Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pC_Yb2yY5UPrJfMWxI01QfHMwO0.roa
File:                     pC_Yb2yY5UPrJfMWxI01QfHMwO0.roa (raw, json)
Hash identifier:          wURxccs+HRnz/CYWkB9sJ2lKwKJTq/YA7BA57PXwAZQ=
Subject key identifier:   A4:2F:D8:6F:6C:98:E5:43:EB:25:F3:16:C4:8D:35:41:F1:CC:C0:ED
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E088C5F1CC2EBFB0F1AB0A96983FC5B45
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pC_Yb2yY5UPrJfMWxI01QfHMwO0.roa
Signing time:             Fri 08 May 2026 17:04:37 +0000
ROA not before:           Fri 08 May 2026 17:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401824
IP address blocks:        31.77.216.0/24 maxlen: 24
                          144.31.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:8c:5f:1c:c2:eb:fb:0f:1a:b0:a9:69:83:fc:5b:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  8 17:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a42fd86f6c98e543eb25f316c48d3541f1ccc0ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0f:f9:17:24:79:c8:66:8c:5f:32:ff:cd:99:
                    65:f1:3e:c1:b1:14:1c:84:22:eb:5e:87:79:b2:f0:
                    88:ff:5f:74:c2:f0:ec:8a:04:fe:2c:d8:98:31:0f:
                    15:d2:c2:71:e9:73:15:91:65:2f:17:6e:5f:05:64:
                    2e:98:2b:b3:95:96:b5:e5:50:29:6c:f7:b5:c6:77:
                    d7:6e:33:ee:e1:e7:65:eb:82:21:db:0d:a8:3f:66:
                    80:2a:d2:0e:09:6c:63:09:4f:e0:e4:cb:54:32:a9:
                    4a:d8:3d:c6:20:52:35:bd:c5:15:74:f3:4b:92:20:
                    c6:9f:ca:5d:50:3c:40:eb:ec:fa:59:f0:95:d6:b4:
                    a6:82:36:ef:fe:7c:18:64:98:e4:71:56:3e:f4:bc:
                    29:91:74:c1:3f:0d:6d:74:50:fd:62:b7:46:9a:61:
                    98:93:d3:ee:cf:b4:e1:4d:85:dd:9a:6c:98:89:49:
                    4e:a7:24:d2:c7:0e:e7:df:a6:94:04:89:5d:9d:91:
                    2f:5a:60:35:11:d2:8d:cf:de:04:a7:0a:4c:04:2f:
                    95:d3:0d:69:df:bd:59:8b:aa:c2:c2:74:01:ba:2b:
                    63:28:30:4d:b5:04:a8:5e:95:dd:55:04:1a:d4:ad:
                    52:4c:01:fa:e5:eb:ac:c5:70:28:06:51:2f:d9:da:
                    1a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:2F:D8:6F:6C:98:E5:43:EB:25:F3:16:C4:8D:35:41:F1:CC:C0:ED
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pC_Yb2yY5UPrJfMWxI01QfHMwO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.77.216.0/24
                  144.31.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:af:30:1b:f4:a8:94:be:d4:7c:8f:e3:61:2a:e5:6d:9d:25:
         fa:8c:6a:3d:b7:6c:bb:7a:ec:8a:1e:8c:fc:ce:3b:b7:ba:7e:
         6d:01:07:36:cf:8a:42:94:9b:97:ca:39:da:e3:00:7d:bc:fb:
         7d:04:81:f8:9f:56:ed:17:96:1b:42:65:d6:14:3f:5b:32:36:
         2a:89:ad:ab:0f:47:a6:80:19:6c:ee:92:ca:37:69:64:7f:0c:
         bf:61:50:07:70:f0:3c:f9:89:c6:f3:ad:51:67:e5:3b:77:1a:
         ee:11:3c:cc:d4:6a:2a:22:64:79:3f:02:1c:6b:8a:f1:7a:27:
         c0:66:51:89:f3:45:15:f8:06:50:11:fb:8e:86:dc:3c:9f:a0:
         29:25:a8:41:0f:d6:3a:3e:e6:1a:d8:d4:21:ea:ce:08:56:e9:
         c4:b2:f0:47:0a:48:79:28:4f:a4:20:9d:a9:bd:42:aa:fd:49:
         d4:57:d8:34:a0:e8:b3:44:d2:18:bf:cd:bf:78:86:91:a4:ae:
         c1:75:c1:9e:0d:ed:df:47:a0:93:c7:88:c3:8b:84:04:22:71:
         0c:22:f6:02:5d:97:60:c8:e7:cd:26:f0:1c:62:71:b6:05:6b:
         90:5e:33:fd:e0:18:d1:75:48:10:8f:2a:c9:49:83:06:80:02:
         b6:35:b5:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4IjF8cwuv7DxqwqWmD/FtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA4MTcwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDJmZDg2ZjZjOThlNTQzZWIyNWYzMTZjNDhkMzU0MWYxY2NjMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q/5FyR5yGaMXzL/zZll8T7BsRQc
hCLrXod5svCI/190wvDsigT+LNiYMQ8V0sJx6XMVkWUvF25fBWQumCuzlZa15VAp
bPe1xnfXbjPu4edl64Ih2w2oP2aAKtIOCWxjCU/g5MtUMqlK2D3GIFI1vcUVdPNL
kiDGn8pdUDxA6+z6WfCV1rSmgjbv/nwYZJjkcVY+9LwpkXTBPw1tdFD9YrdGmmGY
k9Puz7ThTYXdmmyYiUlOpyTSxw7n36aUBIldnZEvWmA1EdKNz94EpwpMBC+V0w1p
371Zi6rCwnQBuitjKDBNtQSoXpXdVQQa1K1STAH65eusxXAoBlEv2doa3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKQv2G9smOVD6yXzFsSNNUHxzMDtMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcENfWWIyeVk1VVBySmZNV3hJMDFRZkhNd08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH03YAwQA
kB8uMA0GCSqGSIb3DQEBCwUAA4IBAQBGrzAb9KiUvtR8j+NhKuVtnSX6jGo9t2y7
euyKHoz8zju3un5tAQc2z4pClJuXyjna4wB9vPt9BIH4n1btF5YbQmXWFD9bMjYq
ia2rD0emgBls7pLKN2lkfwy/YVAHcPA8+YnG861RZ+U7dxruETzM1GoqImR5PwIc
a4rxeifAZlGJ80UV+AZQEfuOhtw8n6ApJahBD9Y6PuYa2NQh6s4IVunEsvBHCkh5
KE+kIJ2pvUKq/UnUV9g0oOizRNIYv82/eIaRpK7BdcGeDe3fR6CTx4jDi4QEInEM
IvYCXZdgyOfNJvAcYnG2BWuQXjP94BjRdUgQjyrJSYMGgAK2NbVy
-----END CERTIFICATE-----