Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rYKdN_G7DDOOdsxf2KcnTAKI9dE.roa
File:                     rYKdN_G7DDOOdsxf2KcnTAKI9dE.roa (raw, json)
Hash identifier:          Gh0LJFa7HrgU8TMxCWeCnAOx45yoQeyPkHDW/poPow0=
Subject key identifier:   AD:82:9D:37:F1:BB:0C:33:8E:76:CC:5F:D8:A7:27:4C:02:88:F5:D1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019F1F16526B9D31CFEA30195D1A3099F765
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rYKdN_G7DDOOdsxf2KcnTAKI9dE.roa
Signing time:             Wed 01 Jul 2026 19:09:44 +0000
ROA not before:           Wed 01 Jul 2026 19:09:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        13.143.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:1f:16:52:6b:9d:31:cf:ea:30:19:5d:1a:30:99:f7:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  1 19:09:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad829d37f1bb0c338e76cc5fd8a7274c0288f5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:16:1b:ab:31:75:c7:cb:2a:24:53:d4:c6:9d:
                    33:7b:db:51:70:64:14:c2:d7:49:fc:ab:80:ae:ba:
                    70:36:1f:5f:85:5e:cc:89:c7:39:52:ce:bd:cb:ac:
                    55:77:1d:8e:8c:1a:ba:e3:62:d2:14:0b:d3:4a:df:
                    b4:0f:79:0f:96:6f:a4:2b:07:bf:95:ab:06:32:5f:
                    48:a9:e1:be:cb:79:d3:43:6a:a5:47:64:07:da:af:
                    54:5f:27:0a:d1:5d:c0:02:e2:81:18:3a:c6:9e:ac:
                    c2:e2:d3:a5:df:cc:63:f4:fb:c1:97:44:56:b6:cb:
                    d7:75:fa:8b:a1:1f:40:28:36:23:bb:d5:e1:03:ff:
                    30:b2:9d:53:50:7b:fa:06:04:2f:cc:6e:ce:52:b0:
                    71:d0:46:35:dd:70:ca:9a:b9:f9:cb:60:a0:28:90:
                    b5:73:0b:5d:80:78:c3:d4:7a:f4:cb:be:f3:d1:fa:
                    14:ab:9b:3b:35:ec:e4:53:de:05:7a:7d:9d:fb:03:
                    39:80:05:99:6b:fd:7d:5d:ea:01:9f:79:16:46:36:
                    65:7c:65:d5:ac:d2:06:e5:84:30:dd:c3:40:85:91:
                    47:36:b3:a9:a2:84:f8:f1:eb:f8:cf:59:b4:fb:e0:
                    37:45:1d:41:30:27:2e:11:46:c5:13:b8:7c:fa:de:
                    bc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:82:9D:37:F1:BB:0C:33:8E:76:CC:5F:D8:A7:27:4C:02:88:F5:D1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rYKdN_G7DDOOdsxf2KcnTAKI9dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.143.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:58:1e:22:89:92:b7:18:af:3b:d9:ec:d1:9b:5f:4c:19:80:
         70:c7:ef:37:d1:e7:b9:58:50:35:39:42:97:cd:45:59:07:d8:
         b3:67:19:90:3b:b6:4b:ef:26:a7:24:c4:a2:f1:0f:c8:67:e8:
         98:c5:a5:60:61:75:5b:43:f4:3a:d5:a2:0b:92:96:c3:01:97:
         1f:dd:3c:6e:7c:6f:9b:35:58:e6:76:70:b0:c4:9d:cc:91:59:
         9b:40:8d:9d:c0:8e:64:79:b5:0d:4e:2f:ee:36:f5:7e:7a:cd:
         ee:89:ca:42:12:75:28:9d:14:c5:02:70:60:82:2d:26:02:94:
         8e:69:ca:5a:2d:25:5e:d2:ba:e2:bf:8b:6f:2e:d9:55:66:a6:
         02:5d:68:84:37:a5:a7:6c:2c:28:3d:00:4d:3c:19:13:be:7c:
         5f:6c:06:6b:f0:8f:07:0c:af:18:a3:83:8e:e6:2c:e2:6f:ef:
         e2:8d:1f:5f:a2:95:f2:d6:d4:31:60:67:45:e6:8e:1c:40:86:
         59:eb:55:5d:e3:66:23:f8:ac:4d:f8:b3:22:86:0f:53:72:e8:
         eb:0a:0a:1d:77:fb:b0:26:6b:4a:e1:b4:7f:7c:f0:bd:9f:ec:
         bc:33:08:4d:82:c5:c9:49:16:15:6f:d0:61:0e:6a:81:d8:83:
         fd:96:94:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8fFlJrnTHP6jAZXRowmfdlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNzAxMTkwOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDgyOWQzN2YxYmIwYzMzOGU3NmNjNWZkOGE3Mjc0YzAyODhmNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRYbqzF1x8sqJFPUxp0ze9tRcGQU
wtdJ/KuArrpwNh9fhV7Micc5Us69y6xVdx2OjBq642LSFAvTSt+0D3kPlm+kKwe/
lasGMl9IqeG+y3nTQ2qlR2QH2q9UXycK0V3AAuKBGDrGnqzC4tOl38xj9PvBl0RW
tsvXdfqLoR9AKDYju9XhA/8wsp1TUHv6BgQvzG7OUrBx0EY13XDKmrn5y2CgKJC1
cwtdgHjD1Hr0y77z0foUq5s7NezkU94Fen2d+wM5gAWZa/19XeoBn3kWRjZlfGXV
rNIG5YQw3cNAhZFHNrOpooT48ev4z1m0++A3RR1BMCcuEUbFE7h8+t681wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2CnTfxuwwzjnbMX9inJ0wCiPXRMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcllLZE5fRzdERE9PZHN4ZjJLY25UQUtJOWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADY/TMA0G
CSqGSIb3DQEBCwUAA4IBAQCcWB4iiZK3GK872ezRm19MGYBwx+830ee5WFA1OUKX
zUVZB9izZxmQO7ZL7yanJMSi8Q/IZ+iYxaVgYXVbQ/Q61aILkpbDAZcf3TxufG+b
NVjmdnCwxJ3MkVmbQI2dwI5kebUNTi/uNvV+es3uicpCEnUonRTFAnBggi0mApSO
acpaLSVe0rriv4tvLtlVZqYCXWiEN6WnbCwoPQBNPBkTvnxfbAZr8I8HDK8Yo4OO
5izib+/ijR9fopXy1tQxYGdF5o4cQIZZ61Vd42Yj+KxN+LMihg9TcujrCgodd/uw
JmtK4bR/fPC9n+y8MwhNgsXJSRYVb9BhDmqB2IP9lpRm
-----END CERTIFICATE-----
Generated at Sat Jul 4 13:26:08 2026 by rpki-client