Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PjjCR0-2MiqHkuWoKSMfefOS-wA.roa
File:                     PjjCR0-2MiqHkuWoKSMfefOS-wA.roa (raw, json)
Hash identifier:          Hgs7L7sNVgJnle5hYFdCQTumaD781ZVWWKRpG1v/MsU=
Subject key identifier:   3E:38:C2:47:4F:B6:32:2A:87:92:E5:A8:29:23:1F:79:F3:92:FB:00
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C4D9E1C88BE82288930808B29A643AEF1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PjjCR0-2MiqHkuWoKSMfefOS-wA.roa
Signing time:             Wed 11 Feb 2026 16:52:13 +0000
ROA not before:           Wed 11 Feb 2026 16:52:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        144.31.47.0/24 maxlen: 24
                          144.31.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:9e:1c:88:be:82:28:89:30:80:8b:29:a6:43:ae:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 11 16:52:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e38c2474fb6322a8792e5a829231f79f392fb00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6c:ac:94:76:37:ab:81:28:68:c0:21:21:c3:
                    59:5c:39:62:dc:15:51:94:34:d8:63:a1:e8:fd:3b:
                    af:5f:91:f7:6c:1a:39:78:11:4d:0e:94:92:c7:6c:
                    20:eb:f8:6a:be:6c:8e:8f:5d:44:55:a5:85:d1:d8:
                    c9:46:8d:f2:92:ef:d3:19:44:a6:db:0f:2e:2d:f0:
                    1b:b2:4b:0a:ff:8f:66:29:4e:e8:77:2a:43:ae:76:
                    79:8c:a9:80:38:a6:e1:7b:c4:ad:0e:88:74:5c:8e:
                    05:87:45:98:00:88:ad:62:38:50:58:58:f4:0b:79:
                    b4:7c:78:6a:64:1e:46:cb:a0:55:18:e0:5b:5f:1b:
                    b3:de:f4:74:c9:ee:a8:04:89:f1:f6:0f:16:47:2b:
                    28:9e:e4:0f:a7:9b:7d:7a:5a:85:88:9a:7e:5f:78:
                    ba:7f:09:c7:35:b3:01:44:55:e9:57:c2:e6:18:6a:
                    ba:89:ac:4a:d4:97:63:59:33:a6:6e:69:b0:b8:5a:
                    d1:57:18:c6:5c:37:b0:6d:0b:39:ec:59:df:07:ae:
                    74:17:2e:7b:dc:d2:d8:5e:cf:63:65:cd:09:b2:e8:
                    f8:cf:1e:5f:f0:83:57:f3:ab:d5:c8:fe:b9:3f:bf:
                    c3:47:7a:6f:c9:9d:af:c2:4e:1a:94:58:2b:a9:6d:
                    af:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:38:C2:47:4F:B6:32:2A:87:92:E5:A8:29:23:1F:79:F3:92:FB:00
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PjjCR0-2MiqHkuWoKSMfefOS-wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.47.0/24
                  144.31.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:8d:dc:88:cb:6c:cb:6c:44:49:9a:5e:0f:6f:f8:7f:4e:24:
         bf:b5:db:9d:7d:65:50:86:5a:8d:64:8e:12:3c:08:d0:c4:5d:
         ab:d2:76:bf:e5:c8:ab:54:bd:35:9b:ea:9d:6d:9d:86:0f:03:
         cf:c8:55:5a:3c:d9:15:b3:79:c8:2c:06:ad:6e:81:eb:23:78:
         0f:dc:ff:09:f7:43:a9:1c:1f:c9:8e:6a:51:bc:2b:40:31:16:
         b6:ef:98:a2:34:b7:a2:5a:07:ec:2b:0a:59:cc:50:2d:19:72:
         7f:83:78:4b:1a:01:20:9d:d5:be:47:8b:8c:b0:dd:b8:55:ec:
         fe:d0:8a:85:cf:29:48:a3:4e:15:15:6f:20:15:6b:c8:e8:c6:
         c5:ea:e8:de:d3:93:7d:c2:79:7b:b8:3d:02:ca:cf:8e:c2:34:
         62:5d:a6:7c:e0:f1:45:d6:1c:09:2d:ec:8b:86:53:4c:11:80:
         de:ba:c3:b1:17:02:ba:11:18:33:37:80:a7:15:39:f3:bf:a3:
         5c:25:f5:16:46:ca:58:9b:26:47:ad:87:ba:07:4f:4f:03:d2:
         59:30:7c:df:51:2f:e7:e7:be:30:07:73:2d:d0:db:ee:e0:5b:
         0f:88:fe:16:98:aa:4d:e2:24:63:bf:5c:0b:74:99:e2:91:7c:
         72:70:a0:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxNnhyIvoIoiTCAiymmQ67xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjExMTY1MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTM4YzI0NzRmYjYzMjJhODc5MmU1YTgyOTIzMWY3OWYzOTJmYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12yslHY3q4EoaMAhIcNZXDli3BVR
lDTYY6Ho/TuvX5H3bBo5eBFNDpSSx2wg6/hqvmyOj11EVaWF0djJRo3yku/TGUSm
2w8uLfAbsksK/49mKU7odypDrnZ5jKmAOKbhe8StDoh0XI4Fh0WYAIitYjhQWFj0
C3m0fHhqZB5Gy6BVGOBbXxuz3vR0ye6oBInx9g8WRysonuQPp5t9elqFiJp+X3i6
fwnHNbMBRFXpV8LmGGq6iaxK1JdjWTOmbmmwuFrRVxjGXDewbQs57FnfB650Fy57
3NLYXs9jZc0Jsuj4zx5f8INX86vVyP65P7/DR3pvyZ2vwk4alFgrqW2v3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD44wkdPtjIqh5LlqCkjH3nzkvsAMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUGpqQ1IwLTJNaXFIa3VXb0tTTWZlZk9TLXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkB8vAwQA
kB+UMA0GCSqGSIb3DQEBCwUAA4IBAQCnjdyIy2zLbERJml4Pb/h/TiS/tdudfWVQ
hlqNZI4SPAjQxF2r0na/5cirVL01m+qdbZ2GDwPPyFVaPNkVs3nILAatboHrI3gP
3P8J90OpHB/JjmpRvCtAMRa275iiNLeiWgfsKwpZzFAtGXJ/g3hLGgEgndW+R4uM
sN24Vez+0IqFzylIo04VFW8gFWvI6MbF6uje05N9wnl7uD0Cys+OwjRiXaZ84PFF
1hwJLeyLhlNMEYDeusOxFwK6ERgzN4CnFTnzv6NcJfUWRspYmyZHrYe6B09PA9JZ
MHzfUS/n574wB3Mt0Nvu4FsPiP4WmKpN4iRjv1wLdJnikXxycKDZ
-----END CERTIFICATE-----