Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Qzp1X_cdGhAWcoHyyXKzWk1GH_M.roa
File:                     Qzp1X_cdGhAWcoHyyXKzWk1GH_M.roa (raw, json)
Hash identifier:          iHKKJ7CBROly8ADK164nKSWhVDR2KSLLM86SNBeOf70=
Subject key identifier:   43:3A:75:5F:F7:1D:1A:10:16:72:81:F2:C9:72:B3:5A:4D:46:1F:F3
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E9DFFDC6801CAF594310C2B7AFF6F9C04
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Qzp1X_cdGhAWcoHyyXKzWk1GH_M.roa
Signing time:             Sat 06 Jun 2026 17:34:11 +0000
ROA not before:           Sat 06 Jun 2026 17:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402221
IP address blocks:        31.77.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9d:ff:dc:68:01:ca:f5:94:31:0c:2b:7a:ff:6f:9c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  6 17:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=433a755ff71d1a10167281f2c972b35a4d461ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:cd:97:11:61:9e:a4:a1:25:fd:62:f1:79:dd:
                    45:65:4f:0d:90:8f:14:e1:53:67:53:70:86:1a:72:
                    b4:f2:c8:bb:51:0e:77:7f:33:f9:3e:a7:13:a2:bb:
                    fd:08:41:eb:04:31:39:ac:d3:ea:27:d8:dd:68:63:
                    f2:5a:fc:ef:f8:60:89:05:ee:21:44:d4:0b:65:9d:
                    bb:ae:36:0d:5b:2e:ad:73:1c:16:ab:7e:5b:00:6d:
                    a6:97:7c:1a:30:ef:c8:0b:ed:d0:e1:b1:2b:c2:61:
                    f6:5b:c9:8b:40:e6:05:6e:e2:94:d1:6a:fd:a4:d6:
                    11:66:64:18:09:f3:06:73:c5:20:28:60:cc:07:5b:
                    5a:3b:83:65:76:89:6e:94:66:20:da:a9:bb:d9:e1:
                    7c:74:45:0b:85:2c:26:ec:6f:42:58:8f:70:36:2f:
                    15:10:d8:4c:fd:e1:09:77:7e:77:90:3a:3c:9a:69:
                    e8:de:69:c4:d4:c1:21:1c:50:51:e0:8b:82:b6:b3:
                    52:80:1f:5a:93:77:9e:7e:b2:ed:30:a2:af:43:7f:
                    94:45:8c:31:62:4e:4f:4c:00:06:49:c2:35:69:58:
                    41:c5:d7:b8:0e:d6:a6:2e:12:90:89:a4:aa:b1:10:
                    d8:48:45:c6:21:a2:17:a1:53:59:cb:da:bf:1f:13:
                    94:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3A:75:5F:F7:1D:1A:10:16:72:81:F2:C9:72:B3:5A:4D:46:1F:F3
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Qzp1X_cdGhAWcoHyyXKzWk1GH_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:65:1b:61:1f:5d:3b:63:7a:97:ac:2f:6f:1f:95:f7:19:d8:
         07:4f:ca:1d:08:81:53:85:88:96:33:90:24:e9:67:90:91:9c:
         13:6b:74:00:81:fe:44:04:2a:dc:bb:8b:ab:d7:42:b2:ca:c4:
         42:1d:73:05:a2:32:8b:29:9b:db:38:cf:b9:09:00:e6:b1:33:
         f2:62:73:1e:ec:18:d5:7f:aa:40:7f:a1:15:0e:56:9d:a2:c7:
         7a:f5:fb:b2:d3:87:1c:28:1c:45:ee:bd:a7:a2:d8:6d:bb:0b:
         2c:91:c6:61:62:2e:96:02:7e:89:c9:ba:a8:a9:67:07:b8:ab:
         c1:1a:72:0f:63:c2:89:3f:b2:fb:80:fb:bb:12:f9:0e:bb:f0:
         b5:19:90:f0:eb:3a:2e:e4:cc:d2:d0:47:48:e3:7e:6b:6e:4c:
         f5:91:3f:e8:13:3f:7f:da:81:d5:f7:b0:70:19:f3:e0:02:25:
         2c:80:de:5e:71:18:9c:dd:ab:e4:50:8d:f4:68:2e:18:21:cd:
         90:40:3c:50:75:e6:09:da:cf:c8:d5:97:a0:42:6e:1c:61:cb:
         44:81:86:de:c4:0c:cb:82:56:5f:47:87:94:c0:6f:08:fe:36:
         23:31:bc:4f:e2:83:85:10:3f:87:c3:5b:8a:a7:a7:20:9a:67:
         a0:05:dd:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6d/9xoAcr1lDEMK3r/b5wEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA2MTczNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzNhNzU1ZmY3MWQxYTEwMTY3MjgxZjJjOTcyYjM1YTRkNDYxZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA882XEWGepKEl/WLxed1FZU8NkI8U
4VNnU3CGGnK08si7UQ53fzP5PqcTorv9CEHrBDE5rNPqJ9jdaGPyWvzv+GCJBe4h
RNQLZZ27rjYNWy6tcxwWq35bAG2ml3waMO/IC+3Q4bErwmH2W8mLQOYFbuKU0Wr9
pNYRZmQYCfMGc8UgKGDMB1taO4NldolulGYg2qm72eF8dEULhSwm7G9CWI9wNi8V
ENhM/eEJd353kDo8mmno3mnE1MEhHFBR4IuCtrNSgB9ak3eefrLtMKKvQ3+URYwx
Yk5PTAAGScI1aVhBxde4DtamLhKQiaSqsRDYSEXGIaIXoVNZy9q/HxOUGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM6dV/3HRoQFnKB8slys1pNRh/zMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUXpwMVhfY2RHaEFXY29IeXlYS3pXazFHSF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03hMA0G
CSqGSIb3DQEBCwUAA4IBAQBFZRthH107Y3qXrC9vH5X3GdgHT8odCIFThYiWM5Ak
6WeQkZwTa3QAgf5EBCrcu4ur10KyysRCHXMFojKLKZvbOM+5CQDmsTPyYnMe7BjV
f6pAf6EVDladosd69fuy04ccKBxF7r2nothtuwsskcZhYi6WAn6JybqoqWcHuKvB
GnIPY8KJP7L7gPu7EvkOu/C1GZDw6zou5MzS0EdI435rbkz1kT/oEz9/2oHV97Bw
GfPgAiUsgN5ecRic3avkUI30aC4YIc2QQDxQdeYJ2s/I1ZegQm4cYctEgYbexAzL
glZfR4eUwG8I/jYjMbxP4oOFED+Hw1uKp6cgmmegBd0J
-----END CERTIFICATE-----