Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QyG0safoS5XjrxY8oUX_RRyHXc8.roa
File:                     QyG0safoS5XjrxY8oUX_RRyHXc8.roa (raw, json)
Hash identifier:          H9+bKM8Ta7X4VAVqlQr09+xvISwfqEXFXZVnjpYzZNY=
Subject key identifier:   43:21:B4:B1:A7:E8:4B:95:E3:AF:16:3C:A1:45:FF:45:1C:87:5D:CF
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C53E885097D382B52205EC88179013B02
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QyG0safoS5XjrxY8oUX_RRyHXc8.roa
Signing time:             Thu 12 Feb 2026 22:11:13 +0000
ROA not before:           Thu 12 Feb 2026 22:11:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201398
IP address blocks:        144.31.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:53:e8:85:09:7d:38:2b:52:20:5e:c8:81:79:01:3b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 12 22:11:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4321b4b1a7e84b95e3af163ca145ff451c875dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:a2:80:e1:63:93:1a:c2:e2:7d:a2:5b:f6:
                    19:97:4e:8c:51:b9:49:a4:14:a7:d6:0c:28:58:b6:
                    bd:74:a7:5e:6e:27:0a:f3:ea:3b:1d:be:df:13:a1:
                    ad:93:85:0a:6c:f7:a3:18:04:c0:32:21:ac:86:54:
                    71:bc:7d:2f:7c:e5:c2:8a:15:87:75:eb:61:5f:69:
                    56:3c:66:ec:4a:53:de:51:7e:af:44:86:20:e5:64:
                    76:7a:25:9b:7a:a3:cd:46:84:fa:bb:0e:ff:10:80:
                    89:ad:a2:2a:5e:f4:c3:18:a1:eb:3c:84:34:c3:e7:
                    fa:cc:63:b8:10:64:c9:c9:44:16:ae:78:e6:14:c7:
                    28:f9:68:5e:98:14:5c:d0:e8:fb:6c:ba:48:2a:db:
                    7d:09:d2:91:85:70:c1:bc:f2:76:f4:00:94:ef:1f:
                    05:fb:f2:84:bd:14:df:23:49:0d:8f:c1:7d:0d:7b:
                    51:cf:ea:61:9d:50:de:92:11:c8:e7:0a:c1:87:9e:
                    06:70:ca:b3:f5:37:25:5d:29:b5:2e:ca:d6:fe:16:
                    b2:8f:ee:fb:13:f6:e4:43:3a:d2:be:cd:5e:28:04:
                    ee:7e:e5:89:bb:e3:ca:cf:57:0d:3c:96:c3:2d:4d:
                    9d:69:d7:97:3b:ae:6a:6e:5a:61:6b:df:e6:5f:9e:
                    9a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:21:B4:B1:A7:E8:4B:95:E3:AF:16:3C:A1:45:FF:45:1C:87:5D:CF
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QyG0safoS5XjrxY8oUX_RRyHXc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:4b:c7:47:84:9b:05:11:e8:b3:13:c8:11:51:4e:57:4e:d1:
         41:09:a3:38:cc:e0:0e:f4:a9:cd:ac:5a:5e:f9:c5:38:f0:df:
         3e:4f:9a:57:c9:b5:c3:37:c5:fe:ec:5f:85:5e:ac:f6:50:81:
         82:7f:e2:94:03:60:28:ba:f1:03:6c:2c:0d:86:31:36:37:96:
         76:bf:72:0c:14:2a:a2:79:3b:4f:8d:3e:cc:79:71:09:8c:67:
         ef:6b:e3:6d:e2:4c:bb:4a:d8:5e:e6:09:61:80:61:d7:5a:71:
         63:96:53:bc:5c:f0:05:9f:a3:0a:70:f4:b5:62:b8:d8:d0:ae:
         df:da:40:85:81:38:b1:af:4c:2b:de:e8:af:e5:33:ae:d4:5f:
         64:b8:df:94:2d:2f:8e:77:31:3f:de:56:5c:63:78:4a:74:8b:
         dd:0a:3f:4a:0c:1e:37:23:8c:38:52:74:36:b6:65:de:aa:e3:
         bb:54:96:71:e2:f1:3c:85:89:2b:05:a8:b1:1e:d4:be:a1:4f:
         6b:ec:06:87:1d:c4:3f:a4:c4:c9:3e:e8:b0:61:47:9a:78:4b:
         91:c5:27:c5:45:ee:82:ba:09:4f:6d:10:46:8c:95:e5:bf:06:
         34:12:dc:a1:de:b1:73:31:81:ca:e7:92:e3:fc:df:a9:a1:da:
         6e:a0:a1:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxT6IUJfTgrUiBeyIF5ATsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjEyMjIxMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzIxYjRiMWE3ZTg0Yjk1ZTNhZjE2M2NhMTQ1ZmY0NTFjODc1ZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJKigOFjkxrC4n2iW/YZl06MUblJ
pBSn1gwoWLa9dKdebicK8+o7Hb7fE6Gtk4UKbPejGATAMiGshlRxvH0vfOXCihWH
dethX2lWPGbsSlPeUX6vRIYg5WR2eiWbeqPNRoT6uw7/EICJraIqXvTDGKHrPIQ0
w+f6zGO4EGTJyUQWrnjmFMco+WhemBRc0Oj7bLpIKtt9CdKRhXDBvPJ29ACU7x8F
+/KEvRTfI0kNj8F9DXtRz+phnVDekhHI5wrBh54GcMqz9TclXSm1LsrW/hayj+77
E/bkQzrSvs1eKATufuWJu+PKz1cNPJbDLU2dadeXO65qblpha9/mX56ayQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMhtLGn6EuV468WPKFF/0Uch13PMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUXlHMHNhZm9TNVhqcnhZOG9VWF9SUnlIWGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+WMA0G
CSqGSIb3DQEBCwUAA4IBAQBuS8dHhJsFEeizE8gRUU5XTtFBCaM4zOAO9KnNrFpe
+cU48N8+T5pXybXDN8X+7F+FXqz2UIGCf+KUA2AouvEDbCwNhjE2N5Z2v3IMFCqi
eTtPjT7MeXEJjGfva+Nt4ky7Sthe5glhgGHXWnFjllO8XPAFn6MKcPS1YrjY0K7f
2kCFgTixr0wr3uiv5TOu1F9kuN+ULS+OdzE/3lZcY3hKdIvdCj9KDB43I4w4UnQ2
tmXequO7VJZx4vE8hYkrBaixHtS+oU9r7AaHHcQ/pMTJPuiwYUeaeEuRxSfFRe6C
uglPbRBGjJXlvwY0Etyh3rFzMYHK55Lj/N+podpuoKFI
-----END CERTIFICATE-----