Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/awSWlQ72jUklGC187Z5ugxAJ9A0.roa
File:                     awSWlQ72jUklGC187Z5ugxAJ9A0.roa (raw, json)
Hash identifier:          jMD1U0iSlGFD8/JJa6Ae6dn9xucvoFwnrAa3YUREOKg=
Subject key identifier:   6B:04:96:95:0E:F6:8D:49:25:18:2D:7C:ED:9E:6E:83:10:09:F4:0D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E180231621BCA87D96A1CF7E475EEE43A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/awSWlQ72jUklGC187Z5ugxAJ9A0.roa
Signing time:             Mon 11 May 2026 17:07:37 +0000
ROA not before:           Mon 11 May 2026 17:07:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402402
IP address blocks:        31.77.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:18:02:31:62:1b:ca:87:d9:6a:1c:f7:e4:75:ee:e4:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 11 17:07:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b0496950ef68d4925182d7ced9e6e831009f40d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:71:65:4c:36:b2:01:8f:3a:b8:2d:52:f1:5a:
                    60:92:82:9e:d7:f7:e8:0c:a8:0e:45:36:ad:ee:d5:
                    89:8e:9a:c1:cd:82:4c:2c:65:85:30:8f:0d:2c:aa:
                    83:ba:1b:19:84:80:cb:74:a8:a7:d2:ea:79:9d:0b:
                    61:74:a4:58:af:d6:0a:2a:b2:35:c3:ea:92:ed:7c:
                    2e:c4:c1:85:0b:ec:81:29:b0:77:51:f5:0a:33:f2:
                    9d:f2:17:fb:db:90:7a:0d:3e:32:b9:ba:7e:5f:a3:
                    c0:39:ea:6c:44:d4:b4:91:1f:cc:36:2a:5e:c9:51:
                    12:bb:15:ab:0c:3a:39:2d:3a:ba:ee:d9:d2:e2:a5:
                    35:53:75:09:2a:ab:18:1e:b2:50:3b:75:7c:52:ad:
                    84:0e:d3:a9:d5:53:5f:e4:5c:e4:4b:f7:26:ca:0c:
                    ae:5c:c6:f5:9f:f1:34:d7:11:65:4e:e7:89:51:fa:
                    ab:83:00:6b:f0:c3:a7:13:a3:0b:e3:32:7a:60:91:
                    29:81:5f:f6:ee:23:ed:ec:45:32:12:28:ae:dc:4b:
                    c8:94:de:9a:3c:89:d3:1d:2f:fa:8a:22:9f:ac:6c:
                    4e:5c:2f:3f:22:e3:da:3e:83:23:69:aa:fd:6a:df:
                    e8:98:f1:33:0e:17:2e:15:91:31:41:40:16:a0:f5:
                    0a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:04:96:95:0E:F6:8D:49:25:18:2D:7C:ED:9E:6E:83:10:09:F4:0D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/awSWlQ72jUklGC187Z5ugxAJ9A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:13:52:a2:66:e2:da:8d:a1:2e:11:3c:d8:1e:20:b8:6c:0d:
         0c:08:86:6b:b7:fa:c4:ba:d1:23:13:1a:c1:00:90:90:6a:0d:
         8d:13:02:48:dd:f5:44:e8:79:4a:0c:b1:ae:31:e3:0d:4c:42:
         7d:57:6d:63:45:92:4b:a8:a8:17:08:2c:1d:0f:0a:ac:98:53:
         c8:27:94:46:7f:9f:fa:ca:a8:47:ba:e8:cd:a7:06:29:e9:01:
         88:23:64:b5:ba:0e:79:e0:43:15:a5:05:f6:52:59:fd:09:85:
         0b:a7:5e:ff:60:76:ff:26:fe:9b:81:be:75:b5:c6:46:06:d4:
         9a:93:b0:f1:19:4e:1e:98:5e:9e:35:1f:61:45:85:19:16:67:
         af:d6:b2:97:6e:57:84:5a:ea:98:f6:9e:18:8c:6b:25:12:77:
         da:e2:6d:53:e8:6f:0a:d6:1e:9a:05:d7:ff:a0:88:03:ec:71:
         3a:38:87:5c:56:55:b8:c7:cc:63:6a:26:16:31:d6:80:dc:7d:
         51:34:7c:40:f0:d5:2a:f4:0a:f3:a7:b6:5b:cf:08:51:ac:a6:
         d5:f6:b4:4d:27:5f:5d:ed:a8:58:4d:90:5b:1f:b9:a5:90:ba:
         ee:2a:18:fd:d6:1a:c6:04:ec:7a:c3:92:5c:32:77:86:90:54:
         59:d7:c4:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4YAjFiG8qH2Woc9+R17uQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTExMTcwNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA0OTY5NTBlZjY4ZDQ5MjUxODJkN2NlZDllNmU4MzEwMDlmNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nFlTDayAY86uC1S8VpgkoKe1/fo
DKgORTat7tWJjprBzYJMLGWFMI8NLKqDuhsZhIDLdKin0up5nQthdKRYr9YKKrI1
w+qS7XwuxMGFC+yBKbB3UfUKM/Kd8hf725B6DT4yubp+X6PAOepsRNS0kR/MNipe
yVESuxWrDDo5LTq67tnS4qU1U3UJKqsYHrJQO3V8Uq2EDtOp1VNf5FzkS/cmygyu
XMb1n/E01xFlTueJUfqrgwBr8MOnE6ML4zJ6YJEpgV/27iPt7EUyEiiu3EvIlN6a
PInTHS/6iiKfrGxOXC8/IuPaPoMjaar9at/omPEzDhcuFZExQUAWoPUK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsElpUO9o1JJRgtfO2eboMQCfQNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYXdTV2xRNzJqVWtsR0MxODdaNXVneEFKOUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH03gMA0G
CSqGSIb3DQEBCwUAA4IBAQCjE1KiZuLajaEuETzYHiC4bA0MCIZrt/rEutEjExrB
AJCQag2NEwJI3fVE6HlKDLGuMeMNTEJ9V21jRZJLqKgXCCwdDwqsmFPIJ5RGf5/6
yqhHuujNpwYp6QGII2S1ug554EMVpQX2Uln9CYULp17/YHb/Jv6bgb51tcZGBtSa
k7DxGU4emF6eNR9hRYUZFmev1rKXbleEWuqY9p4YjGslEnfa4m1T6G8K1h6aBdf/
oIgD7HE6OIdcVlW4x8xjaiYWMdaA3H1RNHxA8NUq9Arzp7ZbzwhRrKbV9rRNJ19d
7ahYTZBbH7mlkLruKhj91hrGBOx6w5JcMneGkFRZ18QO
-----END CERTIFICATE-----