Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ic9Het5nRlfWsXGTGTsJ-xkgghM.roa
File:                     ic9Het5nRlfWsXGTGTsJ-xkgghM.roa (raw, json)
Hash identifier:          MLYr/Cpvp116wHV51ZFSXtP/Nia/E7Ci362GQ7ftSaM=
Subject key identifier:   89:CF:47:7A:DE:67:46:57:D6:B1:71:93:19:3B:09:FB:19:20:82:13
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E749DA242C29BBECD2AFA100388C6E082
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ic9Het5nRlfWsXGTGTsJ-xkgghM.roa
Signing time:             Fri 29 May 2026 16:42:28 +0000
ROA not before:           Fri 29 May 2026 16:42:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        31.77.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:9d:a2:42:c2:9b:be:cd:2a:fa:10:03:88:c6:e0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 29 16:42:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89cf477ade674657d6b17193193b09fb19208213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:37:f2:98:cf:f0:a4:7e:7e:62:eb:26:9a:0b:
                    a3:05:b9:39:a8:3d:b3:9a:cb:43:10:94:a7:78:d1:
                    56:e3:e9:51:72:68:6e:25:23:32:84:7b:f1:e6:d3:
                    40:c5:3e:16:2b:9c:6a:c9:52:a7:c1:bf:26:6b:55:
                    4e:2f:34:ab:25:46:cf:f3:2a:a6:e6:6b:77:c7:86:
                    3c:20:2f:30:25:a2:22:61:d4:2f:f5:a2:00:ae:2d:
                    76:47:6c:1c:ef:76:32:0c:14:7a:94:e0:33:d9:c3:
                    3d:67:be:43:75:1f:a3:a3:8e:a3:b3:15:7e:b0:2f:
                    40:68:54:d9:3f:bb:0e:6f:fb:e7:0d:53:43:1a:e7:
                    53:0a:b4:79:67:6a:ea:46:16:1a:04:d8:8e:8b:49:
                    9f:91:c4:dd:9c:1a:f4:87:3a:e4:20:ac:a0:a2:b2:
                    eb:11:c6:b3:1f:af:83:9e:b7:5e:d3:b3:dc:47:ed:
                    8d:1d:dd:e9:a0:f5:de:09:73:fd:ac:22:6a:b2:76:
                    a1:ca:d1:f0:17:61:77:ce:2e:6c:d8:c0:b8:5f:b4:
                    d7:1f:48:41:c1:cc:08:ed:c9:bd:7a:91:d8:e3:31:
                    3c:44:40:2c:fe:c2:b8:93:6d:2c:a0:a8:92:2e:9b:
                    cf:6a:71:21:1f:fc:db:c0:db:b3:70:2a:89:49:6a:
                    25:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CF:47:7A:DE:67:46:57:D6:B1:71:93:19:3B:09:FB:19:20:82:13
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ic9Het5nRlfWsXGTGTsJ-xkgghM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:8c:d8:7a:b1:c4:dc:84:c8:55:7a:84:68:c3:bf:89:cc:c0:
         04:7a:73:1d:ec:0b:b9:31:be:a6:4f:e1:b3:6d:d6:bf:65:ec:
         ef:fc:70:5f:ca:2a:01:72:b7:cc:fb:a5:94:c6:d1:c6:c2:f4:
         c3:d7:14:fd:4e:5b:87:52:d9:d2:c4:c0:72:d9:74:90:1e:5b:
         43:38:3b:23:ec:3a:4f:2f:ae:ae:bf:d2:92:36:6e:77:11:41:
         cd:bd:b8:93:1c:8c:d1:42:e2:d9:ad:6f:47:97:03:72:4d:8f:
         58:ff:cb:21:63:3a:b6:8c:34:84:72:f1:35:eb:11:67:4d:33:
         24:5d:0a:10:d3:90:05:b6:21:37:d6:aa:1f:9c:c4:18:47:ef:
         60:36:a0:75:2e:46:c2:b4:ed:ec:12:78:e3:76:de:cc:ca:dd:
         a2:aa:54:7a:af:ce:10:82:7f:ee:6b:b3:f9:ce:a7:35:fa:a0:
         c8:73:ab:d2:be:fb:52:a0:c4:21:af:b5:c0:8c:b1:46:a2:e4:
         cd:28:66:57:a2:78:76:89:03:7b:35:5e:74:42:c6:c9:86:b7:
         c0:b7:8b:cb:d7:7b:5e:90:f5:26:bd:57:26:90:29:b7:4f:42:
         36:5d:63:b8:59:e8:e8:40:e4:38:13:a0:86:64:30:90:7f:a6:
         bf:12:f6:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ50naJCwpu+zSr6EAOIxuCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI5MTY0MjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWNmNDc3YWRlNjc0NjU3ZDZiMTcxOTMxOTNiMDlmYjE5MjA4MjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzfymM/wpH5+YusmmgujBbk5qD2z
mstDEJSneNFW4+lRcmhuJSMyhHvx5tNAxT4WK5xqyVKnwb8ma1VOLzSrJUbP8yqm
5mt3x4Y8IC8wJaIiYdQv9aIAri12R2wc73YyDBR6lOAz2cM9Z75DdR+jo46jsxV+
sC9AaFTZP7sOb/vnDVNDGudTCrR5Z2rqRhYaBNiOi0mfkcTdnBr0hzrkIKygorLr
EcazH6+Dnrde07PcR+2NHd3poPXeCXP9rCJqsnahytHwF2F3zi5s2MC4X7TXH0hB
wcwI7cm9epHY4zE8REAs/sK4k20soKiSLpvPanEhH/zbwNuzcCqJSWolpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInPR3reZ0ZX1rFxkxk7CfsZIIITMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaWM5SGV0NW5SbGZXc1hHVEdUc0oteGtnZ2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH039MA0G
CSqGSIb3DQEBCwUAA4IBAQBFjNh6scTchMhVeoRow7+JzMAEenMd7Au5Mb6mT+Gz
bda/Zezv/HBfyioBcrfM+6WUxtHGwvTD1xT9TluHUtnSxMBy2XSQHltDODsj7DpP
L66uv9KSNm53EUHNvbiTHIzRQuLZrW9HlwNyTY9Y/8shYzq2jDSEcvE16xFnTTMk
XQoQ05AFtiE31qofnMQYR+9gNqB1LkbCtO3sEnjjdt7Myt2iqlR6r84Qgn/ua7P5
zqc1+qDIc6vSvvtSoMQhr7XAjLFGouTNKGZXonh2iQN7NV50QsbJhrfAt4vL13te
kPUmvVcmkCm3T0I2XWO4WejoQOQ4E6CGZDCQf6a/EvYG
-----END CERTIFICATE-----