Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KclZSjndt3VKzqHuF37rLxYnRhg.roa
File:                     KclZSjndt3VKzqHuF37rLxYnRhg.roa (raw, json)
Hash identifier:          oQnczyCNS/WnR6CN5bKTNghpdZ5bp+gij0sOsekSguk=
Subject key identifier:   29:C9:59:4A:39:DD:B7:75:4A:CE:A1:EE:17:7E:EB:2F:16:27:46:18
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EA52CF2C215D482CFD18F1CD1EB771C34
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KclZSjndt3VKzqHuF37rLxYnRhg.roa
Signing time:             Mon 08 Jun 2026 03:00:46 +0000
ROA not before:           Mon 08 Jun 2026 03:00:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31924
IP address blocks:        31.77.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:2c:f2:c2:15:d4:82:cf:d1:8f:1c:d1:eb:77:1c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  8 03:00:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29c9594a39ddb7754acea1ee177eeb2f16274618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:aa:be:1e:68:61:50:70:15:6f:20:e3:ae:
                    42:e1:25:fb:3a:74:3d:95:16:f0:d1:60:be:ae:d2:
                    25:f4:f9:b1:05:5e:d8:1a:b2:85:26:c6:98:9b:e7:
                    c1:d3:5e:77:16:5c:cd:dd:d6:3e:2c:3c:7f:e4:e5:
                    7a:5f:d6:59:c2:aa:94:d6:31:38:40:97:44:da:c9:
                    9e:d0:28:aa:79:86:db:77:ec:c3:5d:b0:c6:7f:37:
                    12:35:f2:f7:3f:6c:e4:f0:70:7f:6f:ca:62:ac:1e:
                    54:9a:cd:ce:2b:f5:3d:17:1e:e2:f2:37:19:66:f5:
                    3e:50:79:6a:08:62:6c:43:b6:8b:84:2b:d3:40:19:
                    4c:c3:dc:cb:08:df:62:37:97:a0:cc:6d:00:5e:0e:
                    c4:e9:72:77:0b:b8:1e:8e:84:fb:63:79:92:e4:e3:
                    f5:57:71:26:76:7e:ea:51:02:c8:2d:4a:1a:bf:16:
                    e3:b3:85:23:47:e4:db:35:82:f1:1c:23:77:67:7b:
                    41:8d:91:14:5a:9c:fb:61:89:fb:e5:06:54:45:da:
                    2d:82:6a:91:c9:52:41:fd:6d:f7:ed:5d:1c:3c:e6:
                    ef:b8:d1:aa:61:28:1d:ed:c6:22:84:1e:73:b0:93:
                    09:55:bd:89:fb:3d:48:7a:ec:0d:00:a7:af:27:22:
                    31:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C9:59:4A:39:DD:B7:75:4A:CE:A1:EE:17:7E:EB:2F:16:27:46:18
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KclZSjndt3VKzqHuF37rLxYnRhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:60:af:c7:30:d8:94:a6:e2:2f:f2:eb:e4:cd:ba:76:a8:70:
         8b:0f:3d:ef:55:1f:46:17:9e:c5:c9:83:7e:08:90:ac:8a:33:
         e3:3c:db:0b:d6:dc:e2:48:cc:16:5e:62:e9:40:83:fb:ac:b5:
         e0:95:17:da:0d:97:44:14:f6:9a:e7:a7:5b:e3:2d:21:f0:b6:
         39:24:73:bf:1e:99:e3:32:e5:57:45:0b:5e:1d:47:c0:ad:1a:
         8b:e2:f1:28:80:5d:8d:86:e7:94:33:aa:39:6d:e0:40:7b:62:
         6b:0c:45:37:8f:14:a9:ed:f7:ec:66:db:d9:10:d0:92:93:df:
         33:df:95:9c:97:74:c5:9c:79:4e:5f:8a:73:32:67:74:61:05:
         4a:34:18:2e:f2:c8:69:87:25:25:a2:bd:4c:71:d1:e5:ea:4a:
         e9:cd:f9:a4:40:8a:a7:63:30:98:b4:01:98:1c:26:ba:7d:6e:
         d2:99:fe:21:cc:5c:9e:47:b8:ee:2d:98:59:56:ac:f6:a2:10:
         1e:a0:c8:48:22:6c:05:b3:b4:cb:ee:99:f3:70:4d:6c:af:5f:
         0c:f3:58:a8:2a:51:d8:56:17:3e:d1:b1:72:27:8d:8e:1a:d2:
         c8:b6:34:d6:57:af:00:8c:19:4d:b8:6a:13:5c:82:0f:1e:47:
         05:61:a4:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6lLPLCFdSCz9GPHNHrdxw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA4MDMwMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM5NTk0YTM5ZGRiNzc1NGFjZWExZWUxNzdlZWIyZjE2Mjc0NjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptKqvh5oYVBwFW8g465C4SX7OnQ9
lRbw0WC+rtIl9PmxBV7YGrKFJsaYm+fB0153FlzN3dY+LDx/5OV6X9ZZwqqU1jE4
QJdE2sme0CiqeYbbd+zDXbDGfzcSNfL3P2zk8HB/b8pirB5Ums3OK/U9Fx7i8jcZ
ZvU+UHlqCGJsQ7aLhCvTQBlMw9zLCN9iN5egzG0AXg7E6XJ3C7gejoT7Y3mS5OP1
V3Emdn7qUQLILUoavxbjs4UjR+TbNYLxHCN3Z3tBjZEUWpz7YYn75QZURdotgmqR
yVJB/W337V0cPObvuNGqYSgd7cYihB5zsJMJVb2J+z1IeuwNAKevJyIxawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnJWUo53bd1Ss6h7hd+6y8WJ0YYMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvS2NsWlNqbmR0M1ZLenFIdUYzN3JMeFluUmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03XMA0G
CSqGSIb3DQEBCwUAA4IBAQAxYK/HMNiUpuIv8uvkzbp2qHCLDz3vVR9GF57FyYN+
CJCsijPjPNsL1tziSMwWXmLpQIP7rLXglRfaDZdEFPaa56db4y0h8LY5JHO/Hpnj
MuVXRQteHUfArRqL4vEogF2NhueUM6o5beBAe2JrDEU3jxSp7ffsZtvZENCSk98z
35Wcl3TFnHlOX4pzMmd0YQVKNBgu8shphyUlor1McdHl6krpzfmkQIqnYzCYtAGY
HCa6fW7Smf4hzFyeR7juLZhZVqz2ohAeoMhIImwFs7TL7pnzcE1sr18M81ioKlHY
Vhc+0bFyJ42OGtLItjTWV68AjBlNuGoTXIIPHkcFYaSo
-----END CERTIFICATE-----