Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/JSepXA1u_-q77uZGLhjsCRUMkWc.roa
File:                     JSepXA1u_-q77uZGLhjsCRUMkWc.roa (raw, json)
Hash identifier:          orSARG7WS9asUN0ggja9ZW3dM7aWhCobTGdbemKY0bA=
Subject key identifier:   25:27:A9:5C:0D:6E:FF:EA:BB:EE:E6:46:2E:18:EC:09:15:0C:91:67
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E1376910EE5779642F4EF20CFDD6A1573
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/JSepXA1u_-q77uZGLhjsCRUMkWc.roa
Signing time:             Sun 10 May 2026 19:56:37 +0000
ROA not before:           Sun 10 May 2026 19:56:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210814
IP address blocks:        31.77.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:76:91:0e:e5:77:96:42:f4:ef:20:cf:dd:6a:15:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 10 19:56:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2527a95c0d6effeabbeee6462e18ec09150c9167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:10:74:7a:25:ac:40:81:15:41:e7:79:c6:dd:
                    b8:63:f9:95:ed:4e:2e:b7:d0:60:c7:a7:d0:c3:70:
                    66:a6:ca:68:f4:3b:ea:6c:08:c5:0d:2e:0c:58:dd:
                    c1:cb:13:a2:ac:a4:33:ba:9b:56:13:60:62:5e:3f:
                    a3:99:51:15:e1:95:82:f6:2f:0b:1f:24:e6:ec:45:
                    96:43:41:af:ed:3c:2c:61:c9:ae:f8:7d:3f:3c:eb:
                    19:2f:ba:b4:6d:33:a2:c6:3f:02:86:0d:42:20:3e:
                    8b:e2:e8:60:e7:37:4c:05:c8:fb:4e:54:b9:1a:66:
                    80:a3:af:49:ea:ce:28:58:f6:91:4e:6d:ce:61:03:
                    84:c2:be:c8:5d:33:77:af:c8:95:d2:24:09:81:77:
                    66:b4:2c:fa:76:d9:ca:63:b7:99:69:51:9b:cb:c1:
                    fa:ff:8c:22:b3:a5:a2:2e:bc:99:97:d9:c5:a3:78:
                    e8:ce:56:98:1c:f5:0a:7b:bb:92:b7:f0:b4:c9:86:
                    32:c2:78:80:7e:a4:bd:99:7d:e7:d7:d1:2f:37:43:
                    7a:ac:85:66:12:f4:dd:49:5a:3b:a1:88:6d:f5:36:
                    bc:85:a7:c5:57:64:e5:1b:e7:5e:3f:83:8e:76:18:
                    ab:3b:1f:4c:2f:40:cc:6d:68:6c:2d:82:94:ae:b9:
                    77:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:27:A9:5C:0D:6E:FF:EA:BB:EE:E6:46:2E:18:EC:09:15:0C:91:67
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/JSepXA1u_-q77uZGLhjsCRUMkWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:ea:7f:ab:79:b2:ff:bf:c5:33:a6:93:03:36:02:cb:e2:40:
         01:13:91:b5:09:d7:70:f5:29:a0:bd:6a:28:36:be:de:e6:aa:
         5b:6d:1d:bf:e0:9e:50:81:e8:71:6e:02:df:85:11:04:4b:de:
         cd:fb:af:84:9d:d1:f9:74:4f:d4:64:4f:2d:af:ef:1d:0d:63:
         0c:cb:6b:87:ec:77:dd:c0:16:30:7d:e4:09:a4:a6:8b:5d:47:
         6d:8f:76:d8:6b:40:38:01:ec:34:43:94:c2:58:5d:06:62:28:
         88:ca:58:8e:f5:b0:dc:4e:f8:5d:6d:77:b0:10:b5:d8:cb:a9:
         53:14:d9:55:1a:1c:17:6a:a6:1c:22:82:04:af:66:40:54:1b:
         fe:6b:e2:41:6f:cd:b9:cb:85:ad:50:cc:9d:4e:8c:08:ba:d1:
         63:c0:a2:00:7a:db:4e:68:e0:d8:de:c5:b2:86:71:96:5b:af:
         cd:80:48:43:e4:21:3e:53:99:c9:18:73:b6:f0:cc:7b:3b:19:
         41:b5:1d:95:da:b0:a5:dd:da:86:39:83:dc:ad:96:a8:ee:ee:
         c2:3e:bc:f1:f9:8f:d4:6e:76:00:c7:55:63:05:1e:44:4b:1c:
         a3:e3:d8:6d:21:19:3f:bf:62:6a:6c:d3:63:db:1f:3e:87:1e:
         b3:e4:6c:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4TdpEO5XeWQvTvIM/dahVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEwMTk1NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTI3YTk1YzBkNmVmZmVhYmJlZWU2NDYyZTE4ZWMwOTE1MGM5MTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBB0eiWsQIEVQed5xt24Y/mV7U4u
t9Bgx6fQw3Bmpspo9DvqbAjFDS4MWN3ByxOirKQzuptWE2BiXj+jmVEV4ZWC9i8L
HyTm7EWWQ0Gv7TwsYcmu+H0/POsZL7q0bTOixj8Chg1CID6L4uhg5zdMBcj7TlS5
GmaAo69J6s4oWPaRTm3OYQOEwr7IXTN3r8iV0iQJgXdmtCz6dtnKY7eZaVGby8H6
/4wis6WiLryZl9nFo3jozlaYHPUKe7uSt/C0yYYywniAfqS9mX3n19EvN0N6rIVm
EvTdSVo7oYht9Ta8hafFV2TlG+deP4OOdhirOx9ML0DMbWhsLYKUrrl3PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUnqVwNbv/qu+7mRi4Y7AkVDJFnMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSlNlcFhBMXVfLXE3N3VaR0xoanNDUlVNa1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03eMA0G
CSqGSIb3DQEBCwUAA4IBAQBB6n+rebL/v8UzppMDNgLL4kABE5G1Cddw9SmgvWoo
Nr7e5qpbbR2/4J5QgehxbgLfhREES97N+6+EndH5dE/UZE8tr+8dDWMMy2uH7Hfd
wBYwfeQJpKaLXUdtj3bYa0A4Aew0Q5TCWF0GYiiIyliO9bDcTvhdbXewELXYy6lT
FNlVGhwXaqYcIoIEr2ZAVBv+a+JBb825y4WtUMydTowIutFjwKIAettOaODY3sWy
hnGWW6/NgEhD5CE+U5nJGHO28Mx7OxlBtR2V2rCl3dqGOYPcrZao7u7CPrzx+Y/U
bnYAx1VjBR5ESxyj49htIRk/v2JqbNNj2x8+hx6z5Gyo
-----END CERTIFICATE-----