Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TKF7bsmJRAO60lfZ9kc0iV4xlMA.roa
File:                     TKF7bsmJRAO60lfZ9kc0iV4xlMA.roa (raw, json)
Hash identifier:          QQEU8052EXVF4pREqclORfsYc6oV73ZMhIKXfwXQkgc=
Subject key identifier:   4C:A1:7B:6E:C9:89:44:03:BA:D2:57:D9:F6:47:34:89:5E:31:94:C0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C4D9E1B4733E82E90E1C32F87BC787BE6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TKF7bsmJRAO60lfZ9kc0iV4xlMA.roa
Signing time:             Wed 11 Feb 2026 16:52:13 +0000
ROA not before:           Wed 11 Feb 2026 16:52:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20326
IP address blocks:        144.31.157.0/24 maxlen: 24
                          144.31.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4d:9e:1b:47:33:e8:2e:90:e1:c3:2f:87:bc:78:7b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 11 16:52:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ca17b6ec9894403bad257d9f64734895e3194c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2f:e4:67:0d:1e:b1:81:2e:cb:a1:ce:8a:9f:
                    da:24:5c:56:4c:00:27:aa:2f:59:22:3c:ae:fa:09:
                    cc:e0:48:bd:fa:ca:98:c6:5f:cd:25:1f:bb:12:bc:
                    87:e0:b1:3a:d1:a0:05:1b:e3:f1:41:de:a0:dd:72:
                    e2:98:60:49:25:87:34:ae:37:f0:3e:b4:09:48:1c:
                    92:c3:ed:3a:47:b5:38:82:36:25:b7:e3:e1:87:fb:
                    bf:e9:4f:b4:35:95:32:8e:84:8d:23:11:cb:e8:f9:
                    f0:3a:41:85:39:4e:a0:bb:ba:6a:e4:f2:56:3b:ae:
                    93:44:43:56:01:df:8c:c1:b1:b9:72:51:fc:38:dc:
                    ad:fb:4f:0c:5c:2d:cd:1e:df:ce:c0:8f:63:4f:ce:
                    00:fc:17:d9:d0:44:b1:e6:3e:f1:a1:6f:f6:04:cc:
                    a5:25:9d:4e:e0:a6:dc:8f:4d:7f:11:f0:50:b5:1e:
                    9a:f4:bf:70:b8:f4:c3:a6:d6:f0:8d:6b:b9:50:b3:
                    85:cc:63:f0:0c:47:49:43:ed:5e:e9:8d:d3:8f:65:
                    91:2d:fa:94:43:1f:be:29:b5:9f:4f:b4:a1:92:4b:
                    89:22:cc:fe:c9:f8:06:b7:2c:7d:ca:0c:cd:d6:92:
                    aa:60:75:47:2f:92:8a:fc:dd:32:b6:70:4a:6b:8e:
                    d4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A1:7B:6E:C9:89:44:03:BA:D2:57:D9:F6:47:34:89:5E:31:94:C0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TKF7bsmJRAO60lfZ9kc0iV4xlMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.157.0-144.31.158.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:8c:0f:90:a2:a5:1f:50:14:60:5f:88:20:43:19:df:c9:4e:
         93:ba:48:ce:dc:b2:9c:f2:99:62:58:70:8d:1a:1a:30:ab:ed:
         ca:3d:20:43:1b:3c:3d:13:ec:e2:ee:59:30:69:1c:7a:3b:c4:
         0e:22:0b:ce:af:7a:1f:98:1d:b2:40:4c:62:71:3a:1f:16:b3:
         16:ca:06:5a:40:9a:b0:8d:1f:39:17:04:83:52:87:87:6e:23:
         93:a0:61:e3:8b:b9:aa:5f:45:95:83:a8:45:c9:26:59:fe:4f:
         41:fe:1a:fd:66:9e:f2:cc:14:5f:de:84:cd:77:a6:12:8d:86:
         33:c5:1d:4d:55:86:4e:64:38:26:85:9f:f2:69:e9:a0:02:36:
         14:2e:67:be:96:32:5c:0a:05:2a:88:d9:d7:d5:f6:87:f3:45:
         af:58:97:0f:15:17:aa:24:f6:50:c1:26:7d:2e:3d:0b:b3:4a:
         50:37:96:fb:ea:72:ac:e1:6d:56:f3:d6:a3:bb:c5:8b:f6:d6:
         ae:ba:ad:85:2e:08:b9:be:d7:32:8a:8b:f4:9a:87:c8:93:05:
         a8:9c:a1:c2:b3:d8:49:ab:af:cd:ed:7f:86:d2:36:91:7c:43:
         b5:58:ab:a5:fc:19:24:4b:08:e1:f2:ff:88:3f:f3:d8:20:c1:
         99:8a:7e:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZxNnhtHM+gukOHDL4e8eHvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjExMTY1MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ExN2I2ZWM5ODk0NDAzYmFkMjU3ZDlmNjQ3MzQ4OTVlMzE5NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC/kZw0esYEuy6HOip/aJFxWTAAn
qi9ZIjyu+gnM4Ei9+sqYxl/NJR+7EryH4LE60aAFG+PxQd6g3XLimGBJJYc0rjfw
PrQJSBySw+06R7U4gjYlt+Phh/u/6U+0NZUyjoSNIxHL6PnwOkGFOU6gu7pq5PJW
O66TRENWAd+MwbG5clH8ONyt+08MXC3NHt/OwI9jT84A/BfZ0ESx5j7xoW/2BMyl
JZ1O4Kbcj01/EfBQtR6a9L9wuPTDptbwjWu5ULOFzGPwDEdJQ+1e6Y3Tj2WRLfqU
Qx++KbWfT7ShkkuJIsz+yfgGtyx9ygzN1pKqYHVHL5KK/N0ytnBKa47UCwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEyhe27JiUQDutJX2fZHNIleMZTAMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVEtGN2JzbUpSQU82MGxmWjlrYzBpVjR4bE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACQH50D
BACQH54wDQYJKoZIhvcNAQELBQADggEBAB2MD5CipR9QFGBfiCBDGd/JTpO6SM7c
spzymWJYcI0aGjCr7co9IEMbPD0T7OLuWTBpHHo7xA4iC86veh+YHbJATGJxOh8W
sxbKBlpAmrCNHzkXBINSh4duI5OgYeOLuapfRZWDqEXJJln+T0H+Gv1mnvLMFF/e
hM13phKNhjPFHU1Vhk5kOCaFn/Jp6aACNhQuZ76WMlwKBSqI2dfV9ofzRa9Ylw8V
F6ok9lDBJn0uPQuzSlA3lvvqcqzhbVbz1qO7xYv21q66rYUuCLm+1zKKi/Sah8iT
BaicocKz2Emrr83tf4bSNpF8Q7VYq6X8GSRLCOHy/4g/89ggwZmKfmY=
-----END CERTIFICATE-----