Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZTFgbwQC04d2-wDhiCZLa1kvXco.roa
File:                     ZTFgbwQC04d2-wDhiCZLa1kvXco.roa (raw, json)
Hash identifier:          XOohi2jcLQ/I9rKC813W2gRDnsM3HV00a2fduGwGqjU=
Subject key identifier:   65:31:60:6F:04:02:D3:87:76:FB:00:E1:88:26:4B:6B:59:2F:5D:CA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF952E72496064F7AB6B53CD49B073FA1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZTFgbwQC04d2-wDhiCZLa1kvXco.roa
Signing time:             Tue 05 May 2026 18:07:33 +0000
ROA not before:           Tue 05 May 2026 18:07:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        31.77.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:52:e7:24:96:06:4f:7a:b6:b5:3c:d4:9b:07:3f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  5 18:07:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6531606f0402d38776fb00e188264b6b592f5dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c7:f9:89:03:a7:ee:cf:88:3f:eb:22:90:74:
                    25:29:aa:20:f1:0a:8c:ec:00:18:ae:2b:bb:86:9a:
                    08:3e:8a:01:ab:74:8a:65:94:01:94:89:82:e1:c5:
                    26:0f:28:cb:65:1b:93:1e:db:46:b7:a3:ec:e3:c7:
                    9a:19:a0:4f:74:ad:20:e2:88:3d:e2:eb:d3:32:27:
                    08:fd:96:4c:3f:e3:4d:20:fc:73:ac:aa:c2:06:dc:
                    24:12:ec:72:c3:1b:1e:57:d9:42:86:39:6f:57:fd:
                    fe:ab:1f:b3:10:f3:6b:f3:3f:38:74:3b:cd:e7:ad:
                    1b:a3:a7:61:f8:e1:aa:17:ab:00:24:9e:f5:00:49:
                    c4:95:27:51:af:cb:58:89:8e:32:6e:d2:67:a4:01:
                    5e:5c:78:8d:ab:f2:b1:f2:65:60:ab:98:88:39:07:
                    2e:af:e3:45:3a:cd:c9:07:ee:ab:86:c2:bb:b0:20:
                    ec:88:a7:1f:d6:d2:41:c6:80:2f:2a:d3:d5:4d:ba:
                    44:75:39:2d:a5:17:13:f8:85:01:23:1e:f8:b0:20:
                    a0:53:17:90:79:a0:2a:57:68:aa:1e:08:3e:64:2e:
                    3a:4f:5b:e4:2f:63:f3:56:0b:47:61:7e:9e:71:ce:
                    00:e2:b3:90:41:df:a2:1e:6e:b3:74:79:87:75:35:
                    b2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:31:60:6F:04:02:D3:87:76:FB:00:E1:88:26:4B:6B:59:2F:5D:CA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ZTFgbwQC04d2-wDhiCZLa1kvXco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:99:a7:4e:cb:15:56:30:6a:be:9c:97:57:33:af:ba:ea:18:
         fc:31:5b:ed:1d:e0:c2:10:b4:a5:77:b1:f2:87:a0:0e:5e:5e:
         ea:b7:c8:82:f3:69:52:34:93:7b:55:f6:b7:bf:77:9b:56:05:
         74:7c:f8:38:18:58:c7:be:b1:35:d9:b8:62:4e:53:2c:64:a7:
         83:4a:69:45:41:98:d3:16:8b:e9:ca:85:b0:6a:2b:3c:40:14:
         be:8e:21:28:f3:59:87:63:40:8a:75:eb:46:c6:62:e0:5a:5a:
         c3:e1:79:f9:97:2a:64:9f:53:14:c5:cd:84:b2:45:77:d3:b9:
         28:7f:7a:eb:73:0f:72:07:88:9a:30:c6:9c:73:46:cb:41:66:
         57:c2:60:68:d5:bd:6d:af:78:6a:67:ed:f1:82:5d:3f:94:a2:
         a7:4c:a1:5d:03:3f:d1:b4:17:d5:23:28:af:f3:4d:3a:db:da:
         99:b1:7c:59:64:ca:28:63:cb:f5:f3:eb:fb:5f:ac:d6:ba:13:
         27:c4:a2:a0:9a:55:2e:ae:eb:61:27:88:b9:d9:f7:e6:70:57:
         5a:31:d4:58:f1:e5:c9:f1:73:7f:a8:0e:21:e2:08:aa:9f:8a:
         47:53:bf:f7:bc:de:de:ae:41:e6:72:49:a6:7b:67:45:c3:6f:
         b5:8c:95:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ35UucklgZPera1PNSbBz+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA1MTgwNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTMxNjA2ZjA0MDJkMzg3NzZmYjAwZTE4ODI2NGI2YjU5MmY1ZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8f5iQOn7s+IP+sikHQlKaog8QqM
7AAYriu7hpoIPooBq3SKZZQBlImC4cUmDyjLZRuTHttGt6Ps48eaGaBPdK0g4og9
4uvTMicI/ZZMP+NNIPxzrKrCBtwkEuxywxseV9lChjlvV/3+qx+zEPNr8z84dDvN
560bo6dh+OGqF6sAJJ71AEnElSdRr8tYiY4ybtJnpAFeXHiNq/Kx8mVgq5iIOQcu
r+NFOs3JB+6rhsK7sCDsiKcf1tJBxoAvKtPVTbpEdTktpRcT+IUBIx74sCCgUxeQ
eaAqV2iqHgg+ZC46T1vkL2PzVgtHYX6ecc4A4rOQQd+iHm6zdHmHdTWyVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUxYG8EAtOHdvsA4YgmS2tZL13KMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWlRGZ2J3UUMwNGQyLXdEaGlDWkxhMWt2WGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH00wMA0G
CSqGSIb3DQEBCwUAA4IBAQA9madOyxVWMGq+nJdXM6+66hj8MVvtHeDCELSld7Hy
h6AOXl7qt8iC82lSNJN7Vfa3v3ebVgV0fPg4GFjHvrE12bhiTlMsZKeDSmlFQZjT
FovpyoWwais8QBS+jiEo81mHY0CKdetGxmLgWlrD4Xn5lypkn1MUxc2EskV307ko
f3rrcw9yB4iaMMacc0bLQWZXwmBo1b1tr3hqZ+3xgl0/lKKnTKFdAz/RtBfVIyiv
800629qZsXxZZMooY8v18+v7X6zWuhMnxKKgmlUuruthJ4i52ffmcFdaMdRY8eXJ
8XN/qA4h4giqn4pHU7/3vN7erkHmckmme2dFw2+1jJUU
-----END CERTIFICATE-----