Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AzirPL0-LV_i6Tu8WViBl9pCZtY.roa
File:                     AzirPL0-LV_i6Tu8WViBl9pCZtY.roa (raw, json)
Hash identifier:          95krdv0jB2rSORSjWqKOsDVS1YS41YM5sxtMGkQ1myw=
Subject key identifier:   03:38:AB:3C:BD:3E:2D:5F:E2:E9:3B:BC:59:58:81:97:DA:42:66:D6
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF52C3D3AFFB468FDB2A0E891CC8725D0
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AzirPL0-LV_i6Tu8WViBl9pCZtY.roa
Signing time:             Mon 04 May 2026 22:46:50 +0000
ROA not before:           Mon 04 May 2026 22:46:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200173
IP address blocks:        31.77.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f5:2c:3d:3a:ff:b4:68:fd:b2:a0:e8:91:cc:87:25:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  4 22:46:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0338ab3cbd3e2d5fe2e93bbc59588197da4266d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:99:6d:a8:25:f0:a1:86:b1:82:26:81:46:72:
                    70:5b:46:5f:2c:e4:c0:ff:f5:ef:3d:5e:14:50:ab:
                    cc:82:4e:74:c9:15:d0:92:5f:06:ff:d3:9e:cc:5c:
                    47:39:d7:67:a5:dd:18:14:f5:d8:55:ff:1e:01:de:
                    1a:60:f6:b8:27:8c:ab:41:b9:82:d8:98:63:7f:50:
                    80:46:03:69:96:af:b5:02:23:13:9a:ff:75:ab:91:
                    eb:16:30:cc:3b:da:20:d4:cd:66:bb:c0:da:e6:8a:
                    d1:cc:b7:e4:9b:7d:45:f8:51:1b:4e:60:68:cd:fe:
                    b6:fe:18:19:c6:9f:d0:79:25:8a:08:70:db:45:3d:
                    12:a0:6d:1f:d1:23:71:1e:50:8b:69:9b:62:d1:d1:
                    f0:8c:6f:fb:5e:a5:73:1e:c1:9f:66:62:b9:dd:79:
                    69:da:f8:9b:b4:a0:56:74:4b:37:05:25:06:67:47:
                    b1:48:b0:57:72:68:4c:35:ca:8b:0c:4a:bd:6b:b6:
                    be:4c:07:e1:09:e5:da:9a:c6:55:22:05:5e:63:8f:
                    12:fd:d6:99:5c:60:44:74:81:d8:0c:71:06:d1:ed:
                    1d:7b:cc:e1:ed:60:ee:d7:52:1f:d4:41:40:d3:d9:
                    2e:75:9b:77:1e:d8:06:97:7b:b0:83:3f:b0:1b:13:
                    35:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:38:AB:3C:BD:3E:2D:5F:E2:E9:3B:BC:59:58:81:97:DA:42:66:D6
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/AzirPL0-LV_i6Tu8WViBl9pCZtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4a:25:ff:12:25:22:a4:27:cd:fd:32:67:30:d8:65:88:d6:
         48:f8:27:a8:4a:cb:7a:26:a5:b1:16:cb:13:1b:7f:82:22:ee:
         7b:30:5a:07:8d:f8:9d:5d:fa:39:5c:43:6e:b0:cd:ed:13:a4:
         68:06:69:cf:cd:35:db:6b:24:46:56:e4:89:9a:8e:54:be:07:
         10:bd:f3:05:29:33:59:e4:b4:a9:a4:54:4a:21:de:dc:4a:18:
         54:c8:b6:c5:aa:e3:8c:bb:ad:69:db:7f:b9:88:c6:d3:35:dc:
         dd:fd:5b:ed:87:a3:81:2c:f4:96:68:5e:cd:87:c6:51:2f:17:
         62:6e:d8:ac:91:de:94:50:01:76:7c:7b:ba:41:41:80:82:08:
         de:4b:2e:9e:f5:8c:18:d7:c9:6a:30:31:18:36:82:c8:38:9c:
         c1:47:b0:f7:21:0c:ef:c1:b2:74:b9:6c:ba:45:e0:f0:1d:a7:
         1e:47:70:04:1c:8a:f7:f7:45:33:de:9a:e3:d6:05:8a:50:1c:
         86:83:f6:30:c9:c0:e4:60:5c:22:46:ed:fb:54:6b:2f:c0:db:
         a3:8e:8f:9b:87:1d:a3:63:9e:a7:cc:28:47:eb:47:b9:2a:b0:
         6d:09:35:18:5b:4a:4e:62:ed:40:cb:08:8e:94:2f:1b:b4:67:
         67:26:44:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ31LD06/7Ro/bKg6JHMhyXQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA0MjI0NjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM4YWIzY2JkM2UyZDVmZTJlOTNiYmM1OTU4ODE5N2RhNDI2NmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pltqCXwoYaxgiaBRnJwW0ZfLOTA
//XvPV4UUKvMgk50yRXQkl8G/9OezFxHOddnpd0YFPXYVf8eAd4aYPa4J4yrQbmC
2Jhjf1CARgNplq+1AiMTmv91q5HrFjDMO9og1M1mu8Da5orRzLfkm31F+FEbTmBo
zf62/hgZxp/QeSWKCHDbRT0SoG0f0SNxHlCLaZti0dHwjG/7XqVzHsGfZmK53Xlp
2vibtKBWdEs3BSUGZ0exSLBXcmhMNcqLDEq9a7a+TAfhCeXamsZVIgVeY48S/daZ
XGBEdIHYDHEG0e0de8zh7WDu11If1EFA09kudZt3HtgGl3uwgz+wGxM1XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAM4qzy9Pi1f4uk7vFlYgZfaQmbWMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQXppclBMMC1MVl9pNlR1OFdWaUJsOXBDWnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH01JMA0G
CSqGSIb3DQEBCwUAA4IBAQAhSiX/EiUipCfN/TJnMNhliNZI+CeoSst6JqWxFssT
G3+CIu57MFoHjfidXfo5XENusM3tE6RoBmnPzTXbayRGVuSJmo5UvgcQvfMFKTNZ
5LSppFRKId7cShhUyLbFquOMu61p23+5iMbTNdzd/Vvth6OBLPSWaF7Nh8ZRLxdi
btiskd6UUAF2fHu6QUGAggjeSy6e9YwY18lqMDEYNoLIOJzBR7D3IQzvwbJ0uWy6
ReDwHaceR3AEHIr390Uz3prj1gWKUByGg/YwycDkYFwiRu37VGsvwNujjo+bhx2j
Y56nzChH60e5KrBtCTUYW0pOYu1AywiOlC8btGdnJkSR
-----END CERTIFICATE-----