Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mNrkEqfYJUU1QVqy3ls9OpiHyZU.roa
File:                     mNrkEqfYJUU1QVqy3ls9OpiHyZU.roa (raw, json)
Hash identifier:          ZYqC/AQ6Q2DPU2BWj4O5QL/C4YI3VBXOY+bWOzHiMRI=
Subject key identifier:   98:DA:E4:12:A7:D8:25:45:35:41:5A:B2:DE:5B:3D:3A:98:87:C9:95
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E510A1DFCF20FB3BAE684629EDC289825
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mNrkEqfYJUU1QVqy3ls9OpiHyZU.roa
Signing time:             Fri 22 May 2026 18:54:37 +0000
ROA not before:           Fri 22 May 2026 18:54:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400308
IP address blocks:        31.77.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:51:0a:1d:fc:f2:0f:b3:ba:e6:84:62:9e:dc:28:98:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 22 18:54:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98dae412a7d8254535415ab2de5b3d3a9887c995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3c:89:56:0e:4a:27:98:f7:66:49:d0:0d:e5:
                    3d:7b:1b:dc:1a:d2:94:cc:95:d1:4d:12:b9:2e:3f:
                    40:d9:30:cd:61:c1:6a:24:7e:b4:9a:d0:35:36:eb:
                    39:f3:01:ac:b3:eb:c9:ae:8b:40:0b:65:68:05:7a:
                    8c:f1:b0:53:30:b2:66:8a:92:d3:82:96:0f:86:34:
                    75:2e:d7:33:c6:77:74:62:f5:6f:93:ab:ac:df:58:
                    36:0d:58:70:8e:4e:1e:ab:b8:54:ec:fa:d7:41:40:
                    eb:e3:95:e8:08:27:92:97:0c:b2:93:38:3b:e0:b4:
                    20:c5:5b:63:52:c6:8f:8a:c5:f7:cf:ca:a5:47:bf:
                    ee:3b:e1:61:72:3d:a6:53:db:cd:c1:e9:44:7f:c5:
                    55:03:ff:22:43:d5:71:d0:38:55:a6:6e:6b:43:ea:
                    82:98:d9:d4:c8:3c:d4:ec:30:08:4b:10:84:1b:5a:
                    6b:e9:1d:01:3d:bf:5a:30:c6:f0:cf:a8:3d:7e:74:
                    3f:82:b3:00:77:11:de:e8:8e:ba:5f:16:49:b9:8b:
                    c8:b2:ed:a3:a4:82:31:dc:77:21:7e:4d:e5:a4:09:
                    fc:a4:37:41:2e:bc:b1:56:11:68:5a:b1:45:21:6e:
                    b1:ee:09:ea:c5:47:47:52:06:96:d7:62:35:3a:92:
                    e5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DA:E4:12:A7:D8:25:45:35:41:5A:B2:DE:5B:3D:3A:98:87:C9:95
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mNrkEqfYJUU1QVqy3ls9OpiHyZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:83:55:2a:ce:7d:8b:da:a2:8c:cc:ed:d9:bd:46:4f:94:ef:
         9b:fe:48:63:66:d1:29:ca:a6:48:17:9a:53:06:8c:f7:e9:52:
         31:97:61:47:35:93:19:ad:f8:24:a4:78:92:45:17:1e:65:9c:
         82:f6:d8:2d:22:f1:0e:5e:05:7f:f2:8f:e3:d6:96:2e:0c:b2:
         12:c3:b6:bd:5f:f4:2a:6e:84:3d:78:25:c5:a1:0a:65:f6:4a:
         84:38:66:ff:73:3d:57:1c:84:11:dd:86:b3:16:64:4f:d9:54:
         7c:29:b3:f5:bd:24:27:d2:d7:4f:4f:ce:9a:c8:19:2b:d8:58:
         31:ce:83:99:99:52:cf:a7:67:0c:c3:bb:26:a8:96:94:33:b2:
         70:31:0e:ca:9b:7a:f6:18:f0:28:d5:c6:32:db:2a:77:94:1b:
         e3:03:7d:e3:09:4b:fb:46:e6:b7:f2:a7:01:33:0a:74:d6:74:
         74:52:88:8b:90:03:6b:90:c1:03:71:c3:9c:8e:fb:9a:da:85:
         a5:c6:7d:69:a9:06:29:03:69:2a:66:43:89:09:b3:b3:cf:b5:
         cb:d8:19:a1:be:da:17:2d:db:dd:fe:32:e0:ed:b9:7c:2a:b7:
         26:6f:c3:02:c4:7f:20:ea:1d:28:72:e6:59:e1:c9:13:64:2f:
         6f:4f:9b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5RCh388g+zuuaEYp7cKJglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIyMTg1NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRhZTQxMmE3ZDgyNTQ1MzU0MTVhYjJkZTViM2QzYTk4ODdjOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDyJVg5KJ5j3ZknQDeU9exvcGtKU
zJXRTRK5Lj9A2TDNYcFqJH60mtA1Nus58wGss+vJrotAC2VoBXqM8bBTMLJmipLT
gpYPhjR1Ltczxnd0YvVvk6us31g2DVhwjk4eq7hU7PrXQUDr45XoCCeSlwyykzg7
4LQgxVtjUsaPisX3z8qlR7/uO+Fhcj2mU9vNwelEf8VVA/8iQ9Vx0DhVpm5rQ+qC
mNnUyDzU7DAISxCEG1pr6R0BPb9aMMbwz6g9fnQ/grMAdxHe6I66XxZJuYvIsu2j
pIIx3Hchfk3lpAn8pDdBLryxVhFoWrFFIW6x7gnqxUdHUgaW12I1OpLlZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJja5BKn2CVFNUFast5bPTqYh8mVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbU5ya0VxZllKVVUxUVZxeTNsczlPcGlIeVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH033MA0G
CSqGSIb3DQEBCwUAA4IBAQClg1Uqzn2L2qKMzO3ZvUZPlO+b/khjZtEpyqZIF5pT
Boz36VIxl2FHNZMZrfgkpHiSRRceZZyC9tgtIvEOXgV/8o/j1pYuDLISw7a9X/Qq
boQ9eCXFoQpl9kqEOGb/cz1XHIQR3YazFmRP2VR8KbP1vSQn0tdPT86ayBkr2Fgx
zoOZmVLPp2cMw7smqJaUM7JwMQ7Km3r2GPAo1cYy2yp3lBvjA33jCUv7Rua38qcB
Mwp01nR0UoiLkANrkMEDccOcjvua2oWlxn1pqQYpA2kqZkOJCbOzz7XL2BmhvtoX
Ldvd/jLg7bl8Krcmb8MCxH8g6h0ocuZZ4ckTZC9vT5uC
-----END CERTIFICATE-----