Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zdPGjKDmlEKyuA5jctGD2EGz5sI.roa
File:                     zdPGjKDmlEKyuA5jctGD2EGz5sI.roa (raw, json)
Hash identifier:          HIINyd7p0+IA2/p/TQ5+8cflYoT6xLJM0xonffMxoU8=
Subject key identifier:   CD:D3:C6:8C:A0:E6:94:42:B2:B8:0E:63:72:D1:83:D8:41:B3:E6:C2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DDF59B0EE91DE5B1D475EDDB941E6EBD7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zdPGjKDmlEKyuA5jctGD2EGz5sI.roa
Signing time:             Thu 30 Apr 2026 17:04:50 +0000
ROA not before:           Thu 30 Apr 2026 17:04:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402267
IP address blocks:        31.77.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:59:b0:ee:91:de:5b:1d:47:5e:dd:b9:41:e6:eb:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 30 17:04:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdd3c68ca0e69442b2b80e6372d183d841b3e6c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:94:9c:e2:9a:52:d7:99:79:f0:d0:2f:4a:5c:
                    4e:25:79:90:6c:53:37:c7:59:c2:83:a7:77:8b:7a:
                    b4:7b:21:c7:39:6a:64:fa:99:1e:b6:24:32:ff:e2:
                    b1:ec:0f:77:34:5a:bc:7e:ac:f7:ea:d5:e1:4b:b1:
                    0f:ca:76:36:91:69:b0:9c:d9:8a:2b:b3:8d:3a:68:
                    74:b2:a0:3e:50:ef:bd:d9:48:f9:fa:d7:af:96:7d:
                    84:94:97:ac:7f:5b:86:f8:ac:17:52:05:3f:da:ea:
                    f3:51:0d:d3:79:ac:a2:ee:c6:53:97:59:39:8a:fa:
                    ca:48:16:12:1b:bf:01:55:ec:71:ea:ac:6f:61:d5:
                    98:38:7c:50:61:be:88:fb:d5:df:6f:f8:a7:10:39:
                    cd:be:b6:f1:8d:38:26:15:e3:c9:2d:b5:e0:af:1d:
                    71:81:ff:aa:de:7e:fa:30:eb:71:a3:c8:6b:55:79:
                    11:06:19:0c:3d:20:14:45:c4:8b:01:a5:57:ae:db:
                    dd:0e:cf:7e:30:b8:26:65:56:d4:b1:e2:f0:b0:5d:
                    e8:84:ea:15:92:00:d2:6c:ff:ed:ee:f7:64:7c:c6:
                    bd:93:23:f5:c8:27:99:e6:67:7b:a5:0b:47:c9:de:
                    d0:8a:87:12:8e:59:40:4c:d2:ed:2a:62:ea:7d:5e:
                    38:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D3:C6:8C:A0:E6:94:42:B2:B8:0E:63:72:D1:83:D8:41:B3:E6:C2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/zdPGjKDmlEKyuA5jctGD2EGz5sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:b3:cb:4f:62:8e:6f:4c:25:19:ee:f2:b9:6b:4d:b1:5c:a2:
         ed:c6:83:04:8b:d6:5b:8f:28:98:e0:10:85:0a:41:a5:39:c4:
         90:4c:e8:57:7c:b5:34:e5:2b:73:14:ff:76:f8:4f:71:28:36:
         9c:50:3d:de:a6:c2:8c:08:71:a1:75:80:cc:a5:50:bf:61:b2:
         e8:c3:9b:d4:79:4c:eb:ba:97:7d:45:c4:66:93:83:87:05:f3:
         f7:14:68:35:74:1e:fc:be:4b:29:8e:83:7b:17:ab:79:95:bb:
         a1:f2:d8:43:91:fc:0a:84:9d:ac:25:dc:24:a2:66:bb:60:82:
         0b:71:3e:b6:14:58:5a:40:96:27:51:de:44:30:52:ec:e5:f7:
         f2:e9:02:9a:0a:2c:0b:c3:ab:11:98:98:99:4d:eb:21:d4:1c:
         83:27:64:12:c7:41:7e:c7:98:c6:87:81:d4:13:5e:32:be:c2:
         b8:01:2e:f2:8c:a4:92:ea:34:1b:45:77:e2:00:be:98:ac:7b:
         76:62:39:f6:b7:15:66:8d:16:29:4e:fc:8b:9c:0c:3e:70:a6:
         76:92:1e:4e:39:3d:ef:31:c1:20:74:20:59:ab:ec:77:66:02:
         e6:ca:21:6a:43:1a:75:c7:9a:01:ad:9f:36:f0:d7:f9:11:fb:
         2c:2f:1c:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fWbDukd5bHUde3blB5uvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDMwMTcwNDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGQzYzY4Y2EwZTY5NDQyYjJiODBlNjM3MmQxODNkODQxYjNlNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZSc4ppS15l58NAvSlxOJXmQbFM3
x1nCg6d3i3q0eyHHOWpk+pketiQy/+Kx7A93NFq8fqz36tXhS7EPynY2kWmwnNmK
K7ONOmh0sqA+UO+92Uj5+tevln2ElJesf1uG+KwXUgU/2urzUQ3Teayi7sZTl1k5
ivrKSBYSG78BVexx6qxvYdWYOHxQYb6I+9Xfb/inEDnNvrbxjTgmFePJLbXgrx1x
gf+q3n76MOtxo8hrVXkRBhkMPSAURcSLAaVXrtvdDs9+MLgmZVbUseLwsF3ohOoV
kgDSbP/t7vdkfMa9kyP1yCeZ5md7pQtHyd7QiocSjllATNLtKmLqfV444wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3Txoyg5pRCsrgOY3LRg9hBs+bCMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvemRQR2pLRG1sRUt5dUE1amN0R0QyRUd6NXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03WMA0G
CSqGSIb3DQEBCwUAA4IBAQBas8tPYo5vTCUZ7vK5a02xXKLtxoMEi9ZbjyiY4BCF
CkGlOcSQTOhXfLU05StzFP92+E9xKDacUD3epsKMCHGhdYDMpVC/YbLow5vUeUzr
upd9RcRmk4OHBfP3FGg1dB78vkspjoN7F6t5lbuh8thDkfwKhJ2sJdwkoma7YIIL
cT62FFhaQJYnUd5EMFLs5ffy6QKaCiwLw6sRmJiZTesh1ByDJ2QSx0F+x5jGh4HU
E14yvsK4AS7yjKSS6jQbRXfiAL6YrHt2Yjn2txVmjRYpTvyLnAw+cKZ2kh5OOT3v
McEgdCBZq+x3ZgLmyiFqQxp1x5oBrZ828Nf5EfssLxxT
-----END CERTIFICATE-----