Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6WlkGnMJyzuqvmvC5gyYHTQrcEY.roa
File:                     6WlkGnMJyzuqvmvC5gyYHTQrcEY.roa (raw, json)
Hash identifier:          jQFNFrgRj8+suPFq5uRWlA9BCWqCf62c36KuYCy5OWs=
Subject key identifier:   E9:69:64:1A:73:09:CB:3B:AA:BE:6B:C2:E6:0C:98:1D:34:2B:70:46
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D98652EDF68762275D4DEED2F49667636
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6WlkGnMJyzuqvmvC5gyYHTQrcEY.roa
Signing time:             Thu 16 Apr 2026 22:24:21 +0000
ROA not before:           Thu 16 Apr 2026 22:24:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214309
IP address blocks:        144.31.220.0/24 maxlen: 24
                          144.31.225.0/24 maxlen: 24
                          185.176.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:98:65:2e:df:68:76:22:75:d4:de:ed:2f:49:66:76:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 16 22:24:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e969641a7309cb3baabe6bc2e60c981d342b7046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1d:f3:9d:42:b0:74:f7:cd:83:03:5f:2e:7c:
                    de:f9:5b:7c:6a:7f:ff:4e:1f:64:11:8f:94:3e:83:
                    2f:04:3a:c0:62:75:7a:36:ed:d4:56:c0:40:66:35:
                    dc:49:a4:c4:a7:53:12:3e:1a:83:b9:97:c1:2b:8e:
                    07:4c:17:8b:04:9e:8e:db:ae:2a:28:e2:47:8a:ba:
                    8f:c9:17:b3:93:57:27:68:cf:85:64:1e:4f:7b:61:
                    96:03:c5:ff:51:74:e7:7b:05:b1:dc:15:38:8c:2e:
                    1a:ad:07:d6:57:4b:5a:88:68:46:24:03:62:0f:a5:
                    3d:f4:01:86:9d:92:b5:ca:bc:a0:c9:be:ec:d3:6a:
                    f9:65:b4:e7:52:e3:39:3c:eb:d2:cf:78:23:be:9a:
                    29:d2:e2:e0:92:13:63:30:25:93:28:f2:19:3f:17:
                    05:2e:be:f7:f8:22:a1:4c:57:3c:ca:03:94:af:1f:
                    b8:07:88:42:f3:00:ed:9c:11:76:70:d5:81:c9:5f:
                    5c:4e:40:5c:77:fb:e6:59:f6:2c:3b:a9:e2:a5:3b:
                    62:56:a2:29:f1:a3:f2:73:47:18:f5:09:83:e2:33:
                    e2:08:47:0d:da:d3:dc:2a:6d:c5:30:af:31:10:dd:
                    0c:1b:1d:84:ea:be:27:dc:d9:a3:65:d4:c4:47:3d:
                    13:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:69:64:1A:73:09:CB:3B:AA:BE:6B:C2:E6:0C:98:1D:34:2B:70:46
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6WlkGnMJyzuqvmvC5gyYHTQrcEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.220.0/24
                  144.31.225.0/24
                  185.176.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c7:06:4e:97:83:de:6d:fa:b7:a6:e2:92:73:40:ac:24:b8:
         ea:d2:33:c5:f9:5d:b0:1a:76:6b:fb:7d:aa:b8:1f:7d:1e:57:
         eb:3e:5c:d0:69:6c:dd:0f:20:d5:5a:53:d6:7c:23:f8:b8:01:
         36:99:55:de:9d:fc:4c:2e:a9:d5:a5:33:6b:f3:2b:e9:34:cc:
         5b:57:e4:5f:43:18:aa:88:26:95:3c:62:83:54:c5:84:4e:2f:
         d6:83:58:2e:51:ec:15:cd:36:68:8c:15:92:56:e9:a0:67:8a:
         33:2b:dc:6c:82:c1:31:cd:61:41:e7:50:f7:81:b7:a4:5c:05:
         75:50:8c:e7:0c:aa:43:1d:58:be:f9:09:6d:4b:e6:d7:c9:7f:
         c0:aa:96:aa:19:ca:5a:04:66:bb:ee:2b:b0:74:68:fc:7f:3f:
         c0:49:ed:e9:d4:aa:4f:f2:4a:c5:47:37:67:4a:07:aa:6b:cf:
         1f:aa:da:de:08:23:25:64:a3:d5:71:0d:96:f3:8a:95:bf:1d:
         7e:70:f8:07:49:f0:a6:70:aa:e4:e1:9c:0c:30:f5:ba:72:b0:
         ba:6d:37:71:b7:2e:1e:b5:4f:a3:48:48:9b:99:68:07:88:0b:
         6c:22:3d:a6:a7:41:c4:8b:7f:7c:66:01:6a:8c:d4:9e:8c:4a:
         1d:d8:c9:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2YZS7faHYiddTe7S9JZnY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE2MjIyNDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTY5NjQxYTczMDljYjNiYWFiZTZiYzJlNjBjOTgxZDM0MmI3MDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx3znUKwdPfNgwNfLnze+Vt8an//
Th9kEY+UPoMvBDrAYnV6Nu3UVsBAZjXcSaTEp1MSPhqDuZfBK44HTBeLBJ6O264q
KOJHirqPyRezk1cnaM+FZB5Pe2GWA8X/UXTnewWx3BU4jC4arQfWV0taiGhGJANi
D6U99AGGnZK1yrygyb7s02r5ZbTnUuM5POvSz3gjvpop0uLgkhNjMCWTKPIZPxcF
Lr73+CKhTFc8ygOUrx+4B4hC8wDtnBF2cNWByV9cTkBcd/vmWfYsO6nipTtiVqIp
8aPyc0cY9QmD4jPiCEcN2tPcKm3FMK8xEN0MGx2E6r4n3NmjZdTERz0T7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOlpZBpzCcs7qr5rwuYMmB00K3BGMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNldsa0duTUp5enVxdm12QzVneVlIVFFyY0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkB/cAwQA
kB/hAwQAubBeMA0GCSqGSIb3DQEBCwUAA4IBAQAIxwZOl4Pebfq3puKSc0CsJLjq
0jPF+V2wGnZr+32quB99HlfrPlzQaWzdDyDVWlPWfCP4uAE2mVXenfxMLqnVpTNr
8yvpNMxbV+RfQxiqiCaVPGKDVMWETi/Wg1guUewVzTZojBWSVumgZ4ozK9xsgsEx
zWFB51D3gbekXAV1UIznDKpDHVi++QltS+bXyX/AqpaqGcpaBGa77iuwdGj8fz/A
Se3p1KpP8krFRzdnSgeqa88fqtreCCMlZKPVcQ2W84qVvx1+cPgHSfCmcKrk4ZwM
MPW6crC6bTdxty4etU+jSEibmWgHiAtsIj2mp0HEi398ZgFqjNSejEod2MlO
-----END CERTIFICATE-----