Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xetMxcwSiDyqXZZAw8C354Zzu6I.roa
File:                     xetMxcwSiDyqXZZAw8C354Zzu6I.roa (raw, json)
Hash identifier:          bj8bpv21kw64afEUa4pJXVysEAC8oEDyzQd7I8hq94g=
Subject key identifier:   C5:EB:4C:C5:CC:12:88:3C:AA:5D:96:40:C3:C0:B7:E7:86:73:BB:A2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E8E44730D183EEE8F2E5EC2CD59AAC486
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xetMxcwSiDyqXZZAw8C354Zzu6I.roa
Signing time:             Wed 03 Jun 2026 16:15:11 +0000
ROA not before:           Wed 03 Jun 2026 16:15:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35179
IP address blocks:        31.77.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:44:73:0d:18:3e:ee:8f:2e:5e:c2:cd:59:aa:c4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  3 16:15:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5eb4cc5cc12883caa5d9640c3c0b7e78673bba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a9:27:21:aa:8e:19:67:89:7d:ef:40:9a:ac:
                    22:51:6c:2d:22:99:2c:91:28:9c:44:1a:87:27:3f:
                    47:3f:e5:1b:19:5e:c7:8a:1b:54:cf:c8:1f:a5:7f:
                    db:ad:dc:09:90:15:3b:1e:ea:a6:37:5a:a3:aa:9a:
                    66:44:dd:27:3f:6f:39:c9:12:98:81:dc:a6:eb:71:
                    81:8c:5f:e4:f6:7f:d3:0b:1f:e3:71:d9:bc:f1:a9:
                    12:6a:ae:0b:93:63:0d:7a:d6:26:02:07:24:de:02:
                    af:c2:e9:b4:ba:08:48:5e:a0:2c:2d:40:95:47:fd:
                    ca:8d:28:bd:b3:f7:eb:3c:89:fe:26:82:3d:be:77:
                    c1:de:1a:3c:85:27:a2:09:c1:7c:e8:cd:14:c4:68:
                    c2:cc:3f:e5:75:bb:fc:80:b2:c9:03:25:13:b7:bc:
                    65:0b:8c:48:0c:6f:b5:e8:50:ac:96:71:5e:3d:6e:
                    de:e9:33:f2:6c:05:56:65:54:da:a0:90:d1:11:bb:
                    da:07:7c:ba:42:e5:c9:83:d5:c7:d0:f7:a7:d2:df:
                    19:62:e3:d9:d7:33:0d:98:63:28:08:c6:78:19:07:
                    9f:e9:41:2f:d2:ae:44:9e:34:e3:07:b8:9f:16:40:
                    60:a2:3f:0f:7d:f1:98:90:a0:e3:66:15:6a:71:a8:
                    bd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EB:4C:C5:CC:12:88:3C:AA:5D:96:40:C3:C0:B7:E7:86:73:BB:A2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xetMxcwSiDyqXZZAw8C354Zzu6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:3b:df:eb:5a:76:a7:06:b6:7d:75:15:41:68:4b:65:0e:98:
         e4:e8:bd:f2:6f:82:c5:f0:af:e3:3d:85:ef:e9:5f:9a:51:2d:
         3c:be:1f:44:ce:45:ef:94:4e:d5:d6:29:eb:33:6d:d1:42:bf:
         2b:52:df:1d:f7:66:4c:c5:28:0b:28:10:da:e3:d6:a5:03:e1:
         31:46:37:02:65:32:fd:ca:48:f9:dd:f6:e6:4c:df:b5:40:ba:
         b7:46:e9:e8:5e:12:94:0a:db:67:c5:3c:64:7f:8c:6e:ed:29:
         26:7b:51:23:ce:84:60:3b:2c:5b:7c:54:b9:8d:c3:f5:37:e7:
         87:e7:7d:c6:7c:af:d9:ca:89:70:c0:37:c5:d4:d9:af:33:39:
         d0:8e:0d:54:d1:81:2e:9b:38:a0:dd:5d:7a:81:6d:31:70:dc:
         0a:ac:dc:0c:d0:35:81:cc:7f:59:9f:74:ce:45:4c:99:31:09:
         cd:c9:1f:3b:34:e4:31:94:51:77:ac:28:42:17:00:c1:ca:a2:
         a3:2c:d6:a5:0d:c3:03:30:14:7d:f9:94:a5:ea:d0:76:ee:2d:
         30:00:b9:47:04:fa:54:e0:3d:a4:35:0d:ed:32:90:ab:bd:c1:
         2e:da:c6:62:a3:54:c1:05:ac:ea:a7:8c:87:b6:96:99:1c:cb:
         0d:81:f2:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ORHMNGD7ujy5ews1ZqsSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjAzMTYxNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWViNGNjNWNjMTI4ODNjYWE1ZDk2NDBjM2MwYjdlNzg2NzNiYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaknIaqOGWeJfe9AmqwiUWwtIpks
kSicRBqHJz9HP+UbGV7HihtUz8gfpX/brdwJkBU7HuqmN1qjqppmRN0nP285yRKY
gdym63GBjF/k9n/TCx/jcdm88akSaq4Lk2MNetYmAgck3gKvwum0ughIXqAsLUCV
R/3KjSi9s/frPIn+JoI9vnfB3ho8hSeiCcF86M0UxGjCzD/ldbv8gLLJAyUTt7xl
C4xIDG+16FCslnFePW7e6TPybAVWZVTaoJDREbvaB3y6QuXJg9XH0Pen0t8ZYuPZ
1zMNmGMoCMZ4GQef6UEv0q5EnjTjB7ifFkBgoj8PffGYkKDjZhVqcai93QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXrTMXMEog8ql2WQMPAt+eGc7uiMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveGV0TXhjd1NpRHlxWFpaQXc4QzM1NFp6dTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH018MA0G
CSqGSIb3DQEBCwUAA4IBAQBBO9/rWnanBrZ9dRVBaEtlDpjk6L3yb4LF8K/jPYXv
6V+aUS08vh9EzkXvlE7V1inrM23RQr8rUt8d92ZMxSgLKBDa49alA+ExRjcCZTL9
ykj53fbmTN+1QLq3RunoXhKUCttnxTxkf4xu7Skme1EjzoRgOyxbfFS5jcP1N+eH
533GfK/ZyolwwDfF1NmvMznQjg1U0YEumzig3V16gW0xcNwKrNwM0DWBzH9Zn3TO
RUyZMQnNyR87NOQxlFF3rChCFwDByqKjLNalDcMDMBR9+ZSl6tB27i0wALlHBPpU
4D2kNQ3tMpCrvcEu2sZio1TBBazqp4yHtpaZHMsNgfIk
-----END CERTIFICATE-----