Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rglZmNbKGcO16BoELyXl-pDxWR0.roa
File:                     rglZmNbKGcO16BoELyXl-pDxWR0.roa (raw, json)
Hash identifier:          sZfLWnxYQXgZ5Ti53G8HuqlO6CB+RONjZLjjdYj+pl4=
Subject key identifier:   AE:09:59:98:D6:CA:19:C3:B5:E8:1A:04:2F:25:E5:FA:90:F1:59:1D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DC0C7F7C1079C968D7A72F1CBB3ECBBEC
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rglZmNbKGcO16BoELyXl-pDxWR0.roa
Signing time:             Fri 24 Apr 2026 18:37:03 +0000
ROA not before:           Fri 24 Apr 2026 18:37:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198661
IP address blocks:        31.76.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c0:c7:f7:c1:07:9c:96:8d:7a:72:f1:cb:b3:ec:bb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 24 18:37:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae095998d6ca19c3b5e81a042f25e5fa90f1591d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:01:4e:09:6c:d8:6b:b3:74:93:5a:e8:ff:85:
                    c0:24:7e:23:7e:b8:32:e4:b9:41:33:4c:c1:34:2f:
                    a4:3c:81:c2:b0:af:b4:e9:35:3a:ae:f5:ee:d4:04:
                    a1:37:d3:8e:21:a4:93:1f:78:a9:85:09:c9:02:db:
                    fc:fb:81:46:07:96:e9:16:b0:e4:20:b1:d1:e7:c3:
                    da:df:fe:b4:fd:71:16:ef:0e:e0:ce:05:50:62:a0:
                    e2:29:21:a0:0e:58:a9:ee:cb:20:d7:34:bc:56:39:
                    bb:86:fa:20:e4:ba:a3:a4:81:8f:c0:4e:ea:c5:e8:
                    c0:23:a3:6f:4d:01:05:7d:11:0e:f2:16:07:13:9c:
                    a6:3f:e3:1d:76:43:0a:4c:3e:d5:52:87:44:a7:b1:
                    3b:20:09:6b:5a:b3:4a:3b:89:96:a5:ec:26:ee:9e:
                    2f:36:27:d0:ee:d8:7f:ab:a9:9b:89:0d:c1:07:d1:
                    ad:0e:32:1e:75:6e:12:f4:29:72:46:77:36:30:db:
                    de:3b:90:7f:27:e3:26:d3:31:93:de:b5:15:9f:01:
                    d6:9f:38:e2:cd:d3:00:f0:2c:11:60:67:77:9e:5a:
                    1f:a1:29:c8:0b:4f:d1:ba:4d:09:ad:99:fb:58:57:
                    0e:29:45:59:a8:ff:8b:bc:a2:f7:4c:ee:38:22:44:
                    42:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:09:59:98:D6:CA:19:C3:B5:E8:1A:04:2F:25:E5:FA:90:F1:59:1D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/rglZmNbKGcO16BoELyXl-pDxWR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.76.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:47:f9:ae:7d:74:ee:fe:3a:d6:32:f6:56:cd:ed:23:fd:72:
         8f:83:0a:09:e7:48:cd:85:67:ff:4a:86:8f:a1:57:3b:61:e7:
         e6:86:39:9d:ca:aa:87:9a:c7:52:f4:54:ea:f5:a9:69:fd:37:
         e2:48:f5:4e:14:4a:d6:00:84:2c:73:68:0e:b5:f7:7a:7c:cb:
         18:f3:b6:a5:54:89:43:dc:ef:46:f3:f5:da:d5:9e:e4:74:ad:
         7f:8c:db:43:46:02:e0:7f:12:1e:5c:4c:b7:a7:5c:ae:72:e1:
         6c:78:de:90:16:45:17:37:d8:e4:e4:1c:ef:49:92:bb:ad:c7:
         f4:72:48:01:ed:bb:64:c6:77:dc:31:65:07:4f:55:d2:de:52:
         34:94:d5:4d:7d:2c:bc:f7:30:a1:c5:89:51:ea:61:36:59:5e:
         96:cc:36:b9:54:f4:26:ce:b9:a9:12:af:c8:2b:d0:a9:c1:10:
         77:61:60:19:84:d6:e9:39:00:5e:d9:47:79:ce:72:3b:3a:8c:
         1b:f5:52:85:62:c5:44:c0:f1:32:2a:f2:20:0b:d4:43:fa:e4:
         36:ab:93:3f:09:d1:d3:b1:6a:b8:83:cb:52:a2:2e:90:8c:08:
         6b:fc:23:81:b8:39:40:45:0f:47:e4:d7:71:0b:a0:96:54:fa:
         a5:a9:5d:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Ax/fBB5yWjXpy8cuz7LvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI0MTgzNzAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA5NTk5OGQ2Y2ExOWMzYjVlODFhMDQyZjI1ZTVmYTkwZjE1OTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQFOCWzYa7N0k1ro/4XAJH4jfrgy
5LlBM0zBNC+kPIHCsK+06TU6rvXu1AShN9OOIaSTH3iphQnJAtv8+4FGB5bpFrDk
ILHR58Pa3/60/XEW7w7gzgVQYqDiKSGgDlip7ssg1zS8Vjm7hvog5LqjpIGPwE7q
xejAI6NvTQEFfREO8hYHE5ymP+MddkMKTD7VUodEp7E7IAlrWrNKO4mWpewm7p4v
NifQ7th/q6mbiQ3BB9GtDjIedW4S9ClyRnc2MNveO5B/J+Mm0zGT3rUVnwHWnzji
zdMA8CwRYGd3nlofoSnIC0/Ruk0JrZn7WFcOKUVZqP+LvKL3TO44IkRCWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4JWZjWyhnDtegaBC8l5fqQ8VkdMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcmdsWm1OYktHY08xNkJvRUx5WGwtcER4V1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH0z/MA0G
CSqGSIb3DQEBCwUAA4IBAQCeR/mufXTu/jrWMvZWze0j/XKPgwoJ50jNhWf/SoaP
oVc7YefmhjmdyqqHmsdS9FTq9alp/TfiSPVOFErWAIQsc2gOtfd6fMsY87alVIlD
3O9G8/Xa1Z7kdK1/jNtDRgLgfxIeXEy3p1yucuFseN6QFkUXN9jk5BzvSZK7rcf0
ckgB7btkxnfcMWUHT1XS3lI0lNVNfSy89zChxYlR6mE2WV6WzDa5VPQmzrmpEq/I
K9CpwRB3YWAZhNbpOQBe2Ud5znI7Oowb9VKFYsVEwPEyKvIgC9RD+uQ2q5M/CdHT
sWq4g8tSoi6QjAhr/COBuDlARQ9H5NdxC6CWVPqlqV1T
-----END CERTIFICATE-----