Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7Iur3OYLdUEHSPf8cFS2nNhB6AM.roa
File:                     7Iur3OYLdUEHSPf8cFS2nNhB6AM.roa (raw, json)
Hash identifier:          u+XG6afNtCFFBgmxaec7bkeT0ho/lT0T8N9iMpWlQxQ=
Subject key identifier:   EC:8B:AB:DC:E6:0B:75:41:07:48:F7:FC:70:54:B6:9C:D8:41:E8:03
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EA5510573A182FB40D9EBDAACBEEA662D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7Iur3OYLdUEHSPf8cFS2nNhB6AM.roa
Signing time:             Mon 08 Jun 2026 03:40:10 +0000
ROA not before:           Mon 08 Jun 2026 03:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49791
IP address blocks:        31.77.72.0/24 maxlen: 24
                          150.241.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:51:05:73:a1:82:fb:40:d9:eb:da:ac:be:ea:66:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  8 03:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec8babdce60b75410748f7fc7054b69cd841e803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ca:79:4f:4c:a9:97:0e:9e:9d:ab:90:c7:25:
                    e0:55:16:3a:6e:62:6c:92:c0:64:4c:27:fe:71:23:
                    68:47:62:9c:b6:d2:f1:d7:6d:73:e9:70:fa:90:9b:
                    92:e4:5b:3f:c5:6b:e1:c7:75:6a:d0:f8:27:7d:ca:
                    00:19:04:5d:27:61:72:70:be:7d:75:dc:33:bb:dc:
                    7d:93:1b:79:41:f6:1e:60:88:d1:a0:8f:d1:58:c7:
                    46:8d:a8:08:e3:32:2c:14:ce:69:2a:61:94:de:2c:
                    e0:27:1f:e8:9a:dd:43:99:c2:a4:29:5a:3b:42:7d:
                    75:5e:5c:a9:55:54:5b:7d:dc:6b:de:d2:67:c5:cc:
                    36:a0:4c:bc:d0:0a:71:0f:c2:1e:df:18:25:d1:9b:
                    68:38:64:38:db:58:7a:5f:bf:83:ad:23:e5:af:08:
                    f7:79:67:ba:e8:be:25:ba:88:92:d1:43:d4:74:3f:
                    b6:e7:7b:f5:7c:4b:81:53:1b:66:4c:7a:36:b0:b6:
                    b9:5a:32:1e:5d:fb:27:d3:85:96:62:d2:a5:1a:0f:
                    50:cd:1a:bd:7f:1a:2a:ff:7b:78:c1:d5:53:c2:1b:
                    25:3e:5d:7f:ef:aa:e7:ae:ef:7e:72:61:14:74:6f:
                    e8:d4:0b:ac:8b:ec:75:b7:db:ed:41:3e:b8:89:0e:
                    c7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:8B:AB:DC:E6:0B:75:41:07:48:F7:FC:70:54:B6:9C:D8:41:E8:03
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/7Iur3OYLdUEHSPf8cFS2nNhB6AM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.72.0/24
                  150.241.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:5d:83:dc:23:d0:9f:b4:47:f3:04:2d:36:72:b8:b2:f2:df:
         da:17:4e:46:5e:3f:24:9c:e2:85:3c:6c:b0:f4:6d:38:fc:7e:
         9b:d0:06:1e:9f:78:32:49:15:1d:63:a9:c1:9e:b7:7f:71:82:
         ff:27:b1:fd:86:95:b6:51:59:df:60:f3:ae:d4:e2:dd:9c:60:
         9e:78:77:11:33:c4:94:bd:8f:b9:5d:66:da:46:90:5b:e1:89:
         d7:25:2a:6a:0c:ad:5a:ea:a9:ce:ba:a1:4e:6f:98:a1:e0:69:
         bb:ea:42:b3:38:ad:04:76:6d:bd:5a:2f:80:a5:23:1b:85:b6:
         1a:03:ca:1d:96:11:f5:99:14:d1:c2:76:ac:e4:18:94:86:4e:
         d8:25:3c:fc:55:73:99:6a:59:0d:64:33:0c:47:1e:0d:98:95:
         4b:56:af:ca:04:2b:b4:c4:13:af:ca:e3:9b:c7:11:f9:a0:70:
         51:6a:47:81:f7:eb:f2:ec:00:07:10:c2:4d:06:8f:23:86:74:
         92:47:ea:61:a6:f0:cd:d4:df:0d:05:4f:9c:61:12:ab:42:97:
         f8:0e:96:9a:5a:c3:d4:54:a6:59:59:53:03:0e:ad:ca:b3:4f:
         3e:c2:3c:15:4a:0d:b4:50:f4:77:1a:40:59:55:4c:3a:a5:1f:
         0e:13:a3:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6lUQVzoYL7QNnr2qy+6mYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA4MDM0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzhiYWJkY2U2MGI3NTQxMDc0OGY3ZmM3MDU0YjY5Y2Q4NDFlODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcp5T0yplw6enauQxyXgVRY6bmJs
ksBkTCf+cSNoR2KcttLx121z6XD6kJuS5Fs/xWvhx3Vq0PgnfcoAGQRdJ2FycL59
ddwzu9x9kxt5QfYeYIjRoI/RWMdGjagI4zIsFM5pKmGU3izgJx/omt1DmcKkKVo7
Qn11XlypVVRbfdxr3tJnxcw2oEy80ApxD8Ie3xgl0ZtoOGQ421h6X7+DrSPlrwj3
eWe66L4luoiS0UPUdD+253v1fEuBUxtmTHo2sLa5WjIeXfsn04WWYtKlGg9QzRq9
fxoq/3t4wdVTwhslPl1/76rnru9+cmEUdG/o1Ausi+x1t9vtQT64iQ7HMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOyLq9zmC3VBB0j3/HBUtpzYQegDMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvN0l1cjNPWUxkVUVIU1BmOGNGUzJuTmhCNkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH01IAwQA
lvF6MA0GCSqGSIb3DQEBCwUAA4IBAQCMXYPcI9CftEfzBC02criy8t/aF05GXj8k
nOKFPGyw9G04/H6b0AYen3gySRUdY6nBnrd/cYL/J7H9hpW2UVnfYPOu1OLdnGCe
eHcRM8SUvY+5XWbaRpBb4YnXJSpqDK1a6qnOuqFOb5ih4Gm76kKzOK0Edm29Wi+A
pSMbhbYaA8odlhH1mRTRwnas5BiUhk7YJTz8VXOZalkNZDMMRx4NmJVLVq/KBCu0
xBOvyuObxxH5oHBRakeB9+vy7AAHEMJNBo8jhnSSR+phpvDN1N8NBU+cYRKrQpf4
DpaaWsPUVKZZWVMDDq3Ks08+wjwVSg20UPR3GkBZVUw6pR8OE6MX
-----END CERTIFICATE-----