Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bejgPZg79MCof-q5QKdptVHAuw8.roa
File:                     bejgPZg79MCof-q5QKdptVHAuw8.roa (raw, json)
Hash identifier:          bF9SNK0kdwGyaW2Nn+YAEW0H1qOnWhT6KFdnTDd6L18=
Subject key identifier:   6D:E8:E0:3D:98:3B:F4:C0:A8:7F:EA:B9:40:A7:69:B5:51:C0:BB:0F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C4356E0EF1C1D23AABDD5FA533C79783D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bejgPZg79MCof-q5QKdptVHAuw8.roa
Signing time:             Mon 09 Feb 2026 16:58:13 +0000
ROA not before:           Mon 09 Feb 2026 16:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        144.31.46.0/24 maxlen: 24
                          144.31.147.0/24 maxlen: 24
                          144.31.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:43:56:e0:ef:1c:1d:23:aa:bd:d5:fa:53:3c:79:78:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb  9 16:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6de8e03d983bf4c0a87feab940a769b551c0bb0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:ed:95:02:dc:ae:72:ec:b4:f7:23:9f:4d:
                    df:ef:8d:46:69:d9:b2:d3:0e:0e:44:6e:e0:46:24:
                    7a:85:3a:e3:8c:1d:3c:0e:d8:90:0c:59:d0:6a:e5:
                    86:7a:28:69:e5:b2:31:04:d0:77:ad:af:0b:f0:7d:
                    83:32:a8:5f:e2:b5:66:de:2a:46:be:14:bc:70:2f:
                    fa:c8:63:00:69:ab:3f:60:9a:0c:83:ee:a3:42:59:
                    8b:ae:c0:98:27:45:d7:cc:3b:5c:a4:74:72:53:fb:
                    54:d9:b6:4b:4f:15:72:d7:78:a5:9d:80:62:69:00:
                    b3:28:06:cd:9c:23:2d:80:80:e8:93:ac:f9:ab:20:
                    6e:ba:30:59:a8:42:fb:8e:e4:51:ee:5f:ab:1a:fe:
                    76:56:c3:d8:fc:52:48:57:7e:30:75:07:ac:a4:bb:
                    8d:89:cd:74:1e:26:27:d4:c9:ff:78:a3:19:41:3f:
                    af:b4:fa:82:19:5a:15:a3:f7:fa:a2:f9:d2:10:1f:
                    9d:16:6b:eb:94:ad:66:20:dd:48:9f:d2:fb:0c:35:
                    6f:99:e5:8c:05:8a:e9:e9:f6:7b:37:08:f2:53:83:
                    36:29:64:73:37:d0:1c:23:b9:62:26:ba:92:cf:73:
                    f7:47:c8:2d:4e:59:4b:1e:9f:db:43:a0:67:db:73:
                    e1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E8:E0:3D:98:3B:F4:C0:A8:7F:EA:B9:40:A7:69:B5:51:C0:BB:0F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bejgPZg79MCof-q5QKdptVHAuw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.46.0/24
                  144.31.147.0/24
                  144.31.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c5:3b:4a:05:d3:6d:86:5a:06:f6:d2:44:99:93:20:85:ee:
         97:91:16:c5:49:55:83:2c:3c:fe:59:21:c5:e7:26:b4:2f:17:
         50:ae:67:e5:dd:26:e2:e4:6b:c3:90:ec:85:9d:4d:94:f3:56:
         3e:39:cd:57:5e:54:c5:c1:05:cd:5c:7f:af:80:b3:71:0c:3e:
         27:2b:18:8f:13:08:30:cc:5b:6d:01:5c:b7:89:6b:88:d7:b0:
         7c:a6:62:59:eb:f6:47:da:6f:a8:32:92:c4:e5:ab:55:28:f2:
         67:56:2c:af:0b:62:d6:c3:40:3e:7d:a9:57:10:f0:f6:7e:98:
         58:99:b5:12:3c:5f:fa:48:94:f5:32:74:33:18:79:0e:91:ac:
         8e:46:1f:c6:2c:5f:d2:22:94:98:ed:80:5e:6f:9e:5f:9d:3f:
         4e:eb:f1:c7:9a:ee:17:bc:fe:73:c4:ba:72:c9:9c:c2:76:03:
         8e:c8:9e:8f:45:57:ee:4e:08:d6:93:61:47:0d:81:28:53:f1:
         54:02:1d:07:84:d7:8d:b6:0d:2b:58:6a:fc:e9:02:67:1f:d3:
         be:81:41:eb:ab:be:4f:4c:21:50:23:5f:b0:90:5b:d7:0f:86:
         39:39:b8:a3:65:12:81:c7:52:87:43:81:dd:7c:71:5a:f6:cc:
         a4:39:bb:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxDVuDvHB0jqr3V+lM8eXg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA5MTY1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGU4ZTAzZDk4M2JmNGMwYTg3ZmVhYjk0MGE3NjliNTUxYzBiYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs//tlQLcrnLstPcjn03f741Gadmy
0w4ORG7gRiR6hTrjjB08DtiQDFnQauWGeihp5bIxBNB3ra8L8H2DMqhf4rVm3ipG
vhS8cC/6yGMAaas/YJoMg+6jQlmLrsCYJ0XXzDtcpHRyU/tU2bZLTxVy13ilnYBi
aQCzKAbNnCMtgIDok6z5qyBuujBZqEL7juRR7l+rGv52VsPY/FJIV34wdQespLuN
ic10HiYn1Mn/eKMZQT+vtPqCGVoVo/f6ovnSEB+dFmvrlK1mIN1In9L7DDVvmeWM
BYrp6fZ7NwjyU4M2KWRzN9AcI7liJrqSz3P3R8gtTllLHp/bQ6Bn23PhdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG3o4D2YO/TAqH/quUCnabVRwLsPMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYmVqZ1BaZzc5TUNvZi1xNVFLZHB0VkhBdXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkB8uAwQA
kB+TAwQAkB+cMA0GCSqGSIb3DQEBCwUAA4IBAQCKxTtKBdNthloG9tJEmZMghe6X
kRbFSVWDLDz+WSHF5ya0LxdQrmfl3Sbi5GvDkOyFnU2U81Y+Oc1XXlTFwQXNXH+v
gLNxDD4nKxiPEwgwzFttAVy3iWuI17B8pmJZ6/ZH2m+oMpLE5atVKPJnViyvC2LW
w0A+falXEPD2fphYmbUSPF/6SJT1MnQzGHkOkayORh/GLF/SIpSY7YBeb55fnT9O
6/HHmu4XvP5zxLpyyZzCdgOOyJ6PRVfuTgjWk2FHDYEoU/FUAh0HhNeNtg0rWGr8
6QJnH9O+gUHrq75PTCFQI1+wkFvXD4Y5ObijZRKBx1KHQ4HdfHFa9sykObvn
-----END CERTIFICATE-----