9J0UdqxzbvQiP696/cMLuntUb3tVZ
kZ/JSbUSutnua024dbP0mgQGay3MEmPnJOLMpnZ7RoUSWH85kU3ViTJ2izKErLiE
cY1VOlKr5jvmucS/OUpy3jm/zaRxIsru/pDHLoIuw+/d
-----END CERTIFICATE-----