Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K4WNgqeLjYOytAlX7YiBrAqDrok.roa
File:                     K4WNgqeLjYOytAlX7YiBrAqDrok.roa (raw, json)
Hash identifier:          kzry4KAsvdfdb4l+6QEABnetfXZNlq6J3nz0BG08Vp8=
Subject key identifier:   2B:85:8D:82:A7:8B:8D:83:B2:B4:09:57:ED:88:81:AC:0A:83:AE:89
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E621583DBD159F149CDEBCF7B63D47194
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K4WNgqeLjYOytAlX7YiBrAqDrok.roa
Signing time:             Tue 26 May 2026 02:20:37 +0000
ROA not before:           Tue 26 May 2026 02:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154648
IP address blocks:        31.77.184.0/23 maxlen: 24
                          31.77.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:62:15:83:db:d1:59:f1:49:cd:eb:cf:7b:63:d4:71:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 26 02:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b858d82a78b8d83b2b40957ed8881ac0a83ae89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:81:67:eb:53:db:a2:7a:82:d5:d8:1a:79:97:
                    8a:5d:0f:f8:ab:9f:5d:ba:1c:83:83:75:52:3e:4e:
                    3a:c3:63:d0:74:21:4b:3d:3b:74:ec:b4:38:3f:ef:
                    03:de:61:94:88:3c:0b:97:aa:f6:34:68:82:06:23:
                    f8:ba:75:f7:15:cd:81:7c:74:75:bb:b9:b7:26:a9:
                    27:f3:c1:f6:bb:14:f8:c8:fb:d6:e5:46:0e:12:65:
                    f5:81:72:13:8f:a2:f3:36:00:f9:87:ac:39:18:6e:
                    18:8e:f6:57:da:a3:59:a3:ba:b1:a2:c9:e9:a0:c6:
                    cd:de:55:6c:30:10:85:34:a7:ee:64:e0:c8:14:32:
                    f5:c2:2b:ee:c7:d9:4a:f3:b7:df:9c:84:0e:83:c1:
                    44:2f:d1:1f:66:85:b6:13:6d:65:99:da:84:50:d8:
                    c8:02:4f:38:30:74:33:2f:f0:58:6b:15:28:5e:4c:
                    7c:5d:ab:ab:10:ad:bf:fd:8a:25:89:0b:79:b5:8e:
                    74:42:31:6e:7f:c0:e3:2c:86:68:99:57:27:32:71:
                    50:3f:7a:58:22:91:b2:3a:fd:d1:7b:d3:45:47:28:
                    a8:4f:ff:eb:79:59:0c:de:fa:c5:c2:33:f1:ac:3d:
                    7f:e1:67:fc:14:3d:b3:60:7a:dc:9f:39:20:1d:2b:
                    46:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:85:8D:82:A7:8B:8D:83:B2:B4:09:57:ED:88:81:AC:0A:83:AE:89
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K4WNgqeLjYOytAlX7YiBrAqDrok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:f1:ab:d6:3f:f4:57:a4:25:a4:a8:6c:03:52:41:fc:12:b7:
         ae:15:e2:4b:2d:67:0a:10:0c:45:96:ab:22:19:2b:ca:e0:8d:
         cf:55:f5:7d:e0:4e:a8:c1:cd:57:ad:bc:a4:27:a4:3e:05:cf:
         b5:b0:08:db:f2:07:ef:c9:37:6e:42:dd:f6:b1:10:92:8a:d9:
         67:1e:54:ad:80:e6:6d:01:51:bd:74:a9:6a:99:ee:ce:6a:25:
         95:80:2d:79:83:0e:f1:01:dc:3d:03:12:b5:63:95:db:1a:de:
         dc:a0:3f:82:06:93:12:e0:e7:37:e1:a7:02:73:43:47:18:40:
         61:a8:09:b4:61:ed:99:e1:0b:98:e9:36:80:ac:54:eb:f3:9a:
         bf:79:ff:ee:c7:40:14:a8:cf:ab:37:c2:0e:36:5c:ac:3b:08:
         89:7d:7d:2c:cc:f6:b0:62:47:84:95:32:e0:b2:12:d0:83:e7:
         c3:fc:61:52:32:62:7f:7b:82:bf:7b:f9:ce:08:18:ad:97:40:
         b9:f3:5d:7a:04:49:34:66:9b:ac:fc:71:71:80:e2:e8:b0:cf:
         61:ec:97:84:de:b3:a4:f4:60:40:06:77:93:d3:cb:32:d3:e3:
         b0:78:96:93:be:c0:1c:74:d7:7f:ae:9e:3d:2b:a6:23:70:89:
         80:63:ce:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5iFYPb0VnxSc3rz3tj1HGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI2MDIyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg1OGQ4MmE3OGI4ZDgzYjJiNDA5NTdlZDg4ODFhYzBhODNhZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14Fn61PbonqC1dgaeZeKXQ/4q59d
uhyDg3VSPk46w2PQdCFLPTt07LQ4P+8D3mGUiDwLl6r2NGiCBiP4unX3Fc2BfHR1
u7m3Jqkn88H2uxT4yPvW5UYOEmX1gXITj6LzNgD5h6w5GG4YjvZX2qNZo7qxosnp
oMbN3lVsMBCFNKfuZODIFDL1wivux9lK87ffnIQOg8FEL9EfZoW2E21lmdqEUNjI
Ak84MHQzL/BYaxUoXkx8XaurEK2//YoliQt5tY50QjFuf8DjLIZomVcnMnFQP3pY
IpGyOv3Re9NFRyioT//reVkM3vrFwjPxrD1/4Wf8FD2zYHrcnzkgHStGywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuFjYKni42DsrQJV+2IgawKg66JMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSzRXTmdxZUxqWU95dEFsWDdZaUJyQXFEcm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH024MA0G
CSqGSIb3DQEBCwUAA4IBAQBh8avWP/RXpCWkqGwDUkH8EreuFeJLLWcKEAxFlqsi
GSvK4I3PVfV94E6owc1XrbykJ6Q+Bc+1sAjb8gfvyTduQt32sRCSitlnHlStgOZt
AVG9dKlqme7OaiWVgC15gw7xAdw9AxK1Y5XbGt7coD+CBpMS4Oc34acCc0NHGEBh
qAm0Ye2Z4QuY6TaArFTr85q/ef/ux0AUqM+rN8IONlysOwiJfX0szPawYkeElTLg
shLQg+fD/GFSMmJ/e4K/e/nOCBitl0C58116BEk0Zpus/HFxgOLosM9h7JeE3rOk
9GBABneT08sy0+OweJaTvsAcdNd/rp49K6YjcImAY86Z
-----END CERTIFICATE-----