Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KBr699HcafntKrxNm0JmtvHoY4o.roa
File:                     KBr699HcafntKrxNm0JmtvHoY4o.roa (raw, json)
Hash identifier:          wh0Rw5TRPdK8XREKA1r+JicIl3HzKBo/gqYYCc0ZIYE=
Subject key identifier:   28:1A:FA:F7:D1:DC:69:F9:ED:2A:BC:4D:9B:42:66:B6:F1:E8:63:8A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E655A6C20482E89ABAEF99A5597B02BEF
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KBr699HcafntKrxNm0JmtvHoY4o.roa
Signing time:             Tue 26 May 2026 17:34:45 +0000
ROA not before:           Tue 26 May 2026 17:34:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399272
IP address blocks:        31.77.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 May 2026 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:65:5a:6c:20:48:2e:89:ab:ae:f9:9a:55:97:b0:2b:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 26 17:34:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=281afaf7d1dc69f9ed2abc4d9b4266b6f1e8638a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d5:b1:6b:0e:d4:5f:40:1d:c9:69:40:e5:d7:
                    3a:24:af:92:1a:21:ec:7c:ea:4b:44:ab:41:ee:53:
                    1f:78:8a:e6:da:1e:b6:41:f2:50:79:d5:10:ef:71:
                    02:69:c1:88:94:3b:83:65:42:87:a4:f8:3c:73:41:
                    fa:03:9c:30:ca:ab:f5:a6:56:0c:8b:a5:09:28:e2:
                    9e:fc:5c:a4:29:78:28:49:30:54:c3:4c:89:9c:ab:
                    8d:53:d9:1a:05:0f:d6:0c:7e:00:0a:b2:41:ee:7a:
                    c4:1f:90:a9:f6:68:7c:95:99:24:63:2c:4e:19:c2:
                    19:54:cb:93:73:fe:de:70:66:b6:79:17:6d:76:a9:
                    e9:3a:ee:a8:6c:74:4e:77:87:7b:e6:b9:28:31:00:
                    f8:53:01:15:bb:a4:2b:a5:8c:24:95:3c:67:ea:47:
                    44:80:f1:c1:98:a1:09:db:43:5f:44:ca:d1:0f:4a:
                    9c:22:04:6d:f7:b4:18:db:6e:24:9f:e4:c8:95:ec:
                    f4:24:5c:79:d3:3d:86:ba:a8:db:a3:68:ab:61:ff:
                    9b:39:c5:42:d3:3d:60:2a:c4:b1:68:8c:50:6f:2f:
                    39:ed:44:89:23:1b:b7:30:e6:80:bf:72:61:cf:0a:
                    97:cb:c0:7e:aa:4c:7c:9e:31:63:f8:bd:f8:49:de:
                    4a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1A:FA:F7:D1:DC:69:F9:ED:2A:BC:4D:9B:42:66:B6:F1:E8:63:8A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/KBr699HcafntKrxNm0JmtvHoY4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:f1:1d:52:f9:13:c5:36:47:8f:07:1f:69:18:e0:75:22:16:
         f1:28:98:32:3f:e6:11:7c:87:92:c8:aa:c8:e9:ff:0d:63:b3:
         ad:cc:f4:fc:fa:e7:15:87:7f:d6:a3:8c:e2:6a:71:77:99:34:
         1c:88:22:0d:e5:37:fc:4e:14:3f:35:a4:86:69:2e:ee:9b:8b:
         4c:fd:8b:63:e9:df:cc:a6:b4:74:15:bb:59:b2:d8:42:fa:41:
         3b:fd:66:76:2f:1a:99:19:1c:fa:4c:91:c4:ff:da:d2:a5:35:
         54:83:5a:c4:85:9d:94:71:59:59:08:bb:52:92:5a:a0:34:ad:
         0f:c8:3d:93:d6:d3:ea:99:ba:00:5d:ff:8c:73:ae:44:be:90:
         73:76:87:37:c6:74:72:09:33:e2:f5:eb:ee:db:28:bc:fb:0a:
         75:1c:e0:2a:89:5e:e8:48:da:0b:6b:63:62:78:c1:af:1f:81:
         67:59:4c:71:15:9f:a4:24:ab:6b:c5:99:38:97:53:74:59:b4:
         0d:66:4a:fa:61:f8:cc:70:75:00:a1:00:1f:d7:e8:e4:68:04:
         97:99:8f:9c:59:eb:68:4f:7f:98:ca:4d:bb:12:bc:09:bf:91:
         07:6b:ae:1c:d7:4d:4d:b3:3e:80:2c:28:f3:b7:86:48:d3:d9:
         21:46:3b:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5lWmwgSC6Jq675mlWXsCvvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI2MTczNDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFhZmFmN2QxZGM2OWY5ZWQyYWJjNGQ5YjQyNjZiNmYxZTg2MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNWxaw7UX0AdyWlA5dc6JK+SGiHs
fOpLRKtB7lMfeIrm2h62QfJQedUQ73ECacGIlDuDZUKHpPg8c0H6A5wwyqv1plYM
i6UJKOKe/FykKXgoSTBUw0yJnKuNU9kaBQ/WDH4ACrJB7nrEH5Cp9mh8lZkkYyxO
GcIZVMuTc/7ecGa2eRdtdqnpOu6obHROd4d75rkoMQD4UwEVu6QrpYwklTxn6kdE
gPHBmKEJ20NfRMrRD0qcIgRt97QY224kn+TIlez0JFx50z2Guqjbo2irYf+bOcVC
0z1gKsSxaIxQby857USJIxu3MOaAv3JhzwqXy8B+qkx8njFj+L34Sd5KuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCga+vfR3Gn57Sq8TZtCZrbx6GOKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvS0JyNjk5SGNhZm50S3J4Tm0wSm10dkhvWTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH01CMA0G
CSqGSIb3DQEBCwUAA4IBAQCr8R1S+RPFNkePBx9pGOB1IhbxKJgyP+YRfIeSyKrI
6f8NY7OtzPT8+ucVh3/Wo4zianF3mTQciCIN5Tf8ThQ/NaSGaS7um4tM/Ytj6d/M
prR0FbtZsthC+kE7/WZ2LxqZGRz6TJHE/9rSpTVUg1rEhZ2UcVlZCLtSklqgNK0P
yD2T1tPqmboAXf+Mc65EvpBzdoc3xnRyCTPi9evu2yi8+wp1HOAqiV7oSNoLa2Ni
eMGvH4FnWUxxFZ+kJKtrxZk4l1N0WbQNZkr6YfjMcHUAoQAf1+jkaASXmY+cWeto
T3+Yyk27ErwJv5EHa64c101Nsz6ALCjzt4ZI09khRjvK
-----END CERTIFICATE-----