Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QhR4IrTPGUFH-3sI_rnPqa6lx94.roa
File:                     QhR4IrTPGUFH-3sI_rnPqa6lx94.roa (raw, json)
Hash identifier:          scmy1bjvteF2az7QIFDwWiQDu6dBSPNVfoxq/NQ+hqU=
Subject key identifier:   42:14:78:22:B4:CF:19:41:47:FB:7B:08:FE:B9:CF:A9:AE:A5:C7:DE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E091B326B0AD1D8DD4016E5BBB0DE0CB3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QhR4IrTPGUFH-3sI_rnPqa6lx94.roa
Signing time:             Fri 08 May 2026 19:40:37 +0000
ROA not before:           Fri 08 May 2026 19:40:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197924
IP address blocks:        31.77.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:09:1b:32:6b:0a:d1:d8:dd:40:16:e5:bb:b0:de:0c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  8 19:40:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42147822b4cf194147fb7b08feb9cfa9aea5c7de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:53:4b:af:0a:8e:5a:8c:e4:65:c6:f0:cf:6a:
                    fc:8c:36:0e:bc:bd:c7:a3:a5:e6:48:5f:64:5e:46:
                    e8:20:df:72:3d:0a:5d:b0:8b:07:ac:91:be:4b:0c:
                    5a:c8:c4:b9:8f:dc:44:ed:bd:8b:b4:3c:e6:3a:71:
                    09:43:d3:b1:96:7f:ed:63:41:62:92:bf:e4:79:27:
                    79:77:66:d2:72:7c:1e:f0:e3:aa:35:50:42:1e:36:
                    1d:1a:97:9c:e1:f5:a8:31:3c:03:76:80:d4:17:17:
                    c9:f6:69:36:9c:76:ff:f5:ec:d9:e4:9c:9a:17:df:
                    d1:67:87:4e:c9:84:59:88:d4:a4:9e:03:08:50:39:
                    e9:d6:04:94:ac:e4:ae:2a:ce:72:9c:51:3c:67:0d:
                    ea:a2:8e:79:1f:61:24:fe:f3:24:6a:44:d7:81:30:
                    c8:3b:1e:54:6a:c9:91:0f:22:61:70:48:58:13:13:
                    bd:15:56:8e:3c:5b:a7:d6:8d:9f:28:31:08:e1:51:
                    df:b5:97:5d:73:fd:32:3d:76:44:fd:fa:a2:78:e9:
                    c9:42:64:41:eb:1d:56:8c:ec:65:3f:c2:1e:78:07:
                    09:80:9f:35:48:48:cd:52:e9:0c:76:56:5e:8c:c1:
                    81:9d:ea:6f:a2:0f:f0:58:35:7e:e0:ea:e7:4a:5a:
                    7b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:14:78:22:B4:CF:19:41:47:FB:7B:08:FE:B9:CF:A9:AE:A5:C7:DE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QhR4IrTPGUFH-3sI_rnPqa6lx94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:29:e9:4b:b0:a3:5e:b6:76:10:54:29:1d:f9:49:8a:44:1e:
         c3:b7:8e:b5:9d:0c:2a:52:30:ce:31:5e:2b:dc:07:3e:f5:66:
         f7:94:ea:2d:90:15:ba:e1:5c:25:50:40:3f:62:5b:b6:17:fc:
         4e:8b:1f:25:fa:5e:28:69:a0:8b:96:e1:f1:f2:3a:02:a4:3f:
         48:52:24:b9:ec:0e:d5:70:9b:4b:b5:5a:d7:d6:2e:fc:8f:b4:
         d5:26:42:19:79:04:f3:6a:16:68:24:9f:59:e3:be:fb:32:4b:
         6b:cf:dc:38:c3:ca:ba:ad:db:bd:13:e9:30:1b:a9:57:2b:b9:
         61:25:3e:66:d1:3a:88:c7:6a:5b:7f:ef:d4:5e:87:ff:62:8e:
         da:67:ba:a7:5f:1a:e2:d0:b9:3a:7f:b4:0d:fe:46:09:63:9f:
         62:71:83:ac:ad:7f:6d:17:44:1a:80:00:dd:dc:3d:d7:98:1c:
         29:ec:1c:00:71:b6:12:98:22:79:e5:fe:05:1f:57:c8:58:09:
         b3:7e:af:ec:3b:38:00:dc:82:80:6f:3c:69:93:a7:a5:ed:9f:
         4e:c8:59:8c:c4:44:ed:a1:97:5c:ae:d7:f1:3c:38:67:1e:68:
         0e:c5:4a:f0:93:93:74:45:b5:a6:1e:37:af:e5:57:df:08:24:
         bd:85:09:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4JGzJrCtHY3UAW5buw3gyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA4MTk0MDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE0NzgyMmI0Y2YxOTQxNDdmYjdiMDhmZWI5Y2ZhOWFlYTVjN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VNLrwqOWozkZcbwz2r8jDYOvL3H
o6XmSF9kXkboIN9yPQpdsIsHrJG+SwxayMS5j9xE7b2LtDzmOnEJQ9Oxln/tY0Fi
kr/keSd5d2bScnwe8OOqNVBCHjYdGpec4fWoMTwDdoDUFxfJ9mk2nHb/9ezZ5Jya
F9/RZ4dOyYRZiNSkngMIUDnp1gSUrOSuKs5ynFE8Zw3qoo55H2Ek/vMkakTXgTDI
Ox5UasmRDyJhcEhYExO9FVaOPFun1o2fKDEI4VHftZddc/0yPXZE/fqieOnJQmRB
6x1WjOxlP8IeeAcJgJ81SEjNUukMdlZejMGBnepvog/wWDV+4OrnSlp7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIUeCK0zxlBR/t7CP65z6mupcfeMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUWhSNElyVFBHVUZILTNzSV9yblBxYTZseDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03UMA0G
CSqGSIb3DQEBCwUAA4IBAQBbKelLsKNetnYQVCkd+UmKRB7Dt461nQwqUjDOMV4r
3Ac+9Wb3lOotkBW64VwlUEA/Ylu2F/xOix8l+l4oaaCLluHx8joCpD9IUiS57A7V
cJtLtVrX1i78j7TVJkIZeQTzahZoJJ9Z4777Mktrz9w4w8q6rdu9E+kwG6lXK7lh
JT5m0TqIx2pbf+/UXof/Yo7aZ7qnXxri0Lk6f7QN/kYJY59icYOsrX9tF0QagADd
3D3XmBwp7BwAcbYSmCJ55f4FH1fIWAmzfq/sOzgA3IKAbzxpk6el7Z9OyFmMxETt
oZdcrtfxPDhnHmgOxUrwk5N0RbWmHjev5VffCCS9hQn0
-----END CERTIFICATE-----