Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCCzl4ZBsjD0-AT4-2oGB8upnio.roa
File:                     bCCzl4ZBsjD0-AT4-2oGB8upnio.roa (raw, json)
Hash identifier:          7cC7pJWNdutaBfdhmxC4+Xe3gQkoVybJiMzHWPTv+MQ=
Subject key identifier:   6C:20:B3:97:86:41:B2:30:F4:F8:04:F8:FB:6A:06:07:CB:A9:9E:2A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EA80E51D115675F20227B866B47C70105
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCCzl4ZBsjD0-AT4-2oGB8upnio.roa
Signing time:             Mon 08 Jun 2026 16:26:10 +0000
ROA not before:           Mon 08 Jun 2026 16:26:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        31.77.55.0/24 maxlen: 24
                          31.77.63.0/24 maxlen: 24
                          31.77.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:0e:51:d1:15:67:5f:20:22:7b:86:6b:47:c7:01:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  8 16:26:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c20b3978641b230f4f804f8fb6a0607cba99e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:12:8d:32:1d:42:fe:bf:69:ac:f6:9f:42:d7:
                    84:33:68:ba:f9:9a:65:ef:41:61:fa:11:2c:35:84:
                    24:64:17:62:a0:2a:09:f4:fa:76:5e:65:5b:1a:db:
                    c6:ef:1e:07:22:d0:b6:9e:da:4b:83:9f:6b:c5:e1:
                    7a:46:f0:b9:93:59:19:5b:1c:12:7f:60:ba:30:0d:
                    69:35:88:0e:40:24:b2:e1:f2:4f:2c:22:49:86:31:
                    c6:a0:82:36:70:0e:ae:b5:ae:ee:04:fc:09:2d:55:
                    3a:e2:c6:c7:15:93:44:26:8d:39:4b:95:e7:9d:04:
                    09:0f:aa:ac:ac:9c:ab:d0:da:28:5c:2f:e9:18:64:
                    68:08:94:94:c9:6c:61:79:77:b8:53:dc:c7:55:d3:
                    43:60:61:28:ae:ab:33:81:fa:6e:52:33:dc:4e:a5:
                    b7:ca:c5:b2:b0:e0:4c:ee:7d:f4:4d:33:20:33:e3:
                    45:95:24:41:42:16:31:09:7e:b6:1a:72:b5:db:9d:
                    18:41:a2:d7:9e:7f:c0:55:9d:cc:73:cc:a2:9f:95:
                    ec:f6:2d:71:c0:7a:f0:f5:b0:28:6b:97:8c:4e:f2:
                    35:c4:68:fc:f2:31:bb:55:9e:d1:aa:87:c2:96:48:
                    e8:c3:f0:48:08:95:ed:8b:d7:44:11:27:56:5d:c8:
                    9f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:20:B3:97:86:41:B2:30:F4:F8:04:F8:FB:6A:06:07:CB:A9:9E:2A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bCCzl4ZBsjD0-AT4-2oGB8upnio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.55.0/24
                  31.77.63.0/24
                  31.77.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c4:16:53:59:4d:38:a6:67:c6:24:ae:28:dc:cf:ff:dc:d4:
         6c:cd:89:3d:40:f6:ff:8d:53:7c:d4:84:6f:55:35:ae:47:67:
         75:b7:46:8b:37:04:04:36:33:0a:de:41:b4:4b:c7:a2:f7:e5:
         aa:8f:4d:2c:d4:de:3a:8b:69:30:01:e6:19:a7:b1:a1:5e:35:
         47:d3:34:52:b3:87:97:75:02:a9:67:61:19:34:14:73:88:0e:
         5f:5f:55:7c:b5:b4:4d:76:d2:2b:90:f4:ec:7d:af:36:f5:91:
         fb:94:f4:7c:1c:7d:b7:86:54:d6:b5:95:31:9d:a5:8f:a5:c3:
         56:88:56:f9:14:82:d9:ee:02:72:3b:75:30:94:0f:ee:93:76:
         cb:98:96:b4:33:a8:58:16:c9:b3:e4:dc:54:99:3e:b1:be:c7:
         09:8c:33:b6:de:c5:5e:c5:f9:9d:fa:18:71:b7:8f:46:5e:04:
         51:4e:0e:ab:81:7e:f3:d3:ee:b2:67:0f:88:48:7f:b0:92:05:
         cd:c1:4a:0a:df:38:81:11:5c:34:f1:52:1b:07:5a:8e:51:a0:
         90:0f:68:d7:8a:5c:9d:36:b5:69:2b:6f:3e:4e:2a:c5:e1:45:
         ab:ec:5b:34:3b:5f:39:3c:2f:1e:4d:33:86:21:10:5d:2c:a4:
         4d:c4:64:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6oDlHRFWdfICJ7hmtHxwEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA4MTYyNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzIwYjM5Nzg2NDFiMjMwZjRmODA0ZjhmYjZhMDYwN2NiYTk5ZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxKNMh1C/r9prPafQteEM2i6+Zpl
70Fh+hEsNYQkZBdioCoJ9Pp2XmVbGtvG7x4HItC2ntpLg59rxeF6RvC5k1kZWxwS
f2C6MA1pNYgOQCSy4fJPLCJJhjHGoII2cA6uta7uBPwJLVU64sbHFZNEJo05S5Xn
nQQJD6qsrJyr0NooXC/pGGRoCJSUyWxheXe4U9zHVdNDYGEorqszgfpuUjPcTqW3
ysWysOBM7n30TTMgM+NFlSRBQhYxCX62GnK1250YQaLXnn/AVZ3Mc8yin5Xs9i1x
wHrw9bAoa5eMTvI1xGj88jG7VZ7RqofClkjow/BICJXti9dEESdWXcifZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGwgs5eGQbIw9PgE+PtqBgfLqZ4qMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYkNDemw0WkJzakQwLUFUNC0yb0dCOHVwbmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH003AwQA
H00/AwQAH02IMA0GCSqGSIb3DQEBCwUAA4IBAQAfxBZTWU04pmfGJK4o3M//3NRs
zYk9QPb/jVN81IRvVTWuR2d1t0aLNwQENjMK3kG0S8ei9+Wqj00s1N46i2kwAeYZ
p7GhXjVH0zRSs4eXdQKpZ2EZNBRziA5fX1V8tbRNdtIrkPTsfa829ZH7lPR8HH23
hlTWtZUxnaWPpcNWiFb5FILZ7gJyO3UwlA/uk3bLmJa0M6hYFsmz5NxUmT6xvscJ
jDO23sVexfmd+hhxt49GXgRRTg6rgX7z0+6yZw+ISH+wkgXNwUoK3ziBEVw08VIb
B1qOUaCQD2jXilydNrVpK28+TirF4UWr7Fs0O185PC8eTTOGIRBdLKRNxGQI
-----END CERTIFICATE-----