Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZ0eXM0SNFovNzJl73pYBOtXAyM.roa
File:                     vZ0eXM0SNFovNzJl73pYBOtXAyM.roa (raw, json)
Hash identifier:          mRHX2K67nBzPoNGoyUzx1fXKnke5Vx+0je2PlMP0WfY=
Subject key identifier:   BD:9D:1E:5C:CD:12:34:5A:2F:37:32:65:EF:7A:58:04:EB:57:03:23
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D6DFB06A2FECE94F9CA2C04D9693F02C2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZ0eXM0SNFovNzJl73pYBOtXAyM.roa
Signing time:             Wed 08 Apr 2026 16:44:20 +0000
ROA not before:           Wed 08 Apr 2026 16:44:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214693
IP address blocks:        144.31.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:fb:06:a2:fe:ce:94:f9:ca:2c:04:d9:69:3f:02:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  8 16:44:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd9d1e5ccd12345a2f373265ef7a5804eb570323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:db:62:cc:a1:73:31:e4:09:f5:9e:5b:c0:7e:
                    48:5b:a7:75:19:c9:dd:19:dc:88:5c:ad:ba:f5:b7:
                    8a:e6:18:5a:f7:eb:00:0c:60:87:29:9c:ae:d8:75:
                    3a:db:db:e0:f0:94:99:c6:4c:f0:2f:54:e5:9d:e9:
                    c7:bf:dd:bb:1e:91:f8:27:41:f0:7e:14:9c:5f:f4:
                    a5:a5:b8:85:e3:5f:56:af:b5:3a:b4:e3:5d:10:b4:
                    39:b9:3f:63:c4:0e:7e:0c:4d:2f:ed:59:68:85:df:
                    7b:f3:e0:8d:3f:a8:23:ef:33:db:5b:00:b9:b4:37:
                    9c:13:4b:f3:6a:e7:0c:93:14:dd:07:d2:bc:ba:35:
                    e4:ce:d6:49:71:8f:fb:3c:d3:9e:39:37:ce:5a:06:
                    6b:97:c6:0d:05:09:c3:8c:48:66:63:8b:fe:17:95:
                    d7:e3:50:08:33:e4:1e:d5:5d:2d:ca:13:42:e4:48:
                    a3:70:81:b1:d1:d7:11:d7:3d:ab:4a:ee:c0:91:f3:
                    68:43:db:4d:da:dd:c4:b7:d5:e4:95:7a:7d:ea:d2:
                    ff:41:31:53:94:a2:37:4b:7b:63:65:fd:93:c8:fe:
                    5f:b2:18:25:89:4c:4d:65:57:44:fb:03:03:c0:d5:
                    db:36:39:c1:5b:41:ad:d0:4b:ed:b5:ef:fb:57:9f:
                    6c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9D:1E:5C:CD:12:34:5A:2F:37:32:65:EF:7A:58:04:EB:57:03:23
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZ0eXM0SNFovNzJl73pYBOtXAyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e4:e0:6e:36:0c:6a:14:61:a7:53:e4:e3:1d:53:a0:e5:98:
         de:50:d1:0b:16:dd:0f:7e:39:a7:64:ac:0a:f2:13:9d:e8:89:
         b6:cc:20:e3:fe:68:c8:f2:43:0f:01:9d:cc:b0:45:13:28:3f:
         17:00:97:e7:a9:33:3c:65:1a:3b:8b:94:a2:d1:4b:fe:bf:9a:
         b3:20:ad:53:ee:18:68:23:ca:8c:1c:c1:d4:d2:c9:7f:89:70:
         94:d8:72:17:cb:66:a6:d1:22:68:6f:88:f0:02:43:bd:f0:81:
         5d:87:0e:26:63:59:63:5d:bb:5b:f6:00:ee:ba:7f:dd:f3:f2:
         19:c5:01:84:96:be:71:53:a6:c8:04:2f:3a:9e:20:88:e0:42:
         14:38:32:1d:8f:24:db:58:77:88:af:be:91:87:63:d8:0b:ff:
         89:63:ec:28:24:fc:a0:7c:aa:e5:ff:9b:f2:ab:14:8a:9e:6b:
         f9:95:f6:5c:98:4d:ce:12:67:b1:73:d1:68:ab:cc:c5:1a:fa:
         a2:9d:6d:63:b4:d2:a9:7a:87:fd:6f:67:c8:e3:73:ef:41:0d:
         c5:7a:cf:24:c2:21:a2:4c:56:3a:50:e8:d4:47:20:14:8d:dd:
         e9:76:2d:d2:17:b4:9c:14:3c:0f:30:d3:15:1b:5c:e0:6c:79:
         8e:e2:2b:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1t+wai/s6U+cosBNlpPwLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA4MTY0NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDlkMWU1Y2NkMTIzNDVhMmYzNzMyNjVlZjdhNTgwNGViNTcwMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNtizKFzMeQJ9Z5bwH5IW6d1Gcnd
GdyIXK269beK5hha9+sADGCHKZyu2HU629vg8JSZxkzwL1TlnenHv927HpH4J0Hw
fhScX/SlpbiF419Wr7U6tONdELQ5uT9jxA5+DE0v7Vlohd978+CNP6gj7zPbWwC5
tDecE0vzaucMkxTdB9K8ujXkztZJcY/7PNOeOTfOWgZrl8YNBQnDjEhmY4v+F5XX
41AIM+Qe1V0tyhNC5EijcIGx0dcR1z2rSu7AkfNoQ9tN2t3Et9XklXp96tL/QTFT
lKI3S3tjZf2TyP5fshgliUxNZVdE+wMDwNXbNjnBW0Gt0Evtte/7V59sTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2dHlzNEjRaLzcyZe96WATrVwMjMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdlowZVhNMFNORm92TnpKbDczcFlCT3RYQXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB8iMA0G
CSqGSIb3DQEBCwUAA4IBAQB35OBuNgxqFGGnU+TjHVOg5ZjeUNELFt0PfjmnZKwK
8hOd6Im2zCDj/mjI8kMPAZ3MsEUTKD8XAJfnqTM8ZRo7i5Si0Uv+v5qzIK1T7hho
I8qMHMHU0sl/iXCU2HIXy2am0SJob4jwAkO98IFdhw4mY1ljXbtb9gDuun/d8/IZ
xQGElr5xU6bIBC86niCI4EIUODIdjyTbWHeIr76Rh2PYC/+JY+woJPygfKrl/5vy
qxSKnmv5lfZcmE3OEmexc9Foq8zFGvqinW1jtNKpeof9b2fI43PvQQ3Fes8kwiGi
TFY6UOjURyAUjd3pdi3SF7ScFDwPMNMVG1zgbHmO4iuw
-----END CERTIFICATE-----