Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LtB2_PU48rkwM8XTduojA6f_zY0.roa
File:                     LtB2_PU48rkwM8XTduojA6f_zY0.roa (raw, json)
Hash identifier:          wAhDxSdxn33ufCDvj65SZlPyahG+eNV1clrQ661oJzM=
Subject key identifier:   2E:D0:76:FC:F5:38:F2:B9:30:33:C5:D3:76:EA:23:03:A7:FF:CD:8D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DCFB4D26E53F2F68703753C6622F4799E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LtB2_PU48rkwM8XTduojA6f_zY0.roa
Signing time:             Mon 27 Apr 2026 16:10:27 +0000
ROA not before:           Mon 27 Apr 2026 16:10:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198653
IP address blocks:        31.77.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:b4:d2:6e:53:f2:f6:87:03:75:3c:66:22:f4:79:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 27 16:10:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ed076fcf538f2b93033c5d376ea2303a7ffcd8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:42:04:56:77:6c:43:c3:de:2e:37:af:bd:7e:
                    5a:b9:db:cb:ea:26:ef:40:3a:c9:97:53:76:fe:81:
                    7d:ae:b7:f3:79:68:22:61:21:5c:d2:23:be:35:67:
                    0a:e2:88:2b:2d:81:0e:02:86:92:88:9c:3c:9f:7e:
                    c5:d1:c3:be:d6:3f:5d:b1:72:90:c1:96:48:b7:d7:
                    f1:bb:90:86:ea:41:23:2e:98:58:e4:f5:e0:1a:41:
                    eb:73:83:8c:74:d9:18:8d:14:07:e8:74:93:8a:f8:
                    10:5f:6c:3c:ac:18:50:44:f7:1a:92:ec:52:c1:80:
                    3a:25:a8:5f:54:ee:32:f1:c3:4b:79:2e:83:e7:82:
                    b8:5d:8b:cb:28:8a:da:c5:99:b1:1b:f9:9e:06:62:
                    d6:2d:79:12:b4:0d:e5:5d:05:c4:f1:00:31:7f:f4:
                    f0:8c:c6:1d:c4:bb:fd:21:a7:34:06:06:22:c2:35:
                    e2:af:1b:2d:0e:84:f0:02:4f:b2:a0:4f:49:30:65:
                    55:7a:cb:a3:df:56:b3:c2:df:2a:10:6d:8b:f0:c3:
                    5f:9a:57:97:5e:08:ac:eb:f1:68:d8:c4:05:bd:1b:
                    81:e6:ec:90:f4:49:e4:87:9d:01:9b:7e:fd:95:0d:
                    b4:b3:d2:3d:7f:35:79:69:80:08:74:39:3d:5a:07:
                    7f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D0:76:FC:F5:38:F2:B9:30:33:C5:D3:76:EA:23:03:A7:FF:CD:8D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LtB2_PU48rkwM8XTduojA6f_zY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:35:69:d5:96:08:07:00:c6:74:12:4b:dc:00:8f:b1:53:9a:
         ee:08:bd:49:43:87:e5:0d:96:4f:83:c4:bd:6a:89:eb:f2:d3:
         54:08:19:9b:13:8c:f0:10:a5:07:c9:a2:06:82:63:b9:71:14:
         d9:4a:91:0e:1b:46:71:c5:2a:76:a8:05:5d:51:fe:f8:71:93:
         c3:e7:2b:2e:d3:6e:99:d1:4a:2d:29:b2:b4:9e:37:15:73:0c:
         26:ea:7c:bb:5e:6d:5b:71:96:62:9e:f3:11:9b:9c:70:b3:d2:
         d8:ac:28:7c:97:b3:16:55:a5:a9:c7:b0:a9:ad:c5:ce:48:de:
         33:6d:89:37:ca:bc:2b:34:6b:30:d7:d3:03:c2:7e:b4:8e:4e:
         67:56:f0:66:3c:9a:54:ad:07:bf:7f:5b:d9:e9:83:eb:23:b3:
         99:3c:2e:7a:90:e0:19:32:e3:c6:60:18:3e:08:6a:49:3a:a2:
         74:eb:bf:c7:fa:cf:35:76:a7:03:58:d4:48:80:46:2b:08:9f:
         5d:ca:ce:a6:c7:07:5b:a2:a8:00:ca:35:20:37:34:ba:e1:6d:
         8e:a5:f4:a2:ea:19:d3:5c:8b:59:5f:00:9e:c7:7f:b4:df:06:
         98:c3:0e:34:ac:7b:58:89:6b:db:4b:ca:87:b4:6a:0f:ab:0f:
         59:f0:fc:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PtNJuU/L2hwN1PGYi9HmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI3MTYxMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQwNzZmY2Y1MzhmMmI5MzAzM2M1ZDM3NmVhMjMwM2E3ZmZjZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEIEVndsQ8PeLjevvX5audvL6ibv
QDrJl1N2/oF9rrfzeWgiYSFc0iO+NWcK4ogrLYEOAoaSiJw8n37F0cO+1j9dsXKQ
wZZIt9fxu5CG6kEjLphY5PXgGkHrc4OMdNkYjRQH6HSTivgQX2w8rBhQRPcakuxS
wYA6JahfVO4y8cNLeS6D54K4XYvLKIraxZmxG/meBmLWLXkStA3lXQXE8QAxf/Tw
jMYdxLv9Iac0BgYiwjXirxstDoTwAk+yoE9JMGVVesuj31azwt8qEG2L8MNfmleX
Xgis6/Fo2MQFvRuB5uyQ9Enkh50Bm379lQ20s9I9fzV5aYAIdDk9Wgd/mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7Qdvz1OPK5MDPF03bqIwOn/82NMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTHRCMl9QVTQ4cmt3TThYVGR1b2pBNmZfelkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH038MA0G
CSqGSIb3DQEBCwUAA4IBAQBNNWnVlggHAMZ0EkvcAI+xU5ruCL1JQ4flDZZPg8S9
aonr8tNUCBmbE4zwEKUHyaIGgmO5cRTZSpEOG0ZxxSp2qAVdUf74cZPD5ysu026Z
0UotKbK0njcVcwwm6ny7Xm1bcZZinvMRm5xws9LYrCh8l7MWVaWpx7CprcXOSN4z
bYk3yrwrNGsw19MDwn60jk5nVvBmPJpUrQe/f1vZ6YPrI7OZPC56kOAZMuPGYBg+
CGpJOqJ067/H+s81dqcDWNRIgEYrCJ9dys6mxwdboqgAyjUgNzS64W2OpfSi6hnT
XItZXwCex3+03waYww40rHtYiWvbS8qHtGoPqw9Z8Pyk
-----END CERTIFICATE-----