Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ygYO-ptr8IiQilxiUSe0hIDJnDA.roa
File:                     ygYO-ptr8IiQilxiUSe0hIDJnDA.roa (raw, json)
Hash identifier:          nF9ofSGylW5foMOvu9MCCJKMHhysCcx5gMz/SKG1/BI=
Subject key identifier:   CA:06:0E:FA:9B:6B:F0:88:90:8A:5C:62:51:27:B4:84:80:C9:9C:30
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E510A1D9767A8DAECEBC9DDCD41A3B6FF
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ygYO-ptr8IiQilxiUSe0hIDJnDA.roa
Signing time:             Fri 22 May 2026 18:54:37 +0000
ROA not before:           Fri 22 May 2026 18:54:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214987
IP address blocks:        31.77.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:51:0a:1d:97:67:a8:da:ec:eb:c9:dd:cd:41:a3:b6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 22 18:54:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca060efa9b6bf088908a5c625127b48480c99c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7b:11:81:9b:7b:d7:89:65:2d:a0:b7:dc:56:
                    ec:f2:22:91:eb:e0:e0:47:70:cb:db:54:cd:5d:3f:
                    ad:f2:a0:28:eb:7a:b0:a5:b5:b2:45:f1:f9:85:f5:
                    f3:5c:e5:f7:97:d7:3c:f6:1c:7c:e5:aa:3c:b3:04:
                    d5:a2:90:87:e5:bc:60:a1:cc:ef:d7:98:87:98:95:
                    c0:4b:fa:c9:eb:e2:04:df:12:cd:5f:7f:19:8e:e0:
                    c2:d3:f5:ec:6c:5e:09:03:e4:79:51:e8:5e:d5:98:
                    c1:60:28:3f:8e:56:89:ec:9a:84:ba:c3:62:8b:9c:
                    64:68:b1:85:e8:d7:23:c5:c3:bc:42:85:3b:e0:e7:
                    8b:75:c4:1c:7e:43:73:f8:ea:7f:f1:97:3c:3e:b4:
                    aa:b1:83:d5:77:d7:a5:e0:06:b0:b9:1d:55:16:c7:
                    ee:e2:d3:55:a0:f4:c7:3e:ce:05:99:b5:05:21:50:
                    8d:53:f6:b3:8e:84:8c:6d:c2:9b:0c:d5:55:53:01:
                    2f:ed:1a:12:37:ab:d1:30:b9:ba:18:5a:7e:22:09:
                    ba:94:3b:9a:e1:85:0c:d9:85:66:85:a3:a3:82:67:
                    03:c1:b6:2f:03:77:4f:9e:b7:ec:7e:37:d9:83:7d:
                    82:cf:14:1b:61:39:a2:90:d8:5f:4c:4b:1b:40:9d:
                    bd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:06:0E:FA:9B:6B:F0:88:90:8A:5C:62:51:27:B4:84:80:C9:9C:30
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ygYO-ptr8IiQilxiUSe0hIDJnDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:3e:c9:3c:a3:8b:2f:77:3c:2b:48:64:d7:94:79:67:12:10:
         0d:de:0b:b8:1a:32:92:1f:7c:61:34:b5:23:ce:18:f9:17:58:
         43:50:65:a6:f5:68:9c:4f:2f:85:2c:4a:7d:98:ed:d1:19:45:
         8f:e0:4c:1e:23:33:41:ea:64:4d:c8:fa:34:e4:b2:50:88:27:
         aa:0e:40:c7:62:02:4b:1e:d6:b5:21:54:f2:ca:45:7b:43:84:
         c4:b5:bf:7a:cf:7c:82:b6:ac:1d:45:51:da:45:51:9a:8c:cf:
         fd:11:f0:1f:43:f0:2d:ab:e8:b9:dc:cf:78:d9:86:6e:71:cb:
         a4:23:a4:ef:f3:8d:6f:d3:bc:92:b0:f1:11:87:2a:21:4c:4f:
         d8:a2:c4:35:92:08:51:b5:c0:fd:9c:a8:68:44:d1:22:67:8f:
         8c:03:5f:97:bf:1b:f8:a6:24:39:64:89:93:0e:b7:a6:01:c7:
         79:18:d6:44:66:39:ac:a9:e4:9b:e0:bb:60:77:8c:92:a3:22:
         4c:1d:35:3f:d7:4e:4c:a5:c0:98:92:6e:eb:f8:6f:66:cb:69:
         55:84:1c:6b:07:a9:c0:3e:0f:20:b4:5c:9e:ed:f9:c1:9a:57:
         41:22:73:28:7b:2c:89:c6:16:78:ae:b8:a3:58:7f:63:3e:16:
         07:27:03:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5RCh2XZ6ja7OvJ3c1Bo7b/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIyMTg1NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA2MGVmYTliNmJmMDg4OTA4YTVjNjI1MTI3YjQ4NDgwYzk5YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHsRgZt714llLaC33Fbs8iKR6+Dg
R3DL21TNXT+t8qAo63qwpbWyRfH5hfXzXOX3l9c89hx85ao8swTVopCH5bxgoczv
15iHmJXAS/rJ6+IE3xLNX38ZjuDC0/XsbF4JA+R5Uehe1ZjBYCg/jlaJ7JqEusNi
i5xkaLGF6NcjxcO8QoU74OeLdcQcfkNz+Op/8Zc8PrSqsYPVd9el4AawuR1VFsfu
4tNVoPTHPs4FmbUFIVCNU/azjoSMbcKbDNVVUwEv7RoSN6vRMLm6GFp+Igm6lDua
4YUM2YVmhaOjgmcDwbYvA3dPnrfsfjfZg32CzxQbYTmikNhfTEsbQJ298wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoGDvqba/CIkIpcYlEntISAyZwwMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveWdZTy1wdHI4SWlRaWx4aVVTZTBoSURKbkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH032MA0G
CSqGSIb3DQEBCwUAA4IBAQBiPsk8o4svdzwrSGTXlHlnEhAN3gu4GjKSH3xhNLUj
zhj5F1hDUGWm9WicTy+FLEp9mO3RGUWP4EweIzNB6mRNyPo05LJQiCeqDkDHYgJL
Hta1IVTyykV7Q4TEtb96z3yCtqwdRVHaRVGajM/9EfAfQ/Atq+i53M942YZuccuk
I6Tv841v07ySsPERhyohTE/YosQ1kghRtcD9nKhoRNEiZ4+MA1+Xvxv4piQ5ZImT
DremAcd5GNZEZjmsqeSb4Ltgd4ySoyJMHTU/105MpcCYkm7r+G9my2lVhBxrB6nA
Pg8gtFye7fnBmldBInMoeyyJxhZ4rrijWH9jPhYHJwMh
-----END CERTIFICATE-----