Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hxG9PVnYGejyabTP-qa5NjkUbRc.roa
File:                     hxG9PVnYGejyabTP-qa5NjkUbRc.roa (raw, json)
Hash identifier:          M8IjuEaLeb2heqDgEO3WOHWguvPwQeDqV619SgPrFdI=
Subject key identifier:   87:11:BD:3D:59:D8:19:E8:F2:69:B4:CF:FA:A6:B9:36:39:14:6D:17
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E7F57D99275EC06213ADCE6F3E8840BA7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hxG9PVnYGejyabTP-qa5NjkUbRc.roa
Signing time:             Sun 31 May 2026 18:42:04 +0000
ROA not before:           Sun 31 May 2026 18:42:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197234
IP address blocks:        31.77.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7f:57:d9:92:75:ec:06:21:3a:dc:e6:f3:e8:84:0b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 31 18:42:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8711bd3d59d819e8f269b4cffaa6b93639146d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2c:9b:ac:a4:cd:44:c8:aa:a5:1a:58:c9:16:
                    e0:3a:43:c9:d4:f3:6c:7a:e0:b0:ee:d7:84:6d:ed:
                    f0:7f:ab:02:20:b7:e0:e9:dd:70:c6:35:92:1f:87:
                    c9:9c:17:fb:f7:1d:68:91:54:ed:f4:7a:7e:af:a5:
                    83:40:7f:4a:7f:32:63:b8:12:64:00:d5:13:bc:25:
                    bf:0b:05:e9:cd:1e:29:e3:2c:e7:c9:72:f8:a5:86:
                    2b:0a:35:8f:27:fe:98:ed:d6:cb:0b:f2:57:0d:fe:
                    98:a1:14:f9:6c:bc:7c:90:4a:81:78:fc:e4:53:9d:
                    1f:9d:2b:7f:23:29:01:dd:3c:ab:05:83:cb:20:a7:
                    43:71:f1:96:e9:dc:65:5c:b4:30:7e:70:1e:bc:b6:
                    73:43:44:22:b7:02:6e:85:01:a7:a1:00:55:8f:15:
                    79:1e:11:09:66:04:b7:c5:c4:f4:cd:e2:94:95:36:
                    54:d7:2e:08:09:55:22:d5:cd:c5:fa:a6:6b:77:6f:
                    b0:6a:2a:76:86:c8:49:c5:71:ba:8d:c5:98:6b:77:
                    0a:e2:4a:52:67:e2:c7:65:aa:d1:16:81:af:1e:57:
                    09:82:72:21:b6:1d:ea:6c:52:af:65:ed:3c:79:7c:
                    f6:6b:ae:b8:be:81:1e:75:2b:7b:6a:ad:f5:b4:7a:
                    19:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:11:BD:3D:59:D8:19:E8:F2:69:B4:CF:FA:A6:B9:36:39:14:6D:17
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hxG9PVnYGejyabTP-qa5NjkUbRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ff:33:16:f5:83:d4:b5:19:50:f5:15:f2:23:56:86:de:1c:
         4d:f1:32:4c:51:ca:1e:5f:36:60:41:6f:b1:3a:36:98:b0:9d:
         38:ce:67:ee:ba:ce:a0:fa:9e:f8:e1:1f:d8:7a:61:07:e8:94:
         a3:b9:b6:04:1b:89:59:67:b8:60:64:0d:99:e6:8b:ca:5b:32:
         ee:9d:1c:c0:1e:cf:9b:e6:b4:72:5c:a7:99:06:e3:1d:a2:7e:
         20:d6:62:89:9c:97:9d:ef:2c:0a:f4:91:02:1e:91:a4:94:2f:
         71:76:c9:98:71:e7:cf:80:47:4a:b3:34:e2:0b:40:f7:9e:22:
         8e:7c:e8:aa:dd:89:35:80:e7:fc:e2:e7:1d:50:46:b2:85:d0:
         cd:d2:8b:a5:41:70:44:08:c4:d4:ff:ea:c6:50:4c:c9:a5:ab:
         88:13:70:81:56:3f:3d:e7:be:cf:a8:bb:77:c1:54:c1:b1:12:
         8f:5d:10:de:16:a9:8c:c8:81:d0:c8:bc:e5:ed:eb:f4:b2:4b:
         4a:76:06:e3:14:e6:c1:ca:d5:f6:df:38:47:a9:d7:5f:b7:ef:
         c8:44:f6:80:7d:a0:e7:8f:16:2e:23:76:09:8c:0a:d0:92:6b:
         b5:cf:68:14:3a:01:e4:b2:dd:04:1c:0e:15:17:12:fa:69:12:
         99:1d:dd:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5/V9mSdewGITrc5vPohAunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTMxMTg0MjA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzExYmQzZDU5ZDgxOWU4ZjI2OWI0Y2ZmYWE2YjkzNjM5MTQ2ZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiybrKTNRMiqpRpYyRbgOkPJ1PNs
euCw7teEbe3wf6sCILfg6d1wxjWSH4fJnBf79x1okVTt9Hp+r6WDQH9KfzJjuBJk
ANUTvCW/CwXpzR4p4yznyXL4pYYrCjWPJ/6Y7dbLC/JXDf6YoRT5bLx8kEqBePzk
U50fnSt/IykB3TyrBYPLIKdDcfGW6dxlXLQwfnAevLZzQ0QitwJuhQGnoQBVjxV5
HhEJZgS3xcT0zeKUlTZU1y4ICVUi1c3F+qZrd2+waip2hshJxXG6jcWYa3cK4kpS
Z+LHZarRFoGvHlcJgnIhth3qbFKvZe08eXz2a664voEedSt7aq31tHoZ/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcRvT1Z2Bno8mm0z/qmuTY5FG0XMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaHhHOVBWbllHZWp5YWJUUC1xYTVOamtVYlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH01+MA0G
CSqGSIb3DQEBCwUAA4IBAQCy/zMW9YPUtRlQ9RXyI1aG3hxN8TJMUcoeXzZgQW+x
OjaYsJ04zmfuus6g+p744R/YemEH6JSjubYEG4lZZ7hgZA2Z5ovKWzLunRzAHs+b
5rRyXKeZBuMdon4g1mKJnJed7ywK9JECHpGklC9xdsmYcefPgEdKszTiC0D3niKO
fOiq3Yk1gOf84ucdUEayhdDN0oulQXBECMTU/+rGUEzJpauIE3CBVj89577PqLt3
wVTBsRKPXRDeFqmMyIHQyLzl7ev0sktKdgbjFObBytX23zhHqddft+/IRPaAfaDn
jxYuI3YJjArQkmu1z2gUOgHkst0EHA4VFxL6aRKZHd0/
-----END CERTIFICATE-----