Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bFrnz5hNxoOKQUoeECje5XH_IHw.roa
File:                     bFrnz5hNxoOKQUoeECje5XH_IHw.roa (raw, json)
Hash identifier:          hZxp/TPW+ME13jYEA+NquskFitsTGA1HtuwYTqSFdYs=
Subject key identifier:   6C:5A:E7:CF:98:4D:C6:83:8A:41:4A:1E:10:28:DE:E5:71:FF:20:7C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C5C81728DB0EFFDCE5D5CF0F60E6C4081
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bFrnz5hNxoOKQUoeECje5XH_IHw.roa
Signing time:             Sat 14 Feb 2026 14:15:13 +0000
ROA not before:           Sat 14 Feb 2026 14:15:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205502
IP address blocks:        144.31.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5c:81:72:8d:b0:ef:fd:ce:5d:5c:f0:f6:0e:6c:40:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 14 14:15:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c5ae7cf984dc6838a414a1e1028dee571ff207c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:25:19:ef:5e:a0:0b:10:bd:83:6a:05:06:
                    7b:0b:fd:62:b7:3d:35:21:70:63:de:3f:48:1e:af:
                    52:bd:cc:58:4d:d5:c4:5b:bf:81:20:fa:ca:b6:9a:
                    98:bf:19:e7:bb:2a:a5:8d:0f:3f:ec:21:00:81:a0:
                    1e:39:a4:6d:db:9e:15:06:62:40:1b:c7:28:c8:30:
                    96:a3:f0:f4:7f:67:5f:58:1a:4f:09:14:fa:c1:0a:
                    85:a1:c3:7a:a5:e8:c7:6e:32:f5:eb:7f:f6:b4:bf:
                    a0:00:92:f6:e8:15:cf:48:25:fe:c6:f2:24:a8:c3:
                    09:41:c2:5f:c1:23:a5:61:58:0f:b9:05:5a:71:41:
                    42:ca:ed:1a:00:19:66:aa:87:5e:63:cb:42:d0:4b:
                    2b:88:7b:b3:51:8f:b6:3a:bd:99:6f:04:63:d4:d0:
                    e7:90:ff:ca:0f:63:63:28:09:b7:37:6a:85:13:b3:
                    c9:72:5c:32:db:e6:c3:16:89:93:d1:14:fd:75:0a:
                    36:94:e5:82:18:6c:3b:6d:3d:eb:15:cc:5f:fe:56:
                    8c:63:38:5c:68:45:ab:89:d9:15:f3:e7:b7:a3:e4:
                    a7:fd:2e:43:84:20:64:92:26:f7:7f:3d:b2:19:38:
                    db:54:97:dd:4e:fb:b2:70:24:e6:b3:2a:e8:c6:5f:
                    b1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5A:E7:CF:98:4D:C6:83:8A:41:4A:1E:10:28:DE:E5:71:FF:20:7C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bFrnz5hNxoOKQUoeECje5XH_IHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:0c:ae:95:46:5e:a3:ef:3d:59:d6:b5:c0:3a:f5:22:6c:19:
         b3:ad:f2:40:c3:2f:8d:e1:0d:0b:5b:da:aa:0c:a2:2c:7c:9f:
         04:fa:4b:73:86:01:60:ff:5f:79:88:3c:92:0d:ad:8d:0d:24:
         e2:a7:4e:19:26:79:b4:6b:30:79:29:b3:11:82:4d:50:47:bb:
         8a:dd:e4:c9:95:3f:a0:d3:41:d1:a2:2c:27:11:95:86:e4:bf:
         93:e4:47:3f:56:4f:06:db:b1:6c:c9:d9:75:47:b7:5c:7b:17:
         dc:0b:76:f1:e4:9c:7f:e9:63:8b:e2:92:ef:47:0f:69:ef:58:
         7e:12:3e:42:54:1e:38:44:17:9f:e1:75:8e:07:69:52:d9:3b:
         32:69:47:12:fd:a1:b5:72:f6:f3:f7:da:98:0d:0f:e5:1b:dd:
         0e:06:29:3a:6c:2d:f4:95:5a:3d:56:12:b2:d7:75:38:36:7d:
         2e:29:67:14:5e:5f:71:b3:44:4a:24:92:d0:d0:a3:17:c8:38:
         e4:82:c7:f8:1b:ac:c4:56:cc:53:94:3d:6a:67:b4:6a:fd:af:
         40:f6:bf:fb:cf:8c:63:fb:8a:f7:dd:27:1a:87:26:ca:38:c2:
         89:f2:c3:f6:ad:1e:94:45:2f:eb:fb:b8:27:66:74:a9:97:3c:
         dd:d1:46:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxcgXKNsO/9zl1c8PYObECBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjE0MTQxNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVhZTdjZjk4NGRjNjgzOGE0MTRhMWUxMDI4ZGVlNTcxZmYyMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh4lGe9eoAsQvYNqBQZ7C/1itz01
IXBj3j9IHq9SvcxYTdXEW7+BIPrKtpqYvxnnuyqljQ8/7CEAgaAeOaRt254VBmJA
G8coyDCWo/D0f2dfWBpPCRT6wQqFocN6pejHbjL163/2tL+gAJL26BXPSCX+xvIk
qMMJQcJfwSOlYVgPuQVacUFCyu0aABlmqodeY8tC0EsriHuzUY+2Or2ZbwRj1NDn
kP/KD2NjKAm3N2qFE7PJclwy2+bDFomT0RT9dQo2lOWCGGw7bT3rFcxf/laMYzhc
aEWridkV8+e3o+Sn/S5DhCBkkib3fz2yGTjbVJfdTvuycCTmsyroxl+xcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxa58+YTcaDikFKHhAo3uVx/yB8MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYkZybno1aE54b09LUVVvZUVDamU1WEhfSUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+RMA0G
CSqGSIb3DQEBCwUAA4IBAQAODK6VRl6j7z1Z1rXAOvUibBmzrfJAwy+N4Q0LW9qq
DKIsfJ8E+ktzhgFg/195iDySDa2NDSTip04ZJnm0azB5KbMRgk1QR7uK3eTJlT+g
00HRoiwnEZWG5L+T5Ec/Vk8G27Fsydl1R7dcexfcC3bx5Jx/6WOL4pLvRw9p71h+
Ej5CVB44RBef4XWOB2lS2TsyaUcS/aG1cvbz99qYDQ/lG90OBik6bC30lVo9VhKy
13U4Nn0uKWcUXl9xs0RKJJLQ0KMXyDjkgsf4G6zEVsxTlD1qZ7Rq/a9A9r/7z4xj
+4r33ScahybKOMKJ8sP2rR6URS/r+7gnZnSplzzd0Ua3
-----END CERTIFICATE-----