Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Gg-D05fY_PXw7URmlD7W3NtsrdM.roa
File:                     Gg-D05fY_PXw7URmlD7W3NtsrdM.roa (raw, json)
Hash identifier:          0q8ZXivshI0CXSubXCWffmDvt0wrzhGkgGtQQWcVvHU=
Subject key identifier:   1A:0F:83:D3:97:D8:FC:F5:F0:ED:44:66:94:3E:D6:DC:DB:6C:AD:D3
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E7AE8F950BE93EB0B456C0A1A7AFA3746
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Gg-D05fY_PXw7URmlD7W3NtsrdM.roa
Signing time:             Sat 30 May 2026 22:02:28 +0000
ROA not before:           Sat 30 May 2026 22:02:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402533
IP address blocks:        31.77.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7a:e8:f9:50:be:93:eb:0b:45:6c:0a:1a:7a:fa:37:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 30 22:02:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a0f83d397d8fcf5f0ed4466943ed6dcdb6cadd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2d:bd:0b:a5:60:9a:04:1a:18:0d:aa:87:e2:
                    29:2c:d8:a7:6a:b2:e6:6b:10:26:6b:b9:0b:89:e8:
                    08:4e:29:2f:8e:ea:49:b4:1f:59:86:2d:36:aa:e4:
                    c2:90:96:fc:fd:3e:39:4a:0b:fb:65:04:17:f6:18:
                    a8:6c:c2:7c:01:f5:ce:4f:99:8c:c3:57:12:01:f7:
                    b9:a3:15:a4:45:1c:18:ec:d7:8d:41:f6:21:e6:e6:
                    9c:2f:8f:2e:c7:78:c1:da:7f:f9:05:4d:1b:6d:62:
                    79:36:56:0d:62:23:38:af:32:3a:13:5a:e5:4b:df:
                    d4:6d:a1:70:b4:f8:ab:cf:a9:32:11:9c:e0:bd:76:
                    1f:f3:e1:b7:bc:7c:8d:27:70:0d:fd:02:3f:5c:37:
                    19:0c:df:97:d3:ba:c7:cd:e8:d1:78:8d:99:fa:62:
                    16:76:57:f0:f7:f7:ae:6b:68:fa:c1:05:c6:9a:4f:
                    9a:33:d4:16:ec:3e:64:87:b0:95:77:ad:47:76:75:
                    f6:5a:a1:f3:28:74:fa:8a:b4:98:2b:2c:a3:b0:e2:
                    4b:61:74:e3:26:4c:0f:a8:db:d8:0a:ae:5a:df:f2:
                    a0:24:39:e1:9a:c7:35:ad:ab:b5:16:7b:f8:09:94:
                    59:70:25:cf:37:18:50:9e:ad:e3:2d:7d:66:c5:2e:
                    4a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:0F:83:D3:97:D8:FC:F5:F0:ED:44:66:94:3E:D6:DC:DB:6C:AD:D3
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Gg-D05fY_PXw7URmlD7W3NtsrdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:62:ee:ba:c2:27:cb:76:ca:ca:23:33:b2:f1:88:9b:4d:e4:
         90:f2:41:12:0c:2e:7b:71:bc:de:00:fe:87:ec:13:2b:2f:14:
         c4:2a:26:db:eb:6b:90:b2:a4:e0:94:24:b4:e1:c7:c3:e0:94:
         22:23:55:14:34:7e:6f:0b:40:34:a4:14:35:b1:d8:17:e6:10:
         e5:fe:0f:76:0b:36:eb:62:67:89:45:a9:c6:bb:4c:b1:ff:e0:
         94:85:ab:d9:89:3c:16:94:53:e5:3a:f7:03:8e:25:dc:b1:64:
         ff:ae:0a:6b:2b:29:b7:e7:65:fa:e3:9c:d5:30:e5:0d:ec:d2:
         48:fe:98:8e:bd:ec:6f:39:1a:ab:02:13:90:be:78:cf:b8:e0:
         84:17:6f:8d:ef:16:d8:21:1c:5b:32:26:ca:4b:80:e6:3e:67:
         6f:10:6f:e4:2b:9c:74:47:04:c2:77:a3:a5:43:dd:fc:05:c9:
         4e:b1:7d:fe:e5:17:3e:a7:4d:d1:dc:9d:42:74:f3:57:bb:f2:
         c3:70:80:ac:27:56:8d:a0:93:78:a7:9a:18:90:51:f5:db:10:
         b6:83:64:af:fd:b5:f1:63:0e:74:f6:05:42:1b:2a:e7:5e:d5:
         ed:e9:44:0b:c7:56:e0:d1:76:99:84:41:9c:b7:27:15:bf:f5:
         3b:bb:8e:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ566PlQvpPrC0VsChp6+jdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTMwMjIwMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTBmODNkMzk3ZDhmY2Y1ZjBlZDQ0NjY5NDNlZDZkY2RiNmNhZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0C29C6VgmgQaGA2qh+IpLNinarLm
axAma7kLiegITikvjupJtB9Zhi02quTCkJb8/T45Sgv7ZQQX9hiobMJ8AfXOT5mM
w1cSAfe5oxWkRRwY7NeNQfYh5uacL48ux3jB2n/5BU0bbWJ5NlYNYiM4rzI6E1rl
S9/UbaFwtPirz6kyEZzgvXYf8+G3vHyNJ3AN/QI/XDcZDN+X07rHzejReI2Z+mIW
dlfw9/eua2j6wQXGmk+aM9QW7D5kh7CVd61HdnX2WqHzKHT6irSYKyyjsOJLYXTj
JkwPqNvYCq5a3/KgJDnhmsc1rau1Fnv4CZRZcCXPNxhQnq3jLX1mxS5KLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoPg9OX2Pz18O1EZpQ+1tzbbK3TMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvR2ctRDA1ZllfUFh3N1VSbWxEN1czTnRzcmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH01lMA0G
CSqGSIb3DQEBCwUAA4IBAQCZYu66wifLdsrKIzOy8YibTeSQ8kESDC57cbzeAP6H
7BMrLxTEKibb62uQsqTglCS04cfD4JQiI1UUNH5vC0A0pBQ1sdgX5hDl/g92Czbr
YmeJRanGu0yx/+CUhavZiTwWlFPlOvcDjiXcsWT/rgprKym352X645zVMOUN7NJI
/piOvexvORqrAhOQvnjPuOCEF2+N7xbYIRxbMibKS4DmPmdvEG/kK5x0RwTCd6Ol
Q938BclOsX3+5Rc+p03R3J1CdPNXu/LDcICsJ1aNoJN4p5oYkFH12xC2g2Sv/bXx
Yw509gVCGyrnXtXt6UQLx1bg0XaZhEGctycVv/U7u44M
-----END CERTIFICATE-----