Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFGLTjZfA5xLwU_A5-CQENq_280.roa
File:                     aFGLTjZfA5xLwU_A5-CQENq_280.roa (raw, json)
Hash identifier:          rQX8uuRzKt7dTGTWzvAHCaSEyhzo9dpccLKFr9L9FjA=
Subject key identifier:   68:51:8B:4E:36:5F:03:9C:4B:C1:4F:C0:E7:E0:90:10:DA:BF:DB:CD
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D54F26A028A96ADAE0329B1D7C467BA92
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFGLTjZfA5xLwU_A5-CQENq_280.roa
Signing time:             Fri 03 Apr 2026 20:04:26 +0000
ROA not before:           Fri 03 Apr 2026 20:04:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40950
IP address blocks:        144.31.28.0/24 maxlen: 24
                          150.241.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:f2:6a:02:8a:96:ad:ae:03:29:b1:d7:c4:67:ba:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  3 20:04:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68518b4e365f039c4bc14fc0e7e09010dabfdbcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:13:de:e7:43:8c:8d:a9:73:85:a0:2a:09:2d:
                    33:9c:36:7e:9b:80:6e:1e:a4:71:4f:91:cb:b0:c3:
                    f6:f6:8e:4f:bb:07:7e:63:96:2b:b4:ee:05:0a:f0:
                    02:7d:2d:29:37:00:01:aa:26:28:3e:f3:8c:e8:58:
                    e2:da:45:29:28:84:0e:a7:cb:6d:18:c4:3b:83:d2:
                    8d:d4:39:1f:d9:17:6e:84:64:94:1e:8c:be:d0:1f:
                    5b:d8:74:e3:02:77:49:bf:ef:48:ea:d1:67:fa:d8:
                    6b:cf:1a:aa:7d:86:ea:ab:f6:3c:57:82:cf:6d:dc:
                    13:d1:af:aa:a5:fd:52:9f:26:93:b1:fd:0a:77:87:
                    68:56:26:f9:62:1e:4e:9d:b2:1c:70:ae:48:19:8a:
                    4b:33:1e:8c:cf:1f:13:1e:2d:0f:d8:79:d1:27:00:
                    9f:ac:d7:ba:01:59:29:0c:f4:5a:06:6f:64:9f:a0:
                    e0:ef:a0:e5:3a:d9:8d:68:2a:07:a0:e7:2c:6e:78:
                    5b:9e:b7:c4:e6:b7:df:52:37:6f:3e:bc:2d:58:57:
                    fc:d4:27:23:b7:46:92:c0:a2:e4:37:88:15:51:60:
                    2b:12:31:79:bf:42:7a:d7:cc:c6:76:17:50:c0:30:
                    1f:73:f5:31:f3:f2:7a:70:f5:cc:98:dd:fb:1f:a7:
                    af:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:51:8B:4E:36:5F:03:9C:4B:C1:4F:C0:E7:E0:90:10:DA:BF:DB:CD
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/aFGLTjZfA5xLwU_A5-CQENq_280.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.28.0/24
                  150.241.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:cb:7d:8a:11:fa:d0:68:8d:f6:1a:9e:b4:94:47:be:d9:54:
         89:38:9e:15:98:48:94:5b:b4:21:39:7c:ec:e7:12:37:86:ba:
         ea:79:66:ac:2c:b5:c8:38:88:7c:92:00:86:af:55:55:1c:dc:
         a2:d7:a0:6e:43:40:96:d7:a7:36:1a:7a:e4:eb:f1:fc:b7:10:
         d9:f7:fb:ff:42:2d:95:5f:a9:f6:be:bf:7a:74:e9:b5:a0:84:
         b1:8a:52:87:61:03:c1:a0:9f:77:9d:43:6e:e3:82:48:13:b3:
         0a:b4:f4:35:4c:4b:56:55:72:bd:a7:fe:a2:cb:e7:6d:f2:ef:
         e7:c0:44:b8:7d:99:a1:ff:42:fc:d2:00:67:97:ce:1a:5b:ae:
         94:ee:18:ba:5d:c5:8a:ae:84:ab:2e:c3:eb:cf:a3:0f:ff:9f:
         a4:9f:3c:4f:2f:24:9d:97:94:a1:e3:cc:19:cc:72:f7:fa:27:
         c9:e3:3f:5c:56:86:12:e0:29:27:5e:30:ad:3c:b6:21:ed:84:
         34:75:da:46:fd:61:85:ba:93:2f:34:fe:cd:80:2f:c7:f9:42:
         4d:8c:d6:5c:fc:76:f9:5b:fa:29:79:5b:62:68:2d:54:48:ac:
         38:fd:e9:b0:05:28:43:07:d6:ef:89:0f:2d:e8:70:e2:94:07:
         13:22:9e:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1U8moCipatrgMpsdfEZ7qSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAzMjAwNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODUxOGI0ZTM2NWYwMzljNGJjMTRmYzBlN2UwOTAxMGRhYmZkYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRPe50OMjalzhaAqCS0znDZ+m4Bu
HqRxT5HLsMP29o5Puwd+Y5YrtO4FCvACfS0pNwABqiYoPvOM6Fji2kUpKIQOp8tt
GMQ7g9KN1Dkf2RduhGSUHoy+0B9b2HTjAndJv+9I6tFn+thrzxqqfYbqq/Y8V4LP
bdwT0a+qpf1SnyaTsf0Kd4doVib5Yh5OnbIccK5IGYpLMx6Mzx8THi0P2HnRJwCf
rNe6AVkpDPRaBm9kn6Dg76DlOtmNaCoHoOcsbnhbnrfE5rffUjdvPrwtWFf81Ccj
t0aSwKLkN4gVUWArEjF5v0J618zGdhdQwDAfc/Ux8/J6cPXMmN37H6evmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhRi042XwOcS8FPwOfgkBDav9vNMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYUZHTFRqWmZBNXhMd1VfQTUtQ1FFTnFfMjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkB8cAwQA
lvFXMA0GCSqGSIb3DQEBCwUAA4IBAQAiy32KEfrQaI32Gp60lEe+2VSJOJ4VmEiU
W7QhOXzs5xI3hrrqeWasLLXIOIh8kgCGr1VVHNyi16BuQ0CW16c2Gnrk6/H8txDZ
9/v/Qi2VX6n2vr96dOm1oISxilKHYQPBoJ93nUNu44JIE7MKtPQ1TEtWVXK9p/6i
y+dt8u/nwES4fZmh/0L80gBnl84aW66U7hi6XcWKroSrLsPrz6MP/5+knzxPLySd
l5Sh48wZzHL3+ifJ4z9cVoYS4CknXjCtPLYh7YQ0ddpG/WGFupMvNP7NgC/H+UJN
jNZc/Hb5W/opeVtiaC1USKw4/emwBShDB9bviQ8t6HDilAcTIp6G
-----END CERTIFICATE-----