Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZZhcc1Ph1TGiVUYqI-MF8-xSP8.roa
File:                     vZZhcc1Ph1TGiVUYqI-MF8-xSP8.roa (raw, json)
Hash identifier:          BhqWWKwFSvuBu5HtlKYWYitW68nGzvQxw2JICF62zrc=
Subject key identifier:   BD:96:61:71:CD:4F:87:54:C6:89:55:18:A8:8F:8C:17:CF:B1:48:FF
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019ED16462ECB0FED721A41C595252B79BFA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZZhcc1Ph1TGiVUYqI-MF8-xSP8.roa
Signing time:             Tue 16 Jun 2026 17:04:37 +0000
ROA not before:           Tue 16 Jun 2026 17:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201106
IP address blocks:        31.76.200.0/22 maxlen: 24
                          31.76.216.0/22 maxlen: 24
                          77.239.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:64:62:ec:b0:fe:d7:21:a4:1c:59:52:52:b7:9b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 16 17:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd966171cd4f8754c6895518a88f8c17cfb148ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f1:46:9a:16:88:57:a1:78:5e:75:b1:f4:d1:
                    20:bb:87:ed:2a:ad:24:7c:42:ee:2a:0a:a2:90:51:
                    5a:0b:ce:50:df:e7:23:b8:01:76:b8:a2:64:c0:95:
                    b6:a6:71:81:7c:29:a1:5a:ef:38:3d:36:65:ba:ed:
                    f5:19:38:e2:bd:7a:6f:a1:e2:77:c6:f7:ab:30:f2:
                    89:32:5f:3d:dc:33:ef:7a:80:56:7b:b1:16:0f:2d:
                    ce:9b:50:45:f1:87:81:a8:91:4a:40:94:88:40:5f:
                    ef:74:ba:9f:d6:05:99:b5:ee:ed:33:a8:76:d3:1f:
                    9b:a0:e6:e0:d6:bd:81:dd:de:10:c6:6d:5e:0e:52:
                    df:7f:66:01:4f:04:9e:e1:99:a6:88:9b:ee:11:59:
                    2e:65:da:8a:ee:22:38:ea:8a:1b:a0:58:37:b2:31:
                    6e:62:c2:56:c2:a6:53:e3:46:a6:e3:43:f0:cd:4c:
                    78:fb:b0:9e:9b:34:bc:7b:ae:6c:d5:a4:16:fb:55:
                    76:58:4a:f0:35:57:e0:7e:46:94:89:01:3c:50:12:
                    57:96:f1:b3:2e:38:97:de:3f:0b:05:3e:bb:54:51:
                    50:27:4c:0d:29:c0:08:3c:b8:3b:d5:69:87:4e:42:
                    f5:8d:9d:dc:55:2b:76:20:7b:e6:76:99:61:59:cf:
                    9d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:96:61:71:CD:4F:87:54:C6:89:55:18:A8:8F:8C:17:CF:B1:48:FF
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZZhcc1Ph1TGiVUYqI-MF8-xSP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.76.200.0/22
                  31.76.216.0/22
                  77.239.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:6a:a7:99:84:62:ac:95:d1:6a:94:a8:ff:33:7b:a9:6e:d4:
         dc:4b:25:b5:6f:2e:64:d8:24:5c:41:b0:b0:56:c3:3a:ba:e9:
         c0:b3:2f:5c:91:8f:4f:1f:e5:2b:a0:c6:10:f6:dc:26:3e:67:
         b0:fb:ad:93:51:80:bb:6d:97:a4:2c:40:2e:b8:68:e7:cd:44:
         c8:93:2d:65:ed:6f:6c:9a:76:8f:28:65:b0:0d:79:39:27:c0:
         08:dd:3b:70:f2:48:5b:66:af:51:b8:82:da:b3:3b:84:a9:b3:
         2e:05:eb:85:d8:bb:d1:43:18:d9:4f:9a:17:81:ec:b0:a2:41:
         b2:41:b0:85:ca:f1:92:ca:01:83:fd:b7:ac:80:e8:23:a6:11:
         e9:ca:9d:1b:95:79:9f:6e:82:35:07:57:03:53:2c:ac:e5:49:
         00:17:af:f0:79:50:87:e2:cd:c0:ae:8b:b8:f8:7b:b0:76:18:
         bb:84:81:8e:4a:51:e7:db:95:c7:19:4f:d9:ec:c1:c1:87:b5:
         27:01:d8:82:7a:3c:e2:1f:b4:40:80:fa:40:33:06:3a:ad:93:
         61:f8:f8:67:60:c1:98:f1:62:71:3a:5f:56:8a:43:a2:2f:65:
         70:79:74:06:f5:9e:4b:ee:7c:d3:92:da:0c:cc:d1:10:42:5d:
         2e:f7:61:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7RZGLssP7XIaQcWVJSt5v6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE2MTcwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDk2NjE3MWNkNGY4NzU0YzY4OTU1MThhODhmOGMxN2NmYjE0OGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfFGmhaIV6F4XnWx9NEgu4ftKq0k
fELuKgqikFFaC85Q3+cjuAF2uKJkwJW2pnGBfCmhWu84PTZluu31GTjivXpvoeJ3
xverMPKJMl893DPveoBWe7EWDy3Om1BF8YeBqJFKQJSIQF/vdLqf1gWZte7tM6h2
0x+boObg1r2B3d4Qxm1eDlLff2YBTwSe4ZmmiJvuEVkuZdqK7iI46ooboFg3sjFu
YsJWwqZT40am40PwzUx4+7CemzS8e65s1aQW+1V2WErwNVfgfkaUiQE8UBJXlvGz
LjiX3j8LBT67VFFQJ0wNKcAIPLg71WmHTkL1jZ3cVSt2IHvmdplhWc+dfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL2WYXHNT4dUxolVGKiPjBfPsUj/MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdlpaaGNjMVBoMVRHaVZVWXFJLU1GOC14U1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCH0zIAwQC
H0zYAwQCTe90MA0GCSqGSIb3DQEBCwUAA4IBAQCuaqeZhGKsldFqlKj/M3upbtTc
SyW1by5k2CRcQbCwVsM6uunAsy9ckY9PH+UroMYQ9twmPmew+62TUYC7bZekLEAu
uGjnzUTIky1l7W9smnaPKGWwDXk5J8AI3Ttw8khbZq9RuILaszuEqbMuBeuF2LvR
QxjZT5oXgeywokGyQbCFyvGSygGD/besgOgjphHpyp0blXmfboI1B1cDUyys5UkA
F6/weVCH4s3Arou4+Huwdhi7hIGOSlHn25XHGU/Z7MHBh7UnAdiCejziH7RAgPpA
MwY6rZNh+PhnYMGY8WJxOl9WikOiL2VweXQG9Z5L7nzTktoMzNEQQl0u92Eq
-----END CERTIFICATE-----