Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1rMw9kIFJpNpEtnmTkobiEpPDnk.roa
File:                     1rMw9kIFJpNpEtnmTkobiEpPDnk.roa (raw, json)
Hash identifier:          912TVJ6Hq0ZdvwUnHdOvlW1ObzuMGEMCfc6Wq/fY1Yk=
Subject key identifier:   D6:B3:30:F6:42:05:26:93:69:12:D9:E6:4E:4A:1B:88:4A:4F:0E:79
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019ED153E81CB9AE857C0AB6AC8C56FBDB87
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1rMw9kIFJpNpEtnmTkobiEpPDnk.roa
Signing time:             Tue 16 Jun 2026 16:46:37 +0000
ROA not before:           Tue 16 Jun 2026 16:46:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202831
IP address blocks:        31.77.232.0/24 maxlen: 24
                          144.31.222.0/24 maxlen: 24
                          150.241.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:53:e8:1c:b9:ae:85:7c:0a:b6:ac:8c:56:fb:db:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 16 16:46:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6b330f6420526936912d9e64e4a1b884a4f0e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:65:61:df:f3:20:3b:60:2e:d2:7d:36:af:56:
                    f3:d7:78:1b:e4:ec:55:51:29:10:9a:ba:4b:02:c2:
                    ba:e0:a2:ba:55:d7:58:0d:1d:7c:a4:8c:c3:cc:3e:
                    8c:67:97:02:5f:1d:80:c9:5d:e1:36:7f:cc:17:ac:
                    57:3f:05:aa:a1:b3:70:2c:2d:6d:ae:7d:e2:06:07:
                    fe:20:7f:5f:b1:23:f9:45:15:3b:88:f0:9e:91:cd:
                    a7:d3:9d:36:d1:12:79:03:81:65:59:94:6d:bf:94:
                    20:59:10:fc:0f:23:99:94:c7:e2:30:00:dd:72:0c:
                    33:64:f8:0f:c4:d1:8d:07:29:29:e4:42:63:b7:b4:
                    44:5f:d8:33:b0:36:ae:c1:e0:51:b2:35:77:f7:b7:
                    03:c6:dd:9b:5f:e2:ed:b3:f7:02:c9:5b:b1:ba:16:
                    fa:a3:8c:f5:a4:40:ac:6c:c4:d3:69:39:c0:dd:78:
                    e6:02:77:76:d4:10:41:63:be:7b:96:e0:2d:dd:9e:
                    2f:55:a0:76:25:b2:0e:fa:6d:e9:0f:2b:26:f3:db:
                    3d:82:a0:da:c6:1e:cc:71:c1:92:88:f0:a7:32:24:
                    10:67:ab:fa:4c:8b:1a:bb:d1:31:08:56:be:1e:92:
                    78:c5:74:f9:90:94:ae:d1:5b:2f:3a:f6:af:b2:3b:
                    88:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B3:30:F6:42:05:26:93:69:12:D9:E6:4E:4A:1B:88:4A:4F:0E:79
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1rMw9kIFJpNpEtnmTkobiEpPDnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.232.0/24
                  144.31.222.0/24
                  150.241.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:3b:88:69:e5:97:a1:fc:6a:92:8b:75:9e:f6:de:80:b2:73:
         37:e8:f5:84:09:c6:09:a9:a2:d2:a3:d5:8e:9a:65:64:8c:13:
         63:7b:29:77:a6:c4:dc:81:31:d4:ff:92:ce:81:93:d4:71:36:
         fa:08:58:45:e9:50:0c:5c:4c:84:b3:63:70:d0:4c:fe:e1:09:
         90:ea:91:90:e0:ff:d9:3c:19:41:17:51:27:f0:a2:ff:db:15:
         74:29:76:9f:0e:ac:5c:bc:e8:ef:35:99:54:4d:8f:7c:95:5e:
         cb:59:09:74:e5:62:11:ad:23:09:e2:4d:b5:19:3e:b2:ca:e3:
         2f:3a:88:29:03:0e:79:5a:55:31:16:83:4b:38:7f:9a:72:ae:
         e3:08:1d:5d:40:c8:99:06:c4:db:52:5b:13:26:7c:b3:9e:01:
         80:e0:96:29:ac:7f:d4:14:36:65:10:65:04:e6:63:01:3f:a8:
         52:91:55:6e:28:bd:9a:ff:43:b4:2e:10:2f:6a:31:86:87:ed:
         89:63:0e:d2:dd:e0:d5:17:22:7f:15:b9:88:1b:53:fd:18:a0:
         6f:34:41:2c:20:3f:c9:10:ea:20:4b:7d:47:47:62:42:8b:1b:
         ca:00:35:6e:22:c7:ec:9d:f7:40:1f:91:bc:45:d4:d4:ad:b8:
         10:ee:35:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7RU+gcua6FfAq2rIxW+9uHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE2MTY0NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmIzMzBmNjQyMDUyNjkzNjkxMmQ5ZTY0ZTRhMWI4ODRhNGYwZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmVh3/MgO2Au0n02r1bz13gb5OxV
USkQmrpLAsK64KK6VddYDR18pIzDzD6MZ5cCXx2AyV3hNn/MF6xXPwWqobNwLC1t
rn3iBgf+IH9fsSP5RRU7iPCekc2n05020RJ5A4FlWZRtv5QgWRD8DyOZlMfiMADd
cgwzZPgPxNGNBykp5EJjt7REX9gzsDauweBRsjV397cDxt2bX+Lts/cCyVuxuhb6
o4z1pECsbMTTaTnA3XjmAnd21BBBY757luAt3Z4vVaB2JbIO+m3pDysm89s9gqDa
xh7MccGSiPCnMiQQZ6v6TIsau9ExCFa+HpJ4xXT5kJSu0VsvOvavsjuI3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNazMPZCBSaTaRLZ5k5KG4hKTw55MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMXJNdzlrSUZKcE5wRXRubVRrb2JpRXBQRG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH03oAwQA
kB/eAwQAlvFVMA0GCSqGSIb3DQEBCwUAA4IBAQCdO4hp5Zeh/GqSi3We9t6AsnM3
6PWECcYJqaLSo9WOmmVkjBNjeyl3psTcgTHU/5LOgZPUcTb6CFhF6VAMXEyEs2Nw
0Ez+4QmQ6pGQ4P/ZPBlBF1En8KL/2xV0KXafDqxcvOjvNZlUTY98lV7LWQl05WIR
rSMJ4k21GT6yyuMvOogpAw55WlUxFoNLOH+acq7jCB1dQMiZBsTbUlsTJnyzngGA
4JYprH/UFDZlEGUE5mMBP6hSkVVuKL2a/0O0LhAvajGGh+2JYw7S3eDVFyJ/FbmI
G1P9GKBvNEEsID/JEOogS31HR2JCixvKADVuIsfsnfdAH5G8RdTUrbgQ7jUa
-----END CERTIFICATE-----