Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hwpP4A7cLE1hU2E-LRvwgWQHkdw.roa
File:                     hwpP4A7cLE1hU2E-LRvwgWQHkdw.roa (raw, json)
Hash identifier:          YbGDfdUKrUJtjrS0qQnCADYCPRKnxozY3Nd+u0j2bog=
Subject key identifier:   87:0A:4F:E0:0E:DC:2C:4D:61:53:61:3E:2D:1B:F0:81:64:07:91:DC
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C5C8172DC92DDA340371B545610C7B017
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hwpP4A7cLE1hU2E-LRvwgWQHkdw.roa
Signing time:             Sat 14 Feb 2026 14:15:13 +0000
ROA not before:           Sat 14 Feb 2026 14:15:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207158
IP address blocks:        144.31.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5c:81:72:dc:92:dd:a3:40:37:1b:54:56:10:c7:b0:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 14 14:15:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=870a4fe00edc2c4d6153613e2d1bf081640791dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b6:e5:4c:4d:ac:ea:bf:6e:14:73:28:44:32:
                    2c:86:37:56:c9:cf:c4:91:84:15:49:bb:1a:1f:90:
                    d5:fd:40:c3:a8:88:e5:c3:0f:1c:db:12:2c:17:43:
                    41:49:bf:c0:d7:9e:3d:4d:9b:ff:62:64:00:8c:6f:
                    a3:0a:f8:33:3f:89:89:b8:08:a6:5b:61:5e:18:7a:
                    ae:91:3a:62:a3:8f:28:2c:ae:81:07:1e:11:85:59:
                    be:e8:14:96:ae:40:f0:cf:e3:b4:6e:06:7d:d3:2d:
                    d7:22:4b:70:4a:47:fa:84:91:a4:a6:57:98:df:a2:
                    00:9d:cb:98:60:7b:b2:eb:19:57:0a:33:98:db:0b:
                    6c:91:10:4f:cb:f9:55:34:8e:e0:f9:f6:dc:39:ca:
                    09:03:61:f5:f6:fb:4d:b3:35:cd:65:ad:c4:2a:ca:
                    2d:65:91:81:73:62:85:f3:cb:d9:62:8a:1f:6f:cd:
                    8c:c0:01:12:ea:df:ec:0e:aa:83:bc:35:4f:28:6f:
                    78:35:e7:15:c3:a0:31:3a:81:bb:62:00:b4:c0:4b:
                    3f:ca:65:93:b4:d6:6d:15:d8:1c:15:0b:4d:e1:c9:
                    cc:eb:40:4f:46:ee:6b:e3:1a:2e:c0:c2:a2:94:c6:
                    0e:3c:88:de:5b:91:d7:91:ea:97:1a:7f:aa:cf:42:
                    de:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0A:4F:E0:0E:DC:2C:4D:61:53:61:3E:2D:1B:F0:81:64:07:91:DC
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hwpP4A7cLE1hU2E-LRvwgWQHkdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:83:ac:40:a7:c7:80:1a:84:2f:50:22:31:c7:59:5c:60:26:
         58:5b:2c:f3:27:df:db:f2:9d:72:d6:b3:ea:18:27:8f:80:15:
         6c:69:2b:aa:a1:67:61:f0:6a:58:21:ff:31:ba:40:a0:b3:b0:
         e7:88:e8:f6:c3:7b:84:db:64:ff:2e:6d:cd:1f:5f:ec:8e:2f:
         e4:79:e7:66:71:88:90:92:29:e5:f7:c7:48:f6:0e:d6:6f:f8:
         77:2f:02:3f:91:bc:d2:4d:90:5a:71:70:fb:a5:dc:be:34:13:
         f1:53:18:11:08:aa:68:fd:09:f6:c6:55:da:6a:01:a2:1f:ec:
         99:44:6c:6f:5e:00:e3:07:e8:f5:6c:7c:e3:54:4e:b7:ad:cc:
         81:86:54:44:49:0d:3d:c9:68:ad:a3:f4:02:b3:83:ce:80:de:
         8f:5f:c7:62:de:59:21:68:64:69:ae:d2:a6:a4:77:5c:72:8e:
         5d:e8:61:bd:ad:13:fc:60:3d:98:52:aa:42:04:20:c5:fa:18:
         fe:35:4b:58:a3:d9:0b:3c:28:0d:4a:db:5b:7e:7d:89:d1:3a:
         18:b9:4f:75:4b:c4:f1:c0:9a:95:53:0a:53:11:00:4f:9f:7a:
         e9:04:2e:0f:c7:d4:cd:b4:51:78:1e:ef:51:2e:f9:77:7c:ee:
         a7:73:7b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxcgXLckt2jQDcbVFYQx7AXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjE0MTQxNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzBhNGZlMDBlZGMyYzRkNjE1MzYxM2UyZDFiZjA4MTY0MDc5MWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbblTE2s6r9uFHMoRDIshjdWyc/E
kYQVSbsaH5DV/UDDqIjlww8c2xIsF0NBSb/A1549TZv/YmQAjG+jCvgzP4mJuAim
W2FeGHqukTpio48oLK6BBx4RhVm+6BSWrkDwz+O0bgZ90y3XIktwSkf6hJGkpleY
36IAncuYYHuy6xlXCjOY2wtskRBPy/lVNI7g+fbcOcoJA2H19vtNszXNZa3EKsot
ZZGBc2KF88vZYoofb82MwAES6t/sDqqDvDVPKG94NecVw6AxOoG7YgC0wEs/ymWT
tNZtFdgcFQtN4cnM60BPRu5r4xouwMKilMYOPIjeW5HXkeqXGn+qz0LeKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcKT+AO3CxNYVNhPi0b8IFkB5HcMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaHdwUDRBN2NMRTFoVTJFLUxSdndnV1FIa2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+SMA0G
CSqGSIb3DQEBCwUAA4IBAQBog6xAp8eAGoQvUCIxx1lcYCZYWyzzJ9/b8p1y1rPq
GCePgBVsaSuqoWdh8GpYIf8xukCgs7DniOj2w3uE22T/Lm3NH1/sji/keedmcYiQ
kinl98dI9g7Wb/h3LwI/kbzSTZBacXD7pdy+NBPxUxgRCKpo/Qn2xlXaagGiH+yZ
RGxvXgDjB+j1bHzjVE63rcyBhlRESQ09yWito/QCs4POgN6PX8di3lkhaGRprtKm
pHdcco5d6GG9rRP8YD2YUqpCBCDF+hj+NUtYo9kLPCgNSttbfn2J0ToYuU91S8Tx
wJqVUwpTEQBPn3rpBC4Px9TNtFF4Hu9RLvl3fO6nc3v+
-----END CERTIFICATE-----