Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sszx517ieMMtAlaqzEIra8UsKwA.roa
File:                     sszx517ieMMtAlaqzEIra8UsKwA.roa (raw, json)
Hash identifier:          tYryWN+ESLm6LcRNUfoq9Gyj/FjAyh9WJ2JtuyxQN4Y=
Subject key identifier:   B2:CC:F1:E7:5E:E2:78:C3:2D:02:56:AA:CC:42:2B:6B:C5:2C:2B:00
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DDF5A99CD31306122713617EEEAFE9B7A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sszx517ieMMtAlaqzEIra8UsKwA.roa
Signing time:             Thu 30 Apr 2026 17:05:49 +0000
ROA not before:           Thu 30 Apr 2026 17:05:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214962
IP address blocks:        31.77.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:5a:99:cd:31:30:61:22:71:36:17:ee:ea:fe:9b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 30 17:05:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2ccf1e75ee278c32d0256aacc422b6bc52c2b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:fd:8a:3c:31:50:a5:cc:b4:82:0c:33:b1:
                    e0:e9:d8:37:2e:da:74:7c:f9:41:93:4e:72:b0:75:
                    5f:c5:65:5d:45:96:4d:62:d5:1d:6b:8e:ce:96:a8:
                    ef:f6:59:0f:a8:a0:06:f8:a4:fe:f6:d6:cc:78:bf:
                    3e:bf:f3:e8:9c:64:74:8a:d8:32:fb:00:58:46:f2:
                    5c:91:bd:c0:40:e1:64:88:66:a7:7d:ef:eb:43:9b:
                    b5:45:25:d7:59:a6:40:68:94:ae:2b:03:cd:f5:fb:
                    e6:82:64:3e:6d:5f:ba:9a:4c:70:c9:71:a6:8c:41:
                    84:53:b9:45:7c:e0:30:6d:d7:47:58:c1:9a:01:67:
                    34:75:63:08:6a:de:a3:73:61:27:07:a5:5b:3c:0f:
                    be:9d:00:c4:bd:a4:06:53:99:5e:f4:bc:0f:4e:9b:
                    63:74:6f:ea:c3:6a:17:e4:31:1a:6c:a3:b8:3f:ff:
                    67:09:a6:8d:30:ee:0c:e3:95:1c:fa:f7:a4:6d:2c:
                    16:79:2d:d3:74:c2:17:5b:d2:4c:51:15:38:03:79:
                    26:20:8b:a6:d6:7c:da:b1:40:ab:2d:49:3c:15:cd:
                    29:37:52:2d:45:2a:81:a7:b1:12:54:20:4d:2d:6b:
                    04:03:b8:1e:44:40:00:e6:a2:de:4d:ed:8a:77:2c:
                    8c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CC:F1:E7:5E:E2:78:C3:2D:02:56:AA:CC:42:2B:6B:C5:2C:2B:00
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sszx517ieMMtAlaqzEIra8UsKwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0f:65:1c:1f:89:78:e6:ef:2d:07:9f:bd:5d:f8:74:d4:91:
         7a:74:c1:68:11:45:6c:01:a2:73:46:d8:71:de:f9:39:1f:b7:
         e6:6e:7f:97:11:55:ff:17:84:24:a7:f6:94:54:67:45:e5:9a:
         db:41:57:77:fc:e2:6d:1f:a2:3e:17:a9:53:cd:3d:d2:45:d9:
         75:26:1d:a8:2c:9b:3d:b5:0b:9b:f0:3f:e2:14:6f:a4:7c:d8:
         14:55:a7:6d:b2:7a:a6:fd:ad:8f:09:7a:b8:6c:65:2c:96:a8:
         93:b6:bb:41:ac:14:6d:3d:08:b5:7e:e5:b6:f7:4d:7b:10:e4:
         73:7f:55:b3:b8:ba:3b:1c:6d:7b:f7:5f:24:e4:d2:34:25:a0:
         08:c8:74:bc:a0:85:af:13:1c:50:e9:40:84:68:15:6d:55:64:
         ad:e1:95:23:fb:00:c5:bb:d7:56:a3:bd:58:39:7d:ea:63:50:
         66:70:8d:5a:07:17:be:39:27:51:b6:5a:3d:96:58:4d:15:16:
         7a:9f:0c:1b:e7:f9:79:cb:a6:12:52:5b:6b:6a:e1:1d:1b:08:
         e2:14:62:a7:88:2b:18:be:30:72:f7:7b:76:fb:b5:1d:f4:5a:
         a4:4e:53:65:a6:95:3d:c5:76:d6:a7:55:1a:36:cf:be:42:9c:
         cf:e9:17:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fWpnNMTBhInE2F+7q/pt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDMwMTcwNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNjZjFlNzVlZTI3OGMzMmQwMjU2YWFjYzQyMmI2YmM1MmMyYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn79ijwxUKXMtIIMM7Hg6dg3Ltp0
fPlBk05ysHVfxWVdRZZNYtUda47Olqjv9lkPqKAG+KT+9tbMeL8+v/PonGR0itgy
+wBYRvJckb3AQOFkiGanfe/rQ5u1RSXXWaZAaJSuKwPN9fvmgmQ+bV+6mkxwyXGm
jEGEU7lFfOAwbddHWMGaAWc0dWMIat6jc2EnB6VbPA++nQDEvaQGU5le9LwPTptj
dG/qw2oX5DEabKO4P/9nCaaNMO4M45Uc+vekbSwWeS3TdMIXW9JMURU4A3kmIIum
1nzasUCrLUk8Fc0pN1ItRSqBp7ESVCBNLWsEA7geREAA5qLeTe2KdyyM0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLM8ede4njDLQJWqsxCK2vFLCsAMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvc3N6eDUxN2llTU10QWxhcXpFSXJhOFVzS3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03hMA0G
CSqGSIb3DQEBCwUAA4IBAQAXD2UcH4l45u8tB5+9Xfh01JF6dMFoEUVsAaJzRthx
3vk5H7fmbn+XEVX/F4Qkp/aUVGdF5ZrbQVd3/OJtH6I+F6lTzT3SRdl1Jh2oLJs9
tQub8D/iFG+kfNgUVadtsnqm/a2PCXq4bGUslqiTtrtBrBRtPQi1fuW29017EORz
f1WzuLo7HG17918k5NI0JaAIyHS8oIWvExxQ6UCEaBVtVWSt4ZUj+wDFu9dWo71Y
OX3qY1BmcI1aBxe+OSdRtlo9llhNFRZ6nwwb5/l5y6YSUltrauEdGwjiFGKniCsY
vjBy93t2+7Ud9FqkTlNlppU9xXbWp1UaNs++QpzP6Rfy
-----END CERTIFICATE-----