Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5YvsHRXj9_CSaXSj-y6oliCBfnc.roa
File:                     5YvsHRXj9_CSaXSj-y6oliCBfnc.roa (raw, json)
Hash identifier:          Vgeuej6n052vhIls867T/pcH1ckmm2F/LvttRa02SIc=
Subject key identifier:   E5:8B:EC:1D:15:E3:F7:F0:92:69:74:A3:FB:2E:A8:96:20:81:7E:77
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DDA5AB257EFD3D998FB2A2E17152BFD1A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5YvsHRXj9_CSaXSj-y6oliCBfnc.roa
Signing time:             Wed 29 Apr 2026 17:47:50 +0000
ROA not before:           Wed 29 Apr 2026 17:47:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        31.77.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:5a:b2:57:ef:d3:d9:98:fb:2a:2e:17:15:2b:fd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 29 17:47:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e58bec1d15e3f7f0926974a3fb2ea89620817e77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:94:2c:18:97:00:6a:47:d8:3f:a7:42:e7:
                    30:60:f2:87:6b:9c:db:5b:d7:6f:17:dd:2d:84:a0:
                    fc:0e:5c:61:ab:e1:6f:7e:94:73:73:54:5d:6e:69:
                    e5:a6:2a:c1:ac:27:0a:d8:b4:b6:16:26:b3:46:89:
                    62:ec:94:9a:26:3d:b4:b2:2a:f2:fb:51:f1:b2:a2:
                    a2:9d:f0:3e:fa:91:1e:a0:73:93:05:30:78:13:ab:
                    d3:f5:54:bf:92:31:6a:7b:91:bb:2b:9c:ba:89:b8:
                    12:d5:61:66:e6:c2:ad:d4:69:dd:73:14:d9:1a:22:
                    b8:37:28:d7:4b:88:5f:b7:40:7c:c9:e8:20:a2:72:
                    cf:3d:98:39:1c:f0:a0:1e:b1:01:25:f3:a9:ce:2b:
                    ff:18:c9:43:84:98:b1:23:60:09:64:76:18:0a:03:
                    11:31:f7:a7:38:6a:89:9f:10:7a:05:24:18:e5:d4:
                    8e:d2:2f:10:a2:d1:cc:d8:24:2c:c2:d5:db:af:67:
                    81:4f:fa:af:ba:83:c4:e2:53:40:19:c4:89:6a:51:
                    fc:5c:f1:8f:3b:b6:9a:d5:c8:25:a6:51:54:18:e1:
                    1a:97:31:d4:ea:50:ce:19:aa:3a:b0:d1:c0:90:89:
                    0c:c8:51:b6:13:48:93:ed:84:d9:f9:c5:38:c8:1b:
                    97:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8B:EC:1D:15:E3:F7:F0:92:69:74:A3:FB:2E:A8:96:20:81:7E:77
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5YvsHRXj9_CSaXSj-y6oliCBfnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a8:c4:a4:47:45:c8:d9:6e:c4:12:e3:e6:3e:1f:79:2f:fe:
         89:a4:37:22:9e:20:4e:3e:18:1c:f5:de:6d:11:bf:7c:7b:20:
         12:89:d0:48:8a:4f:b5:c3:e5:e7:8c:6b:3d:ae:db:bd:ac:87:
         90:d6:65:fd:ba:bd:a3:03:c3:c5:82:74:a5:02:60:9a:47:49:
         53:2a:20:b3:74:0c:ce:18:1d:d3:31:85:70:aa:97:04:ce:ad:
         03:80:5a:cb:36:fd:29:65:08:e2:ea:29:79:d2:9a:52:85:a4:
         c6:62:6d:01:4b:61:23:b2:67:de:63:11:e3:79:c5:30:1b:13:
         ec:be:b6:11:7b:b5:09:ba:b4:f3:b0:cb:e2:62:86:90:21:b2:
         5c:a1:cc:32:35:c4:88:29:41:ba:99:ba:9c:99:0d:74:c5:4e:
         b1:ec:24:ae:1c:f2:3a:27:58:e4:81:72:37:1b:33:9c:d1:e0:
         d4:3c:61:bb:ca:7e:e2:8a:45:fd:00:40:96:31:fd:e2:e5:c1:
         73:2a:c5:f7:8c:a3:1b:9e:13:3e:81:11:d9:a1:8b:e9:73:c9:
         20:43:08:e8:02:d3:cf:7b:d3:b1:ea:c0:b2:32:36:75:20:2e:
         7d:a4:cf:09:12:58:be:29:cb:86:d1:c5:22:12:ab:59:1e:c1:
         85:21:80:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3aWrJX79PZmPsqLhcVK/0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI5MTc0NzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThiZWMxZDE1ZTNmN2YwOTI2OTc0YTNmYjJlYTg5NjIwODE3ZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCGULBiXAGpH2D+nQucwYPKHa5zb
W9dvF90thKD8Dlxhq+FvfpRzc1RdbmnlpirBrCcK2LS2FiazRoli7JSaJj20siry
+1HxsqKinfA++pEeoHOTBTB4E6vT9VS/kjFqe5G7K5y6ibgS1WFm5sKt1GndcxTZ
GiK4NyjXS4hft0B8yeggonLPPZg5HPCgHrEBJfOpziv/GMlDhJixI2AJZHYYCgMR
MfenOGqJnxB6BSQY5dSO0i8QotHM2CQswtXbr2eBT/qvuoPE4lNAGcSJalH8XPGP
O7aa1cglplFUGOEalzHU6lDOGao6sNHAkIkMyFG2E0iT7YTZ+cU4yBuX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWL7B0V4/fwkml0o/suqJYggX53MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNVl2c0hSWGo5X0NTYVhTai15Nm9saUNCZm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03/MA0G
CSqGSIb3DQEBCwUAA4IBAQCKqMSkR0XI2W7EEuPmPh95L/6JpDciniBOPhgc9d5t
Eb98eyASidBIik+1w+XnjGs9rtu9rIeQ1mX9ur2jA8PFgnSlAmCaR0lTKiCzdAzO
GB3TMYVwqpcEzq0DgFrLNv0pZQji6il50ppShaTGYm0BS2EjsmfeYxHjecUwGxPs
vrYRe7UJurTzsMviYoaQIbJcocwyNcSIKUG6mbqcmQ10xU6x7CSuHPI6J1jkgXI3
GzOc0eDUPGG7yn7iikX9AECWMf3i5cFzKsX3jKMbnhM+gRHZoYvpc8kgQwjoAtPP
e9Ox6sCyMjZ1IC59pM8JEli+KcuG0cUiEqtZHsGFIYAt
-----END CERTIFICATE-----