Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tjmXMKAr-cQfkrA-GzcZeVOK8w4.roa
File:                     tjmXMKAr-cQfkrA-GzcZeVOK8w4.roa (raw, json)
Hash identifier:          ZxRtopc89g9flBgd/7dMG/PMvi0SvkTW8ukiM+iywfw=
Subject key identifier:   B6:39:97:30:A0:2B:F9:C4:1F:92:B0:3E:1B:37:19:79:53:8A:F3:0E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E4B9ADA52CBAB14BC9A04270D4242190C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tjmXMKAr-cQfkrA-GzcZeVOK8w4.roa
Signing time:             Thu 21 May 2026 17:35:00 +0000
ROA not before:           Thu 21 May 2026 17:35:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49608
IP address blocks:        31.77.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:9a:da:52:cb:ab:14:bc:9a:04:27:0d:42:42:19:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 21 17:35:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6399730a02bf9c41f92b03e1b371979538af30e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:46:01:2f:1f:b5:a9:cd:a5:58:27:d6:62:51:
                    cd:8c:0f:3f:4f:16:3b:bd:cd:4c:dd:7b:3d:b4:77:
                    b7:72:86:bd:07:fd:57:fc:49:47:ea:52:c4:1b:cf:
                    af:c8:a7:1f:ac:ef:dc:6f:fb:79:14:9f:17:b0:7a:
                    ae:8f:be:08:f4:56:4b:e3:35:31:24:c2:c4:ab:be:
                    ac:56:14:6b:92:87:cb:a9:15:89:43:2d:52:c7:d0:
                    55:f6:90:af:0e:12:25:38:24:03:49:1f:a4:af:10:
                    77:26:b4:ad:bf:96:8d:d3:f8:b8:c0:a7:12:d7:ee:
                    67:68:78:6b:a4:a0:56:c9:2e:87:be:86:94:a2:ee:
                    30:d8:69:10:a5:22:70:2b:cb:67:34:31:2f:2f:aa:
                    c7:22:17:d6:5e:ff:de:46:89:84:6b:0f:04:3c:bf:
                    80:2a:71:c2:48:1a:3b:9a:37:83:8d:65:2c:7d:e7:
                    91:91:c4:35:00:80:c4:91:ed:8a:42:6a:11:30:f1:
                    cc:9d:78:2b:83:29:11:29:e4:07:98:8d:cd:45:d7:
                    95:f7:09:74:e6:cc:fd:3b:c1:e5:b6:ba:0c:bd:f6:
                    2b:b9:33:74:cf:d0:a7:90:ba:08:1c:8f:81:d1:db:
                    ca:56:3e:c0:b1:c4:63:04:91:0c:3d:ec:81:f7:e9:
                    6a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:39:97:30:A0:2B:F9:C4:1F:92:B0:3E:1B:37:19:79:53:8A:F3:0E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tjmXMKAr-cQfkrA-GzcZeVOK8w4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:48:94:19:54:5d:b7:08:f0:28:92:62:8c:de:06:9a:70:75:
         e8:58:88:69:a5:9f:dc:10:31:a3:fa:34:53:f8:da:96:b5:2d:
         3d:e2:6d:7e:38:5d:9b:f2:e8:53:e7:fb:b8:40:4f:c5:97:60:
         d0:59:34:fb:2a:59:53:c4:b2:8f:d2:d5:cc:b6:dc:bb:50:cc:
         81:82:58:a9:b4:97:7f:bf:33:ed:a3:cb:87:cb:ef:29:4f:48:
         82:47:1e:51:a9:b6:74:09:ce:5f:61:ac:6c:df:48:39:57:cf:
         b9:7e:cd:68:6a:7a:43:b5:a9:4b:a9:0b:99:08:e6:3f:e5:60:
         78:74:a1:7e:a8:87:b4:dc:6b:f6:93:8d:46:ea:c6:74:4b:70:
         b3:b6:7c:89:84:ec:92:f1:08:8c:08:51:b5:84:8e:d7:a7:4f:
         e4:ee:11:c3:95:ed:f2:47:6a:9f:4a:68:48:a1:ec:16:66:74:
         a8:0b:7b:08:5a:2f:82:3d:f0:22:6b:be:30:bd:fa:19:11:ce:
         83:b0:78:cb:31:24:35:14:f0:d3:57:62:41:4c:da:88:44:08:
         70:6f:fe:4c:f2:86:75:be:b6:ca:0b:05:c5:1f:ec:7a:20:03:
         ee:1b:ac:e9:05:19:b4:d0:b6:f7:58:6d:15:df:e9:de:ce:2d:
         e5:85:59:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5LmtpSy6sUvJoEJw1CQhkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIxMTczNTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjM5OTczMGEwMmJmOWM0MWY5MmIwM2UxYjM3MTk3OTUzOGFmMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UYBLx+1qc2lWCfWYlHNjA8/TxY7
vc1M3Xs9tHe3coa9B/1X/ElH6lLEG8+vyKcfrO/cb/t5FJ8XsHquj74I9FZL4zUx
JMLEq76sVhRrkofLqRWJQy1Sx9BV9pCvDhIlOCQDSR+krxB3JrStv5aN0/i4wKcS
1+5naHhrpKBWyS6HvoaUou4w2GkQpSJwK8tnNDEvL6rHIhfWXv/eRomEaw8EPL+A
KnHCSBo7mjeDjWUsfeeRkcQ1AIDEke2KQmoRMPHMnXgrgykRKeQHmI3NRdeV9wl0
5sz9O8HltroMvfYruTN0z9CnkLoIHI+B0dvKVj7AscRjBJEMPeyB9+lq9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLY5lzCgK/nEH5KwPhs3GXlTivMOMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdGptWE1LQXItY1Fma3JBLUd6Y1plVk9LOHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH031MA0G
CSqGSIb3DQEBCwUAA4IBAQB7SJQZVF23CPAokmKM3gaacHXoWIhppZ/cEDGj+jRT
+NqWtS094m1+OF2b8uhT5/u4QE/Fl2DQWTT7KllTxLKP0tXMtty7UMyBgliptJd/
vzPto8uHy+8pT0iCRx5RqbZ0Cc5fYaxs30g5V8+5fs1oanpDtalLqQuZCOY/5WB4
dKF+qIe03Gv2k41G6sZ0S3CztnyJhOyS8QiMCFG1hI7Xp0/k7hHDle3yR2qfSmhI
oewWZnSoC3sIWi+CPfAia74wvfoZEc6DsHjLMSQ1FPDTV2JBTNqIRAhwb/5M8oZ1
vrbKCwXFH+x6IAPuG6zpBRm00Lb3WG0V3+nezi3lhVkb
-----END CERTIFICATE-----