Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3pNmrwnL0d9jBofzceJUhRBqUb4.roa
File:                     3pNmrwnL0d9jBofzceJUhRBqUb4.roa (raw, json)
Hash identifier:          bhfE0DrOS04sI3ew8Gw+3geeR+gbPKPj9d8QGUY9cUA=
Subject key identifier:   DE:93:66:AF:09:CB:D1:DF:63:06:87:F3:71:E2:54:85:10:6A:51:BE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E6A38329D16CE72500D336D5EE5296F1A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3pNmrwnL0d9jBofzceJUhRBqUb4.roa
Signing time:             Wed 27 May 2026 16:15:28 +0000
ROA not before:           Wed 27 May 2026 16:15:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212027
IP address blocks:        31.77.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:38:32:9d:16:ce:72:50:0d:33:6d:5e:e5:29:6f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 27 16:15:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de9366af09cbd1df630687f371e25485106a51be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:31:a8:ed:98:a0:de:05:6e:0c:ef:fb:ab:a5:
                    de:77:b3:30:7e:37:a9:9d:35:ec:c5:d7:e3:88:83:
                    5c:39:d0:7e:d0:0f:79:e2:df:d8:b0:ba:0d:d5:18:
                    58:12:61:fb:80:3f:54:99:0b:d3:77:7c:78:51:10:
                    6d:6f:61:95:64:1c:28:cf:19:b8:e5:27:ff:e4:a6:
                    55:c2:d0:e1:63:94:70:f4:4e:bc:8c:bb:8b:3d:9b:
                    73:50:1a:ad:03:86:3f:4a:08:c3:87:06:e1:68:8f:
                    72:90:3e:d1:30:45:cc:99:61:16:96:26:c8:c7:5f:
                    dd:d1:f3:0b:07:99:c6:db:7c:a6:44:7d:d1:20:03:
                    fd:e5:e0:08:e9:0b:8f:28:db:bd:32:65:a4:70:16:
                    b3:7d:2c:17:d2:97:fe:c3:e7:45:bc:a8:f6:a2:cb:
                    95:01:d3:15:af:2c:4a:f9:16:af:09:15:5d:7c:2f:
                    8d:f9:71:19:22:75:9f:45:53:1f:e8:9b:86:c9:5e:
                    76:4a:e7:54:e2:23:51:10:3b:2c:a6:4e:ee:67:3e:
                    15:ed:4a:04:c4:07:be:de:75:1e:9f:b3:fb:99:77:
                    23:01:f8:13:84:90:f7:55:8d:22:7b:32:2b:f3:03:
                    11:d7:44:07:a0:a6:55:d4:4d:37:32:fa:38:a6:da:
                    c0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:93:66:AF:09:CB:D1:DF:63:06:87:F3:71:E2:54:85:10:6A:51:BE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3pNmrwnL0d9jBofzceJUhRBqUb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:2c:2b:a6:3b:98:22:e3:50:f0:cd:c2:8a:21:b9:da:07:9d:
         65:4d:87:8f:bd:c9:55:92:f3:4d:72:1b:f3:4c:9d:e5:ad:58:
         69:08:f0:ba:c3:ad:93:d6:45:da:6a:2e:56:39:7f:a9:07:c5:
         2b:f0:07:fe:63:4b:59:50:49:2d:bb:f5:fa:e8:f3:f4:ea:7c:
         c8:c9:9d:5d:88:cf:c0:1d:6d:99:cc:41:a3:20:ff:dd:7e:d4:
         9b:e0:6c:ef:9d:ee:0e:a6:72:5b:23:a6:bd:6d:80:9e:4b:4a:
         4d:c5:a2:aa:ed:fe:88:fe:2e:fc:72:bf:da:cb:23:90:cf:99:
         54:37:14:b7:e4:b0:26:63:a3:e6:ba:0a:9a:4e:b9:0c:db:c3:
         a5:0b:92:f3:2c:cd:42:16:09:b5:62:e2:4d:5e:71:bb:7e:8d:
         63:f7:fc:e8:87:29:6f:b6:bb:ad:81:d9:89:82:04:c8:28:61:
         33:6b:eb:4b:50:9f:2c:b6:7c:d4:de:37:81:bc:98:ab:05:71:
         4e:cd:ab:d2:58:dd:33:69:24:37:90:c8:76:ee:e5:c1:09:83:
         e7:72:e0:55:74:ce:5a:3c:1d:45:6b:82:11:39:e5:90:1f:25:
         ab:f0:96:bd:95:04:e8:ff:c0:b0:0b:4e:b1:b9:a6:d5:c4:91:
         aa:7d:89:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5qODKdFs5yUA0zbV7lKW8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI3MTYxNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTkzNjZhZjA5Y2JkMWRmNjMwNjg3ZjM3MWUyNTQ4NTEwNmE1MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjGo7Zig3gVuDO/7q6Xed7Mwfjep
nTXsxdfjiINcOdB+0A954t/YsLoN1RhYEmH7gD9UmQvTd3x4URBtb2GVZBwozxm4
5Sf/5KZVwtDhY5Rw9E68jLuLPZtzUBqtA4Y/SgjDhwbhaI9ykD7RMEXMmWEWlibI
x1/d0fMLB5nG23ymRH3RIAP95eAI6QuPKNu9MmWkcBazfSwX0pf+w+dFvKj2osuV
AdMVryxK+RavCRVdfC+N+XEZInWfRVMf6JuGyV52SudU4iNREDsspk7uZz4V7UoE
xAe+3nUen7P7mXcjAfgThJD3VY0iezIr8wMR10QHoKZV1E03Mvo4ptrAYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6TZq8Jy9HfYwaH83HiVIUQalG+MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM3BObXJ3bkwwZDlqQm9memNlSlVoUkJxVWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03zMA0G
CSqGSIb3DQEBCwUAA4IBAQBrLCumO5gi41DwzcKKIbnaB51lTYePvclVkvNNchvz
TJ3lrVhpCPC6w62T1kXaai5WOX+pB8Ur8Af+Y0tZUEktu/X66PP06nzIyZ1diM/A
HW2ZzEGjIP/dftSb4Gzvne4OpnJbI6a9bYCeS0pNxaKq7f6I/i78cr/ayyOQz5lU
NxS35LAmY6PmugqaTrkM28OlC5LzLM1CFgm1YuJNXnG7fo1j9/zohylvtrutgdmJ
ggTIKGEza+tLUJ8stnzU3jeBvJirBXFOzavSWN0zaSQ3kMh27uXBCYPncuBVdM5a
PB1Fa4IROeWQHyWr8Ja9lQTo/8CwC06xuabVxJGqfYmo
-----END CERTIFICATE-----