Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-JoGWTklSVB082JLysYobQhLe9o.roa
File:                     1-JoGWTklSVB082JLysYobQhLe9o.roa (raw, json)
Hash identifier:          BwO0FnV2CzwdY6vRmQRvnnwHvixqhKAcKdoqjolLRoU=
Subject key identifier:   F8:9A:06:59:39:25:49:50:74:F3:62:4B:CA:C6:28:6D:08:4B:7B:DA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C44D2D421D9CF370DDB24D6236A1689C3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-JoGWTklSVB082JLysYobQhLe9o.roa
Signing time:             Mon 09 Feb 2026 23:53:13 +0000
ROA not before:           Mon 09 Feb 2026 23:53:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206986
IP address blocks:        144.31.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:44:d2:d4:21:d9:cf:37:0d:db:24:d6:23:6a:16:89:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb  9 23:53:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f89a06593925495074f3624bcac6286d084b7bda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:00:9f:c7:22:cb:d5:cb:f6:ed:66:1f:2e:37:
                    93:0d:42:a9:8d:df:8e:a4:49:f9:5b:43:b3:26:33:
                    32:2d:8c:d3:ad:02:86:42:5c:2e:ae:81:fc:da:08:
                    7f:23:4e:b2:f3:e1:ae:b9:fa:ee:eb:eb:42:79:c6:
                    36:93:2e:7c:38:ea:85:58:2b:28:b3:12:21:2f:09:
                    a2:03:c3:36:31:26:37:c0:af:81:25:90:2e:1d:e4:
                    c9:7e:24:e7:68:2e:ff:f7:b6:eb:ea:b7:b6:bf:37:
                    e2:d1:45:51:87:bf:5e:2e:16:3f:29:5a:b1:cc:ae:
                    14:ea:bf:33:64:fe:1c:d0:e2:3e:16:6d:98:e1:48:
                    98:cf:cd:53:9a:31:89:84:1b:e0:1c:d9:a2:79:6f:
                    64:e9:b2:f7:5f:94:ec:4a:22:fe:3c:f6:35:5f:3e:
                    ad:21:56:00:9f:d3:7d:a7:14:02:42:86:cd:17:a7:
                    79:1c:b4:56:15:7d:2a:de:4a:cf:f3:de:f4:d8:01:
                    37:a7:80:e2:f0:73:ea:77:dd:b1:d8:d5:5f:b3:10:
                    69:c3:b3:36:ee:78:3c:11:d4:df:1e:d9:71:8b:8e:
                    17:7f:e6:4a:7a:90:fe:ef:66:e0:57:35:56:e2:e5:
                    c5:5b:ff:0a:3c:15:96:a4:cf:9c:c8:44:b6:4f:c3:
                    ca:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:9A:06:59:39:25:49:50:74:F3:62:4B:CA:C6:28:6D:08:4B:7B:DA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-JoGWTklSVB082JLysYobQhLe9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:52:d7:a1:0c:c9:42:fc:3c:d9:93:d7:87:0a:ea:3a:0f:90:
         b7:98:0c:f6:47:3c:95:7a:5b:77:da:42:1a:89:c2:c4:55:0f:
         fe:f9:c3:44:6e:77:70:3a:f7:46:3a:ea:89:32:53:11:3e:e6:
         7d:69:5c:c8:a8:4f:f3:97:53:c4:7a:2a:7b:82:84:c0:4e:76:
         64:5b:67:2c:96:9b:b9:f0:d0:97:c2:36:84:69:30:52:ab:07:
         10:db:4c:75:70:5b:6e:18:ba:ec:60:3c:47:af:bd:03:09:0a:
         83:8a:9c:7f:94:4a:2b:a0:a2:d9:3f:39:11:e5:3d:87:0c:48:
         ca:66:56:76:7f:60:31:95:97:3b:13:cf:e1:77:10:39:82:a3:
         99:70:56:40:7a:f8:2e:97:cd:35:6e:9f:9f:03:96:1d:24:81:
         5c:1a:d8:2d:a6:80:8e:70:10:46:f3:b2:32:e0:7a:1b:74:fb:
         bc:90:2f:27:ab:a4:c0:aa:2f:d6:1e:e1:a2:79:8e:8c:ba:50:
         7f:02:d4:fb:29:6e:01:99:ee:a0:04:09:01:b2:7f:b5:68:38:
         1b:d9:af:e1:a2:4b:00:f9:63:c6:70:b4:8a:50:fc:0a:53:5c:
         03:53:23:d9:4d:8b:23:00:7f:f7:39:98:56:ee:d0:d4:8a:4f:
         dd:d5:15:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxE0tQh2c83Ddsk1iNqFonDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA5MjM1MzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODlhMDY1OTM5MjU0OTUwNzRmMzYyNGJjYWM2Mjg2ZDA4NGI3YmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigCfxyLL1cv27WYfLjeTDUKpjd+O
pEn5W0OzJjMyLYzTrQKGQlwuroH82gh/I06y8+Guufru6+tCecY2ky58OOqFWCso
sxIhLwmiA8M2MSY3wK+BJZAuHeTJfiTnaC7/97br6re2vzfi0UVRh79eLhY/KVqx
zK4U6r8zZP4c0OI+Fm2Y4UiYz81TmjGJhBvgHNmieW9k6bL3X5TsSiL+PPY1Xz6t
IVYAn9N9pxQCQobNF6d5HLRWFX0q3krP89702AE3p4Di8HPqd92x2NVfsxBpw7M2
7ng8EdTfHtlxi44Xf+ZKepD+72bgVzVW4uXFW/8KPBWWpM+cyES2T8PKOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiaBlk5JUlQdPNiS8rGKG0IS3vaMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS1Kb0dXVGtsU1ZCMDgySkx5c1lvYlFoTGU5by5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJAfkTAN
BgkqhkiG9w0BAQsFAAOCAQEAhVLXoQzJQvw82ZPXhwrqOg+Qt5gM9kc8lXpbd9pC
GonCxFUP/vnDRG53cDr3RjrqiTJTET7mfWlcyKhP85dTxHoqe4KEwE52ZFtnLJab
ufDQl8I2hGkwUqsHENtMdXBbbhi67GA8R6+9AwkKg4qcf5RKK6Ci2T85EeU9hwxI
ymZWdn9gMZWXOxPP4XcQOYKjmXBWQHr4LpfNNW6fnwOWHSSBXBrYLaaAjnAQRvOy
MuB6G3T7vJAvJ6ukwKov1h7honmOjLpQfwLU+yluAZnuoAQJAbJ/tWg4G9mv4aJL
APljxnC0ilD8ClNcA1Mj2U2LIwB/9zmYVu7Q1IpP3dUV1Q==
-----END CERTIFICATE-----