Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ILKvMZy3Mx8E3Mn5892e_spcwzY.roa
File:                     ILKvMZy3Mx8E3Mn5892e_spcwzY.roa (raw, json)
Hash identifier:          Sdj2G4hVQ7N+WaeE60xxVpmmP+RRXNltugsEMWUZj18=
Subject key identifier:   20:B2:AF:31:9C:B7:33:1F:04:DC:C9:F9:F3:DD:9E:FE:CA:5C:C3:36
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E6AE0A623E186BC0722493ADAA54A9F6D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ILKvMZy3Mx8E3Mn5892e_spcwzY.roa
Signing time:             Wed 27 May 2026 19:19:27 +0000
ROA not before:           Wed 27 May 2026 19:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197283
IP address blocks:        31.76.31.0/24 maxlen: 24
                          31.76.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:e0:a6:23:e1:86:bc:07:22:49:3a:da:a5:4a:9f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 27 19:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20b2af319cb7331f04dcc9f9f3dd9efeca5cc336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ac:89:88:93:f2:76:7f:2b:9c:71:2c:8a:f9:
                    4c:49:6c:50:8c:e7:f0:90:78:12:f0:d3:4c:7c:6f:
                    39:f0:15:25:b3:fc:6c:53:bd:75:34:4b:16:05:0a:
                    48:1a:d8:e6:14:e0:07:b6:a3:fc:bc:c0:af:15:0f:
                    9a:86:53:69:5b:98:a9:ff:88:07:a4:71:c1:fe:18:
                    99:b0:d2:2d:2d:0e:ac:cc:4b:f1:85:8a:a1:41:63:
                    0a:b5:f1:e5:db:ee:e1:4a:1c:c7:57:d7:15:a2:74:
                    8b:55:0a:0d:6f:c1:d3:a9:3a:70:49:19:89:b5:71:
                    de:d4:03:d4:fa:39:e6:2b:07:ae:27:48:e1:d3:e9:
                    9b:37:b5:a2:1d:06:bf:9e:a9:67:c0:15:4b:6b:3c:
                    bb:46:6d:68:57:02:ab:f3:9d:69:aa:dc:33:3b:10:
                    c5:b1:8e:b9:ec:c4:bc:da:9c:2a:b0:e5:a5:14:eb:
                    ee:b6:62:51:68:97:d6:fc:ff:ae:c2:a0:05:4d:7f:
                    85:43:08:bb:56:ac:bc:fb:e7:9f:cb:b4:5a:7e:3c:
                    63:70:aa:58:43:e1:9a:b4:88:9a:31:05:b7:af:f4:
                    39:3f:cf:64:71:12:8d:c2:40:df:0e:a2:a4:5b:57:
                    76:7c:a2:47:86:8b:4e:56:c3:44:ce:b8:53:06:3d:
                    04:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B2:AF:31:9C:B7:33:1F:04:DC:C9:F9:F3:DD:9E:FE:CA:5C:C3:36
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ILKvMZy3Mx8E3Mn5892e_spcwzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.76.31.0/24
                  31.76.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:1f:68:e3:54:4b:62:ce:18:58:f5:1d:90:77:d8:2a:ca:80:
         d9:e7:e1:0e:1e:5d:88:22:42:3e:4d:3b:7c:86:f2:30:f5:06:
         e7:5d:6b:9d:ef:25:bb:8b:4e:08:ff:f7:39:cd:a3:e9:a9:ee:
         a9:f3:93:5b:ca:15:36:1b:91:32:54:81:0b:09:31:b9:f0:dd:
         d4:27:e9:a6:79:31:78:c8:f4:87:5d:85:f6:76:8e:13:f9:fc:
         10:5b:0f:c2:99:b8:64:10:6a:1a:8b:a0:c2:ed:ab:9a:aa:9d:
         7f:e7:9b:96:1b:b2:7a:cf:0b:b1:27:c0:08:20:3b:58:5e:4a:
         b7:43:d2:b4:0c:36:73:cc:4d:ca:cd:29:e0:2d:94:30:4a:68:
         d1:0e:ac:93:b7:ab:9a:a5:3b:0f:ba:5b:94:99:c9:c1:6e:0b:
         ba:36:52:02:69:ef:64:ff:14:da:11:4a:1a:6a:c8:69:35:81:
         ce:8a:89:e3:e8:d1:84:e6:77:32:39:66:a2:a2:7f:27:76:e8:
         82:c3:77:5f:36:78:40:17:87:f1:58:1b:18:03:73:4e:d8:47:
         dc:18:88:a1:b4:21:d2:d8:24:c2:1e:4f:ab:fc:56:40:f5:41:
         f8:90:81:d2:ab:11:d0:54:10:d4:a2:6b:50:66:b1:76:89:f2:
         af:32:9f:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5q4KYj4Ya8ByJJOtqlSp9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI3MTkxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGIyYWYzMTljYjczMzFmMDRkY2M5ZjlmM2RkOWVmZWNhNWNjMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKyJiJPydn8rnHEsivlMSWxQjOfw
kHgS8NNMfG858BUls/xsU711NEsWBQpIGtjmFOAHtqP8vMCvFQ+ahlNpW5ip/4gH
pHHB/hiZsNItLQ6szEvxhYqhQWMKtfHl2+7hShzHV9cVonSLVQoNb8HTqTpwSRmJ
tXHe1APU+jnmKweuJ0jh0+mbN7WiHQa/nqlnwBVLazy7Rm1oVwKr851pqtwzOxDF
sY657MS82pwqsOWlFOvutmJRaJfW/P+uwqAFTX+FQwi7Vqy8++efy7RafjxjcKpY
Q+GatIiaMQW3r/Q5P89kcRKNwkDfDqKkW1d2fKJHhotOVsNEzrhTBj0EhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCyrzGctzMfBNzJ+fPdnv7KXMM2MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSUxLdk1aeTNNeDhFM01uNTg5MmVfc3Bjd3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH0wfAwQA
H0xlMA0GCSqGSIb3DQEBCwUAA4IBAQAfH2jjVEtizhhY9R2Qd9gqyoDZ5+EOHl2I
IkI+TTt8hvIw9QbnXWud7yW7i04I//c5zaPpqe6p85NbyhU2G5EyVIELCTG58N3U
J+mmeTF4yPSHXYX2do4T+fwQWw/CmbhkEGoai6DC7auaqp1/55uWG7J6zwuxJ8AI
IDtYXkq3Q9K0DDZzzE3KzSngLZQwSmjRDqyTt6uapTsPuluUmcnBbgu6NlICae9k
/xTaEUoaashpNYHOionj6NGE5ncyOWaion8nduiCw3dfNnhAF4fxWBsYA3NO2Efc
GIihtCHS2CTCHk+r/FZA9UH4kIHSqxHQVBDUomtQZrF2ifKvMp8E
-----END CERTIFICATE-----