Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSDxUzc8Iuf9F0kwvU4dz8WnX8o.roa
File:                     NSDxUzc8Iuf9F0kwvU4dz8WnX8o.roa (raw, json)
Hash identifier:          WwWMFrjIFHNMm4qihL/ZU9W5mtIf4dHn/OkZ/SwUpag=
Subject key identifier:   35:20:F1:53:37:3C:22:E7:FD:17:49:30:BD:4E:1D:CF:C5:A7:5F:CA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C897C3FE9C8D1DB7138F3EAB157E4657F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSDxUzc8Iuf9F0kwvU4dz8WnX8o.roa
Signing time:             Mon 23 Feb 2026 07:52:27 +0000
ROA not before:           Mon 23 Feb 2026 07:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216039
IP address blocks:        144.31.220.0/24 maxlen: 24
                          144.31.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:7c:3f:e9:c8:d1:db:71:38:f3:ea:b1:57:e4:65:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 23 07:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3520f153373c22e7fd174930bd4e1dcfc5a75fca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:63:6a:e0:88:21:35:07:18:a3:ff:db:f2:10:
                    ff:0e:10:85:a3:e1:1f:9b:1a:16:6c:b2:69:ab:d8:
                    f4:88:58:16:eb:b9:ac:53:4f:55:34:b1:c7:5e:05:
                    d9:b6:17:46:24:49:d5:62:f9:29:c9:ca:1b:f4:1a:
                    e2:81:57:ea:d4:28:3d:f9:32:b5:cc:c8:a1:0e:90:
                    8f:b2:7c:1e:75:ba:f6:04:36:41:67:e3:7b:06:f1:
                    2a:ea:bd:c9:d6:e7:0c:a9:a6:65:56:2a:be:2e:20:
                    ba:86:f5:a3:27:ae:73:5d:3e:6f:f8:0b:27:68:78:
                    79:83:f0:2f:97:19:69:06:b1:16:ff:9b:fb:42:e5:
                    5b:f1:57:9b:fe:e5:6d:d7:4e:ee:12:67:ff:12:e7:
                    12:3c:69:c2:02:a9:e7:18:0c:4f:af:13:ef:73:37:
                    96:ea:89:fe:0c:aa:ed:44:61:e9:f5:b0:38:e4:cf:
                    c0:93:5c:dd:4c:9a:71:be:5e:20:b4:13:94:f2:65:
                    44:d9:da:95:79:8e:5a:3f:24:38:4e:a6:32:de:fe:
                    86:c8:b1:ab:7e:f8:3e:c1:13:02:39:8b:11:9b:ad:
                    9d:11:c6:b9:b5:df:e7:29:42:7f:08:e5:61:da:56:
                    bb:33:48:30:6a:29:16:d4:d2:19:12:0e:a9:fe:3f:
                    aa:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:20:F1:53:37:3C:22:E7:FD:17:49:30:BD:4E:1D:CF:C5:A7:5F:CA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NSDxUzc8Iuf9F0kwvU4dz8WnX8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.220.0/24
                  144.31.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:a9:20:f0:0d:42:6e:6c:46:8c:d4:59:b7:98:72:4b:73:73:
         63:ff:89:c1:3a:29:5d:4b:83:c4:e0:a7:4a:ba:72:34:ad:3b:
         a6:75:2c:df:d8:74:0c:34:3f:16:52:99:26:c3:21:74:9d:e8:
         f5:15:a3:46:16:17:2a:41:59:ae:87:65:99:2d:d7:90:00:ae:
         99:d5:c9:ab:9a:6a:07:4f:44:2f:b7:fb:fe:9f:1e:9d:3a:98:
         75:89:59:d8:b9:27:23:f2:33:cb:79:01:d9:8c:d4:1a:14:b8:
         f9:48:43:3d:75:7d:ef:6e:53:5c:8b:80:83:44:9f:d6:ba:bd:
         2c:25:0e:9a:44:67:7e:48:cc:7a:14:be:c1:f9:06:b8:86:b8:
         19:1a:63:98:69:14:3c:7c:03:85:70:11:e8:70:4e:a7:1f:a8:
         65:9e:2c:0d:e1:bc:9c:04:29:00:a2:a5:3a:dc:56:c8:90:7d:
         13:82:70:aa:d8:d5:da:b8:d4:aa:a9:3e:d2:8d:2f:1a:9b:9b:
         98:eb:ef:32:dd:a9:5b:c7:39:39:63:1e:8d:be:3f:05:69:93:
         0e:49:69:ef:25:54:a2:5e:33:98:3d:c1:01:40:6e:9f:67:36:
         3f:9b:4e:34:77:27:7e:66:58:79:35:6e:d8:de:54:83:1f:cf:
         2f:e7:f4:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyJfD/pyNHbcTjz6rFX5GV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjIzMDc1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTIwZjE1MzM3M2MyMmU3ZmQxNzQ5MzBiZDRlMWRjZmM1YTc1ZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2Nq4IghNQcYo//b8hD/DhCFo+Ef
mxoWbLJpq9j0iFgW67msU09VNLHHXgXZthdGJEnVYvkpycob9BrigVfq1Cg9+TK1
zMihDpCPsnwedbr2BDZBZ+N7BvEq6r3J1ucMqaZlViq+LiC6hvWjJ65zXT5v+Asn
aHh5g/AvlxlpBrEW/5v7QuVb8Veb/uVt107uEmf/EucSPGnCAqnnGAxPrxPvczeW
6on+DKrtRGHp9bA45M/Ak1zdTJpxvl4gtBOU8mVE2dqVeY5aPyQ4TqYy3v6GyLGr
fvg+wRMCOYsRm62dEca5td/nKUJ/COVh2la7M0gwaikW1NIZEg6p/j+qBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDUg8VM3PCLn/RdJML1OHc/Fp1/KMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTlNEeFV6YzhJdWY5RjBrd3ZVNGR6OFduWDhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkB/cAwQA
kB/hMA0GCSqGSIb3DQEBCwUAA4IBAQC5qSDwDUJubEaM1Fm3mHJLc3Nj/4nBOild
S4PE4KdKunI0rTumdSzf2HQMND8WUpkmwyF0nej1FaNGFhcqQVmuh2WZLdeQAK6Z
1cmrmmoHT0Qvt/v+nx6dOph1iVnYuScj8jPLeQHZjNQaFLj5SEM9dX3vblNci4CD
RJ/Wur0sJQ6aRGd+SMx6FL7B+Qa4hrgZGmOYaRQ8fAOFcBHocE6nH6hlniwN4byc
BCkAoqU63FbIkH0TgnCq2NXauNSqqT7SjS8am5uY6+8y3albxzk5Yx6Nvj8FaZMO
SWnvJVSiXjOYPcEBQG6fZzY/m040dyd+Zlh5NW7Y3lSDH88v5/Rc
-----END CERTIFICATE-----