Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oO5rpvS3gKhPnJmBS-Yn7hCrpp8.roa
File:                     oO5rpvS3gKhPnJmBS-Yn7hCrpp8.roa (raw, json)
Hash identifier:          RRv6576ZE6dEaBCdmsR9b3OgzFKBvdWKOSQKAkT1zzk=
Subject key identifier:   A0:EE:6B:A6:F4:B7:80:A8:4F:9C:99:81:4B:E6:27:EE:10:AB:A6:9F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E4D1EB1350BD8C03CE3F9BB69ADE6CA4E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oO5rpvS3gKhPnJmBS-Yn7hCrpp8.roa
Signing time:             Fri 22 May 2026 00:38:37 +0000
ROA not before:           Fri 22 May 2026 00:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400402
IP address blocks:        31.76.88.0/24 maxlen: 24
                          31.76.89.0/24 maxlen: 24
                          31.76.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4d:1e:b1:35:0b:d8:c0:3c:e3:f9:bb:69:ad:e6:ca:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 22 00:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0ee6ba6f4b780a84f9c99814be627ee10aba69f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6e:fd:56:54:07:b5:49:82:56:74:65:26:40:
                    77:5b:9d:e8:69:a9:9a:04:6c:ff:84:53:70:06:28:
                    f9:ac:ee:ce:be:4d:29:00:7f:1e:7a:1e:b2:ce:fd:
                    d1:eb:ff:61:63:65:dc:3a:b9:10:20:10:7e:21:da:
                    74:af:74:e5:eb:58:35:87:cd:85:98:c9:16:d1:7f:
                    ba:68:f6:97:34:c2:84:cd:ec:5f:8b:23:35:e3:51:
                    d3:9f:40:ab:c6:24:68:6b:ad:ed:ac:a8:5b:45:c0:
                    b2:b1:16:69:af:42:37:4c:36:ae:14:2a:d2:1b:df:
                    09:01:cf:98:a6:1b:f5:bb:5b:cd:5b:b5:c5:51:d4:
                    bc:7c:89:61:38:82:38:f5:87:05:a3:cf:b4:df:b0:
                    76:4a:7a:8f:ea:e9:36:bf:8e:d4:a0:e1:2f:af:f0:
                    24:ab:95:35:b2:89:3b:e5:86:ae:30:14:a5:17:72:
                    74:cc:df:ae:05:73:e2:3b:d4:bf:a2:f2:25:ee:96:
                    c2:ed:53:ab:e7:95:3b:fe:db:90:fc:11:c0:02:bf:
                    2d:73:c0:94:61:06:34:59:a2:34:8a:fd:eb:f5:fb:
                    25:eb:d6:e4:83:49:ca:8e:18:0b:f9:18:59:12:96:
                    0d:d4:f0:bc:b9:33:00:4c:5a:ea:b0:eb:76:54:cc:
                    33:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:EE:6B:A6:F4:B7:80:A8:4F:9C:99:81:4B:E6:27:EE:10:AB:A6:9F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/oO5rpvS3gKhPnJmBS-Yn7hCrpp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.76.88.0-31.76.90.255

    Signature Algorithm: sha256WithRSAEncryption
         af:82:e3:ad:1b:32:8d:e0:8f:ce:e0:6c:36:0b:fd:11:79:e4:
         fb:89:71:52:95:f1:12:cb:7f:82:fd:41:15:02:af:ad:31:54:
         47:53:c0:b9:34:39:15:84:8f:bb:ff:35:97:31:c5:ac:f9:16:
         8e:41:5c:ae:05:e2:ca:bf:85:91:a7:b2:74:1b:94:0b:fb:bd:
         2a:40:21:6b:21:3a:45:20:39:cd:c5:9f:64:33:30:41:a9:ed:
         2f:85:d8:55:75:5a:43:94:bf:5e:45:7d:e5:2f:44:76:5d:1f:
         e2:55:66:cb:3f:71:b5:31:2e:92:2b:6f:8b:a8:38:17:fb:89:
         f7:3c:54:a8:e1:9f:31:0b:20:5b:5d:c2:63:73:e0:08:a0:df:
         a6:b8:d3:5d:15:ea:95:fb:b9:2d:5a:49:3e:73:fe:ce:3c:c1:
         78:f5:32:48:90:15:77:90:25:be:a4:62:c3:0a:29:fb:fc:23:
         11:3b:ba:e8:bd:a4:d0:61:25:19:9b:9b:fb:d4:3e:ef:11:ef:
         cf:0b:be:56:0d:b6:ec:07:74:d4:a4:80:23:24:24:7e:f4:ac:
         0a:0c:12:7c:0f:95:d5:19:dd:33:3c:f4:7a:d9:7f:9e:55:24:
         52:23:09:14:72:8c:16:51:84:73:03:dd:6c:b6:f3:d3:38:f1:
         fa:ff:c7:b2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5NHrE1C9jAPOP5u2mt5spOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIyMDAzODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGVlNmJhNmY0Yjc4MGE4NGY5Yzk5ODE0YmU2MjdlZTEwYWJhNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG79VlQHtUmCVnRlJkB3W53oaama
BGz/hFNwBij5rO7Ovk0pAH8eeh6yzv3R6/9hY2XcOrkQIBB+Idp0r3Tl61g1h82F
mMkW0X+6aPaXNMKEzexfiyM141HTn0CrxiRoa63trKhbRcCysRZpr0I3TDauFCrS
G98JAc+Yphv1u1vNW7XFUdS8fIlhOII49YcFo8+037B2SnqP6uk2v47UoOEvr/Ak
q5U1sok75YauMBSlF3J0zN+uBXPiO9S/ovIl7pbC7VOr55U7/tuQ/BHAAr8tc8CU
YQY0WaI0iv3r9fsl69bkg0nKjhgL+RhZEpYN1PC8uTMATFrqsOt2VMwz7QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKDua6b0t4CoT5yZgUvmJ+4Qq6afMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvb081cnB2UzNnS2hQbkptQlMtWW43aENycHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMfTFgD
BAAfTFowDQYJKoZIhvcNAQELBQADggEBAK+C460bMo3gj87gbDYL/RF55PuJcVKV
8RLLf4L9QRUCr60xVEdTwLk0ORWEj7v/NZcxxaz5Fo5BXK4F4sq/hZGnsnQblAv7
vSpAIWshOkUgOc3Fn2QzMEGp7S+F2FV1WkOUv15FfeUvRHZdH+JVZss/cbUxLpIr
b4uoOBf7ifc8VKjhnzELIFtdwmNz4Aig36a4010V6pX7uS1aST5z/s48wXj1MkiQ
FXeQJb6kYsMKKfv8IxE7uui9pNBhJRmbm/vUPu8R788LvlYNtuwHdNSkgCMkJH70
rAoMEnwPldUZ3TM89HrZf55VJFIjCRRyjBZRhHMD3Wy289M48fr/x7I=
-----END CERTIFICATE-----