Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/q3Dvqkl-nH3cu2t-HsShQKyGAD0.roa
File:                     q3Dvqkl-nH3cu2t-HsShQKyGAD0.roa (raw, json)
Hash identifier:          ykcFokxz8iu9DHSl7vVDOhpgiiwICu9ltTmlYuWZWZ8=
Subject key identifier:   AB:70:EF:AA:49:7E:9C:7D:DC:BB:6B:7E:1E:C4:A1:40:AC:86:00:3D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E3C561F247E635C51F35A1C9B2D0E4B65
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/q3Dvqkl-nH3cu2t-HsShQKyGAD0.roa
Signing time:             Mon 18 May 2026 18:25:37 +0000
ROA not before:           Mon 18 May 2026 18:25:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53808
IP address blocks:        31.77.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 13:19:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:56:1f:24:7e:63:5c:51:f3:5a:1c:9b:2d:0e:4b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 18 18:25:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab70efaa497e9c7ddcbb6b7e1ec4a140ac86003d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:08:f3:9f:9d:05:6c:b5:2c:10:8f:7d:b7:5b:
                    66:41:88:de:0c:f1:d0:40:fc:da:e8:99:b5:67:63:
                    13:0e:a6:ea:4e:17:a6:ba:a5:6e:7a:1b:2a:d9:c3:
                    49:70:9f:42:9a:32:c3:b8:6f:c8:5a:b2:df:43:fd:
                    62:4a:14:67:2b:bc:b6:0b:b6:49:da:49:03:83:62:
                    48:7a:52:9b:f6:6e:36:bf:6f:fe:d7:1a:8d:f4:a2:
                    e8:68:9b:bb:9b:7e:f3:44:84:bc:40:48:cd:7a:f5:
                    b6:d8:ab:dd:a5:e0:13:5b:75:e4:5d:cb:63:36:ef:
                    56:a3:0d:82:4c:94:e9:e6:d3:a1:62:6e:1c:00:3e:
                    43:23:19:1b:1c:3a:be:7c:0f:93:4f:d9:31:68:3c:
                    af:20:fc:95:9b:f4:aa:95:04:b0:70:c3:5c:b9:1d:
                    3d:b6:c0:42:45:a6:3d:39:2a:65:ca:a3:cd:1d:3c:
                    85:75:7d:f2:5d:b2:7b:2b:6e:64:28:06:10:90:0c:
                    bd:be:fb:af:dd:6b:7b:68:39:87:57:63:e1:d1:85:
                    10:aa:d1:d8:72:f7:1f:0b:20:50:97:2a:41:b9:82:
                    57:db:a2:8d:5e:26:cd:b1:66:26:03:75:ac:d6:af:
                    26:1c:04:87:3b:7f:f2:b6:03:5c:62:85:77:ac:bb:
                    1b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:70:EF:AA:49:7E:9C:7D:DC:BB:6B:7E:1E:C4:A1:40:AC:86:00:3D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/q3Dvqkl-nH3cu2t-HsShQKyGAD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:7e:15:30:6e:75:d9:47:c4:22:5e:61:22:66:58:84:15:46:
         cb:42:18:14:b5:02:1a:13:1f:9f:a6:ec:a6:75:d2:8d:36:08:
         92:e8:66:e6:e9:1b:15:69:d7:49:39:0d:5e:30:ae:59:fb:c1:
         df:b7:ce:4a:dc:5d:3d:9b:a6:9a:22:25:27:bd:a3:c5:e7:ac:
         65:f9:de:3a:40:ea:d7:8a:32:9c:ca:19:96:b4:89:27:ef:fc:
         6a:f2:bf:91:49:91:e1:62:98:e2:8b:7e:87:c9:e1:7f:83:dd:
         1d:9e:29:a2:de:fb:08:4c:50:05:a2:dc:4f:4f:e6:2c:81:e4:
         6d:8f:74:dd:d7:14:bf:86:75:ca:fc:2e:7d:57:7c:fe:e4:c1:
         77:16:21:94:af:1f:9e:bf:a6:85:90:e9:da:7b:eb:7e:47:46:
         06:a6:cc:2f:fd:4f:ef:4a:f9:9c:d0:0e:06:95:a0:61:3e:8c:
         eb:5e:6a:ee:dc:68:49:8a:a1:f0:d5:d2:f4:b5:1a:34:c5:9a:
         72:74:4c:35:25:95:92:97:21:65:67:02:79:09:f3:f3:83:6b:
         76:02:21:12:31:80:28:ad:fb:f5:8a:32:35:19:d8:45:3f:6b:
         e3:d3:de:98:a9:06:f1:6e:04:d8:bf:bb:65:17:39:5a:b3:c9:
         c3:5b:72:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ48Vh8kfmNcUfNaHJstDktlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE4MTgyNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjcwZWZhYTQ5N2U5YzdkZGNiYjZiN2UxZWM0YTE0MGFjODYwMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowjzn50FbLUsEI99t1tmQYjeDPHQ
QPza6Jm1Z2MTDqbqThemuqVuehsq2cNJcJ9CmjLDuG/IWrLfQ/1iShRnK7y2C7ZJ
2kkDg2JIelKb9m42v2/+1xqN9KLoaJu7m37zRIS8QEjNevW22KvdpeATW3XkXctj
Nu9Wow2CTJTp5tOhYm4cAD5DIxkbHDq+fA+TT9kxaDyvIPyVm/SqlQSwcMNcuR09
tsBCRaY9OSplyqPNHTyFdX3yXbJ7K25kKAYQkAy9vvuv3Wt7aDmHV2Ph0YUQqtHY
cvcfCyBQlypBuYJX26KNXibNsWYmA3Ws1q8mHASHO3/ytgNcYoV3rLsbJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtw76pJfpx93Ltrfh7EoUCshgA9MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcTNEdnFrbC1uSDNjdTJ0LUhzU2hRS3lHQUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03wMA0G
CSqGSIb3DQEBCwUAA4IBAQATfhUwbnXZR8QiXmEiZliEFUbLQhgUtQIaEx+fpuym
ddKNNgiS6Gbm6RsVaddJOQ1eMK5Z+8Hft85K3F09m6aaIiUnvaPF56xl+d46QOrX
ijKcyhmWtIkn7/xq8r+RSZHhYpjii36HyeF/g90dnimi3vsITFAFotxPT+YsgeRt
j3Td1xS/hnXK/C59V3z+5MF3FiGUrx+ev6aFkOnae+t+R0YGpswv/U/vSvmc0A4G
laBhPozrXmru3GhJiqHw1dL0tRo0xZpydEw1JZWSlyFlZwJ5CfPzg2t2AiESMYAo
rfv1ijI1GdhFP2vj096YqQbxbgTYv7tlFzlas8nDW3LI
-----END CERTIFICATE-----