Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0zTUfY37GjpW_MRJ1eJ-AO8in0A.roa
File:                     0zTUfY37GjpW_MRJ1eJ-AO8in0A.roa (raw, json)
Hash identifier:          62rIZYPWax4J+ImDTxqovpxXxSxoOHWm8PrtHydcvzA=
Subject key identifier:   D3:34:D4:7D:8D:FB:1A:3A:56:FC:C4:49:D5:E2:7E:00:EF:22:9F:40
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E9E055A08BA0A3D8CCDEC31782DE353E1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0zTUfY37GjpW_MRJ1eJ-AO8in0A.roa
Signing time:             Sat 06 Jun 2026 17:40:11 +0000
ROA not before:           Sat 06 Jun 2026 17:40:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199417
IP address blocks:        31.77.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:05:5a:08:ba:0a:3d:8c:cd:ec:31:78:2d:e3:53:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  6 17:40:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d334d47d8dfb1a3a56fcc449d5e27e00ef229f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2c:e3:70:5d:8a:fd:9b:77:63:97:95:e1:78:
                    67:6e:58:c3:9e:7d:e3:fc:03:fa:45:5a:85:98:8c:
                    4a:1e:d2:16:96:46:91:8c:db:29:c5:cd:eb:c3:4a:
                    3f:7f:88:86:1e:97:63:c1:95:16:1b:f8:24:34:4f:
                    0f:9c:d7:e3:b9:bb:ce:cd:94:9a:4c:f4:3e:73:e2:
                    75:b2:78:c5:44:65:e5:70:4f:26:e0:9c:f2:72:b1:
                    9f:ed:ff:60:bf:7a:0a:0f:a5:8d:fe:9b:ce:f3:91:
                    6a:44:80:12:26:1e:3a:bb:5a:e6:5e:bc:a4:1c:7b:
                    a5:81:c8:6e:7a:7f:6a:7d:61:ae:3a:27:79:9f:36:
                    ea:12:0c:84:c7:e2:01:a8:2b:16:9c:19:d6:c9:f7:
                    08:c0:eb:e9:82:ce:09:bd:e1:fa:6a:f7:7d:31:57:
                    c2:50:b8:1f:54:3a:e3:cc:34:49:4a:ca:c6:62:0f:
                    5e:a1:b1:89:34:c5:55:56:e5:7e:3b:dd:c4:f5:6d:
                    fb:b9:b2:d9:11:83:b5:3e:e7:d0:2a:4d:ce:f9:67:
                    59:9a:21:27:ab:7c:77:ba:3d:46:24:f5:86:1e:02:
                    c5:98:71:22:c8:b5:c6:2c:d5:3f:93:39:24:80:7f:
                    76:88:49:44:a1:eb:43:1c:8f:7c:2d:b3:7f:40:f4:
                    2c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:34:D4:7D:8D:FB:1A:3A:56:FC:C4:49:D5:E2:7E:00:EF:22:9F:40
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0zTUfY37GjpW_MRJ1eJ-AO8in0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:85:3d:78:ab:21:0c:bb:f5:a1:d9:42:3e:15:a3:4c:71:a0:
         08:ce:5b:9c:04:64:e6:80:c7:ec:55:60:4b:2d:1e:27:d0:24:
         62:f4:af:98:ad:15:ca:79:d2:40:ab:93:c0:c7:b7:ec:bf:aa:
         52:da:cd:1c:4f:d5:02:f1:63:89:db:65:92:5e:b4:d9:2f:a0:
         10:0b:d5:76:b7:ac:bd:35:56:a9:2a:eb:5f:ac:0a:0a:b5:e2:
         72:08:0d:ed:e2:19:f7:36:66:2a:3c:8c:13:4f:87:12:db:cb:
         ba:18:56:09:20:03:b0:80:c2:65:07:ed:ab:d8:37:1c:d6:a2:
         d3:83:fe:c3:2e:5a:06:1c:40:d1:09:41:1e:4c:44:58:30:7e:
         ca:3d:d3:65:82:b5:66:86:83:62:21:d0:23:7d:01:e7:02:ed:
         96:55:eb:ba:2e:6e:3c:03:bf:76:42:f1:b8:9c:14:ea:5e:39:
         df:c2:7f:20:d6:ec:47:f8:13:02:e2:26:8c:34:4e:15:18:1f:
         21:2c:1f:b8:31:68:7d:c0:e0:7b:29:b8:d7:45:f9:33:74:ef:
         ab:1e:48:5c:fc:a1:cd:2a:3f:da:0b:04:15:f9:02:6b:a6:b5:
         56:50:33:a5:99:11:87:63:7e:f6:ae:64:ee:a1:52:75:02:67:
         6c:83:16:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6eBVoIugo9jM3sMXgt41PhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA2MTc0MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzM0ZDQ3ZDhkZmIxYTNhNTZmY2M0NDlkNWUyN2UwMGVmMjI5ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoizjcF2K/Zt3Y5eV4XhnbljDnn3j
/AP6RVqFmIxKHtIWlkaRjNspxc3rw0o/f4iGHpdjwZUWG/gkNE8PnNfjubvOzZSa
TPQ+c+J1snjFRGXlcE8m4JzycrGf7f9gv3oKD6WN/pvO85FqRIASJh46u1rmXryk
HHulgchuen9qfWGuOid5nzbqEgyEx+IBqCsWnBnWyfcIwOvpgs4JveH6avd9MVfC
ULgfVDrjzDRJSsrGYg9eobGJNMVVVuV+O93E9W37ubLZEYO1PufQKk3O+WdZmiEn
q3x3uj1GJPWGHgLFmHEiyLXGLNU/kzkkgH92iElEoetDHI98LbN/QPQsgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNM01H2N+xo6VvzESdXifgDvIp9AMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMHpUVWZZMzdHanBXX01SSjFlSi1BTzhpbjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH028MA0G
CSqGSIb3DQEBCwUAA4IBAQCDhT14qyEMu/Wh2UI+FaNMcaAIzlucBGTmgMfsVWBL
LR4n0CRi9K+YrRXKedJAq5PAx7fsv6pS2s0cT9UC8WOJ22WSXrTZL6AQC9V2t6y9
NVapKutfrAoKteJyCA3t4hn3NmYqPIwTT4cS28u6GFYJIAOwgMJlB+2r2Dcc1qLT
g/7DLloGHEDRCUEeTERYMH7KPdNlgrVmhoNiIdAjfQHnAu2WVeu6Lm48A792QvG4
nBTqXjnfwn8g1uxH+BMC4iaMNE4VGB8hLB+4MWh9wOB7KbjXRfkzdO+rHkhc/KHN
Kj/aCwQV+QJrprVWUDOlmRGHY372rmTuoVJ1AmdsgxYT
-----END CERTIFICATE-----