Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/L_zkoUZcl6GxmkR-KXvmd8pTkw4.roa
File:                     L_zkoUZcl6GxmkR-KXvmd8pTkw4.roa (raw, json)
Hash identifier:          Fe573YK3ewIKLN2BWjhdZEpb0RUvoanUDwivJVywSyI=
Subject key identifier:   2F:FC:E4:A1:46:5C:97:A1:B1:9A:44:7E:29:7B:E6:77:CA:53:93:0E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E27FE997B6A1EB81517F2AC1F028429CD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/L_zkoUZcl6GxmkR-KXvmd8pTkw4.roa
Signing time:             Thu 14 May 2026 19:37:37 +0000
ROA not before:           Thu 14 May 2026 19:37:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197974
IP address blocks:        31.76.119.0/24 maxlen: 24
                          31.76.249.0/24 maxlen: 24
                          31.76.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:27:fe:99:7b:6a:1e:b8:15:17:f2:ac:1f:02:84:29:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 14 19:37:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ffce4a1465c97a1b19a447e297be677ca53930e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a0:5a:64:19:60:86:e7:a5:8f:50:6f:6c:c3:
                    44:d1:d2:63:cd:8f:75:59:a1:b6:47:77:c3:a2:3a:
                    18:69:01:91:fc:4a:b7:92:f6:64:9d:c3:43:64:74:
                    33:5e:00:07:b5:98:d1:b2:3d:25:02:6b:0b:c5:d3:
                    22:dd:4c:f0:18:14:07:2d:a6:72:75:4a:ed:8d:aa:
                    2a:20:3f:b2:51:df:a1:2b:17:20:b5:3e:b9:f9:d2:
                    3a:72:00:c4:53:e2:e8:cb:d8:99:55:aa:df:bb:61:
                    57:7d:9b:e3:b1:5d:e0:ac:1c:c1:6a:0f:3c:73:42:
                    e3:87:e1:90:d7:8a:3b:48:71:51:1b:5a:99:de:2e:
                    89:1c:7e:d6:b4:a3:b6:29:88:97:5e:19:a9:b3:14:
                    90:e6:64:1f:5c:7c:dd:de:9b:0d:fc:f7:44:78:a0:
                    6e:09:0e:0a:0f:ab:4a:84:33:9f:db:2c:d0:65:fe:
                    8d:94:55:c5:5a:03:e7:74:67:a2:6c:cb:24:cd:3c:
                    34:e1:46:9a:b3:57:0b:43:41:ed:7a:07:a9:5b:c3:
                    bd:31:1b:70:b7:24:d6:fb:df:81:36:56:41:ce:1a:
                    a7:87:cd:fc:0f:ac:dc:60:2f:44:5d:32:a0:e4:a6:
                    1d:b7:32:76:11:8a:c0:ae:d8:31:27:75:63:99:c8:
                    5d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FC:E4:A1:46:5C:97:A1:B1:9A:44:7E:29:7B:E6:77:CA:53:93:0E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/L_zkoUZcl6GxmkR-KXvmd8pTkw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.76.119.0/24
                  31.76.249.0-31.76.250.255

    Signature Algorithm: sha256WithRSAEncryption
         84:d8:a3:de:26:22:1b:2b:6f:16:97:07:f9:85:97:d4:a2:17:
         2e:d4:e8:26:9d:7d:2d:29:4b:4a:3f:b6:31:10:15:2c:f1:d2:
         95:f1:9c:35:c9:0a:5b:2f:22:72:ec:ab:95:5c:eb:8f:27:99:
         48:c6:bd:3f:e0:ca:5d:d3:1e:7e:ee:42:29:4f:4c:64:3d:36:
         c9:d8:7f:78:98:00:4e:d0:bf:be:7e:a1:12:f3:88:18:eb:12:
         41:b7:1a:56:5e:3e:8f:73:10:9e:13:74:be:fa:25:bb:9e:e1:
         ef:95:a1:5a:28:86:60:82:74:7f:b3:8e:ca:f1:82:a5:82:37:
         ca:e4:25:46:db:71:92:40:16:be:19:25:c2:40:70:c7:76:6e:
         4e:58:31:e5:1c:5e:f0:c4:a1:b2:ca:df:85:93:fd:74:ff:3f:
         08:bf:60:27:df:6f:9f:cc:fa:7c:e6:4a:90:48:23:af:af:36:
         fe:ff:40:a8:f0:2b:6b:53:8b:c6:13:82:38:05:7f:c3:48:b5:
         ca:b8:46:99:05:83:37:0c:b6:8e:11:1b:4d:65:c0:f9:b1:68:
         0c:fc:f5:23:fe:2f:b0:55:cb:29:ea:3a:0c:43:f9:65:0c:64:
         ce:98:41:28:a1:2c:e6:be:85:1d:d2:06:f2:6d:1d:2f:64:a9:
         0b:a3:58:3a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ4n/pl7ah64FRfyrB8ChCnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE0MTkzNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZjZTRhMTQ2NWM5N2ExYjE5YTQ0N2UyOTdiZTY3N2NhNTM5MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKBaZBlghuelj1BvbMNE0dJjzY91
WaG2R3fDojoYaQGR/Eq3kvZkncNDZHQzXgAHtZjRsj0lAmsLxdMi3UzwGBQHLaZy
dUrtjaoqID+yUd+hKxcgtT65+dI6cgDEU+Loy9iZVarfu2FXfZvjsV3grBzBag88
c0Ljh+GQ14o7SHFRG1qZ3i6JHH7WtKO2KYiXXhmpsxSQ5mQfXHzd3psN/PdEeKBu
CQ4KD6tKhDOf2yzQZf6NlFXFWgPndGeibMskzTw04Uaas1cLQ0HtegepW8O9MRtw
tyTW+9+BNlZBzhqnh838D6zcYC9EXTKg5KYdtzJ2EYrArtgxJ3Vjmchd/wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFC/85KFGXJehsZpEfil75nfKU5MOMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTF96a29VWmNsNkd4bWtSLUtYdm1kOHBUa3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAH0x3MAwD
BAAfTPkDBAAfTPowDQYJKoZIhvcNAQELBQADggEBAITYo94mIhsrbxaXB/mFl9Si
Fy7U6CadfS0pS0o/tjEQFSzx0pXxnDXJClsvInLsq5Vc648nmUjGvT/gyl3THn7u
QilPTGQ9NsnYf3iYAE7Qv75+oRLziBjrEkG3GlZePo9zEJ4TdL76Jbue4e+VoVoo
hmCCdH+zjsrxgqWCN8rkJUbbcZJAFr4ZJcJAcMd2bk5YMeUcXvDEobLK34WT/XT/
Pwi/YCffb5/M+nzmSpBII6+vNv7/QKjwK2tTi8YTgjgFf8NItcq4RpkFgzcMto4R
G01lwPmxaAz89SP+L7BVyynqOgxD+WUMZM6YQSihLOa+hR3SBvJtHS9kqQujWDo=
-----END CERTIFICATE-----