Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uF1a5RDsGwVQUEF3aGlru9IDfQA.roa
File:                     uF1a5RDsGwVQUEF3aGlru9IDfQA.roa (raw, json)
Hash identifier:          Xlh2CZ9oBOJjXgQ0otUm0rt7sUhq+1hP01FPz+zpWvI=
Subject key identifier:   B8:5D:5A:E5:10:EC:1B:05:50:50:41:77:68:69:6B:BB:D2:03:7D:00
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C52BE0E394FE6FFB2E1C28692D4E80920
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uF1a5RDsGwVQUEF3aGlru9IDfQA.roa
Signing time:             Thu 12 Feb 2026 16:45:13 +0000
ROA not before:           Thu 12 Feb 2026 16:45:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        144.31.149.0/24 maxlen: 24
                          144.31.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:52:be:0e:39:4f:e6:ff:b2:e1:c2:86:92:d4:e8:09:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 12 16:45:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b85d5ae510ec1b055050417768696bbbd2037d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:36:30:a1:d7:8d:e8:63:c1:01:13:f6:1f:94:
                    14:f8:04:c1:b8:09:9d:87:53:33:92:ea:c0:7d:f5:
                    9f:a8:49:73:f9:4a:68:7c:0d:23:f7:68:e4:01:91:
                    ff:11:b3:98:a7:5a:72:e0:6a:fc:0d:a0:98:38:9b:
                    09:fd:36:bd:da:b5:6e:fe:67:8d:3c:b9:c3:de:69:
                    9c:3c:2c:6d:10:84:ee:84:90:d6:80:88:76:72:26:
                    e1:3c:c2:98:52:09:95:e3:b6:80:db:ce:1d:55:e6:
                    6b:e6:a6:33:5e:ed:79:f0:b0:a8:d1:46:b7:a5:b3:
                    9f:a4:0f:f1:46:f4:07:7c:ff:e1:bf:5e:15:ac:82:
                    dc:3e:89:e2:f8:92:99:e0:a5:ac:71:d6:63:5e:12:
                    bf:e0:9e:e4:c0:6c:24:02:26:50:80:84:c0:06:26:
                    38:df:50:0d:e5:12:72:83:10:02:bd:78:eb:40:3b:
                    6d:a9:13:58:ea:41:ed:ed:e8:d2:36:26:79:62:4c:
                    dd:fc:d1:27:84:09:57:6a:9f:38:93:a2:7a:93:98:
                    95:77:de:f2:d7:0a:d5:e1:ff:e3:11:6d:0e:60:67:
                    e4:8a:00:bc:db:7f:20:21:98:84:74:20:a5:c7:c4:
                    a5:9b:21:64:ee:b9:5a:10:06:03:4c:33:23:e6:ae:
                    3e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5D:5A:E5:10:EC:1B:05:50:50:41:77:68:69:6B:BB:D2:03:7D:00
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uF1a5RDsGwVQUEF3aGlru9IDfQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.149.0/24
                  144.31.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:3f:dd:9e:a2:80:eb:f1:9b:f4:b2:12:1f:01:7e:a1:6f:6b:
         b4:4e:60:32:5f:71:bb:71:aa:ed:00:62:8b:ee:1d:1f:e3:b5:
         46:5e:4f:b0:17:b6:71:c8:3a:2e:83:01:4d:96:b0:a0:c6:7c:
         68:9f:c1:10:3a:65:4b:8e:6c:31:94:80:ff:bb:1e:1c:d5:d2:
         dd:1c:88:38:21:a5:cf:1c:4f:2d:44:a0:50:8f:ee:de:8c:06:
         b4:6f:42:83:ce:46:47:b8:aa:9b:bc:3e:36:bf:8e:17:90:f5:
         cc:7f:9c:ba:b3:ec:9d:e4:d6:34:f9:eb:6b:2b:7c:eb:eb:8c:
         24:bc:a0:4c:11:a3:3e:8a:83:0a:0a:48:94:a2:46:3e:f6:03:
         35:eb:28:17:fa:9c:36:cf:d8:af:e3:1c:c6:08:aa:79:fa:26:
         32:7c:a6:c1:1f:1d:b4:3c:35:db:d7:f4:02:ac:c0:ec:3d:3d:
         f4:a4:22:f9:fc:bc:87:29:c5:96:65:59:a9:fc:e0:d2:29:89:
         ce:19:53:1e:a0:3e:ce:ae:ea:27:20:ef:8c:95:5e:0a:c5:53:
         44:cf:26:82:fb:74:04:d6:40:5d:3a:d5:47:77:26:f4:d2:48:
         fd:06:2e:cd:5b:25:d1:08:82:16:f4:0a:c1:50:ae:ea:e9:f1:
         ee:08:c4:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxSvg45T+b/suHChpLU6AkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjEyMTY0NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODVkNWFlNTEwZWMxYjA1NTA1MDQxNzc2ODY5NmJiYmQyMDM3ZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDYwodeN6GPBARP2H5QU+ATBuAmd
h1MzkurAffWfqElz+UpofA0j92jkAZH/EbOYp1py4Gr8DaCYOJsJ/Ta92rVu/meN
PLnD3mmcPCxtEITuhJDWgIh2cibhPMKYUgmV47aA284dVeZr5qYzXu158LCo0Ua3
pbOfpA/xRvQHfP/hv14VrILcPoni+JKZ4KWscdZjXhK/4J7kwGwkAiZQgITABiY4
31AN5RJygxACvXjrQDttqRNY6kHt7ejSNiZ5Ykzd/NEnhAlXap84k6J6k5iVd97y
1wrV4f/jEW0OYGfkigC8238gIZiEdCClx8SlmyFk7rlaEAYDTDMj5q4+xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLhdWuUQ7BsFUFBBd2hpa7vSA30AMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdUYxYTVSRHNHd1ZRVUVGM2FHbHJ1OUlEZlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkB+VAwQA
kB+fMA0GCSqGSIb3DQEBCwUAA4IBAQBCP92eooDr8Zv0shIfAX6hb2u0TmAyX3G7
cartAGKL7h0f47VGXk+wF7ZxyDougwFNlrCgxnxon8EQOmVLjmwxlID/ux4c1dLd
HIg4IaXPHE8tRKBQj+7ejAa0b0KDzkZHuKqbvD42v44XkPXMf5y6s+yd5NY0+etr
K3zr64wkvKBMEaM+ioMKCkiUokY+9gM16ygX+pw2z9iv4xzGCKp5+iYyfKbBHx20
PDXb1/QCrMDsPT30pCL5/LyHKcWWZVmp/ODSKYnOGVMeoD7OruonIO+MlV4KxVNE
zyaC+3QE1kBdOtVHdyb00kj9Bi7NWyXRCIIW9ArBUK7q6fHuCMR2
-----END CERTIFICATE-----