Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QLGfpHlHwSdyfHRBl6lZAALuXBc.roa
File:                     QLGfpHlHwSdyfHRBl6lZAALuXBc.roa (raw, json)
Hash identifier:          3kt78tmd32UJIaikbUvlBwuvU2UQLRUYhY2ZeFumpi8=
Subject key identifier:   40:B1:9F:A4:79:47:C1:27:72:7C:74:41:97:A9:59:00:02:EE:5C:17
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CE7E636FEF4803265BE8EC0B1B99FB3C2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QLGfpHlHwSdyfHRBl6lZAALuXBc.roa
Signing time:             Fri 13 Mar 2026 15:52:30 +0000
ROA not before:           Fri 13 Mar 2026 15:52:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202051
IP address blocks:        144.31.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:e6:36:fe:f4:80:32:65:be:8e:c0:b1:b9:9f:b3:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 13 15:52:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40b19fa47947c127727c744197a9590002ee5c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ea:29:b7:8e:c9:b5:2e:ff:63:45:d7:af:60:
                    07:2e:da:1d:45:3e:a4:5e:7e:2c:a3:dc:42:77:58:
                    3e:0e:10:7c:02:9e:16:7b:02:57:2e:53:d0:04:c7:
                    e0:a9:3a:d8:0e:2b:58:e0:c6:85:6c:ec:0a:f9:0f:
                    eb:fe:7e:13:59:e8:eb:b7:10:51:c9:30:ca:9a:1f:
                    5e:25:f0:13:5e:af:bc:63:2b:eb:41:c6:18:51:ff:
                    69:5d:ac:47:43:07:07:f1:33:bc:dc:68:d5:d9:02:
                    4e:cd:b1:5a:b1:aa:b5:36:ed:45:31:16:8e:4d:c0:
                    1e:59:1a:3b:e2:80:50:78:3f:bd:bc:a6:82:07:70:
                    cc:97:04:5e:a5:7e:99:60:9b:2d:49:e8:92:6d:95:
                    4a:7b:0c:d8:99:bb:a0:e0:48:ad:a0:88:14:d9:84:
                    93:7d:ec:65:6b:b2:e2:c9:84:f3:82:9d:ae:03:a8:
                    60:69:f2:85:e7:77:eb:74:f8:22:28:15:b6:64:54:
                    e4:d8:09:f0:9d:31:55:c7:56:97:2d:44:3c:e4:be:
                    6c:21:89:04:78:79:e4:05:47:a9:67:67:66:b4:f2:
                    63:b6:8e:fd:ac:09:92:c5:e7:92:7f:2b:2c:8b:39:
                    d9:9a:3a:21:08:6a:91:9b:af:7d:23:fe:aa:1e:5b:
                    19:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B1:9F:A4:79:47:C1:27:72:7C:74:41:97:A9:59:00:02:EE:5C:17
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/QLGfpHlHwSdyfHRBl6lZAALuXBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:79:ab:c3:1c:68:8b:55:68:96:2c:16:73:11:72:f0:ad:9d:
         a5:1d:43:a5:de:b1:98:ac:04:5c:ff:97:59:b2:5d:6d:ef:ee:
         de:13:b7:21:d5:2c:91:d2:82:4e:cf:ea:e2:80:5b:37:c1:77:
         86:0d:34:cc:1d:ea:70:9a:9b:d8:5c:d6:6e:a8:92:5e:44:2a:
         a1:04:8a:a0:68:2d:e1:cb:fc:26:d2:0c:b0:d8:b6:28:e1:2b:
         09:b1:bd:35:20:13:01:ec:10:e5:2a:99:cb:a8:f0:07:81:00:
         af:fa:97:4e:78:6b:f5:03:b3:eb:2a:39:78:b3:57:de:95:60:
         5e:cc:ef:af:d2:f6:65:53:87:8c:41:fb:65:b0:16:8d:83:3f:
         c6:4a:d7:94:6a:24:4c:ae:73:db:70:31:78:32:a1:d3:97:84:
         6b:6e:46:35:28:02:33:d3:36:87:26:c5:2b:4c:57:3e:5e:62:
         86:f4:d6:d0:a4:a3:d4:9f:5c:09:8e:4f:f9:72:d4:7d:fe:26:
         8e:5f:f9:75:c2:9d:87:0f:0d:a3:59:bb:a7:d0:b1:35:09:a0:
         fc:37:46:1e:b1:d5:98:05:5e:ba:ed:e1:b9:e0:6c:88:c0:da:
         4d:fb:38:14:8c:9f:b4:6f:86:82:d4:f4:eb:84:52:35:13:84:
         a1:79:7b:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzn5jb+9IAyZb6OwLG5n7PCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzEzMTU1MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGIxOWZhNDc5NDdjMTI3NzI3Yzc0NDE5N2E5NTkwMDAyZWU1YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5eopt47JtS7/Y0XXr2AHLtodRT6k
Xn4so9xCd1g+DhB8Ap4WewJXLlPQBMfgqTrYDitY4MaFbOwK+Q/r/n4TWejrtxBR
yTDKmh9eJfATXq+8YyvrQcYYUf9pXaxHQwcH8TO83GjV2QJOzbFasaq1Nu1FMRaO
TcAeWRo74oBQeD+9vKaCB3DMlwRepX6ZYJstSeiSbZVKewzYmbug4EitoIgU2YST
fexla7LiyYTzgp2uA6hgafKF53frdPgiKBW2ZFTk2AnwnTFVx1aXLUQ85L5sIYkE
eHnkBUepZ2dmtPJjto79rAmSxeeSfyssiznZmjohCGqRm699I/6qHlsZbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECxn6R5R8Encnx0QZepWQAC7lwXMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUUxHZnBIbEh3U2R5ZkhSQmw2bFpBQUx1WEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+fMA0G
CSqGSIb3DQEBCwUAA4IBAQBBeavDHGiLVWiWLBZzEXLwrZ2lHUOl3rGYrARc/5dZ
sl1t7+7eE7ch1SyR0oJOz+rigFs3wXeGDTTMHepwmpvYXNZuqJJeRCqhBIqgaC3h
y/wm0gyw2LYo4SsJsb01IBMB7BDlKpnLqPAHgQCv+pdOeGv1A7PrKjl4s1felWBe
zO+v0vZlU4eMQftlsBaNgz/GSteUaiRMrnPbcDF4MqHTl4RrbkY1KAIz0zaHJsUr
TFc+XmKG9NbQpKPUn1wJjk/5ctR9/iaOX/l1wp2HDw2jWbun0LE1CaD8N0YesdWY
BV667eG54GyIwNpN+zgUjJ+0b4aC1PTrhFI1E4SheXuU
-----END CERTIFICATE-----