Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bGJImH3xA2-5puV_3GrlJGPYHdo.roa
File:                     bGJImH3xA2-5puV_3GrlJGPYHdo.roa (raw, json)
Hash identifier:          9rkC0RyVMfS8Age28MfYbA1clcPXccc8DkaG/BUqWeo=
Subject key identifier:   6C:62:48:98:7D:F1:03:6F:B9:A6:E5:7F:DC:6A:E5:24:63:D8:1D:DA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CBA05C921139AB6CB89CF87DA3467B595
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bGJImH3xA2-5puV_3GrlJGPYHdo.roa
Signing time:             Wed 04 Mar 2026 18:04:27 +0000
ROA not before:           Wed 04 Mar 2026 18:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        144.31.47.0/24 maxlen: 24
                          144.31.148.0/24 maxlen: 24
                          144.31.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:05:c9:21:13:9a:b6:cb:89:cf:87:da:34:67:b5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar  4 18:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c6248987df1036fb9a6e57fdc6ae52463d81dda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:95:f2:8b:2d:0a:0c:4c:f1:87:71:a3:6f:37:
                    3a:91:cb:4b:a7:64:62:8a:52:77:93:fc:a1:9f:97:
                    0f:85:66:73:cf:78:30:b4:ba:1b:d7:db:f9:b7:58:
                    d8:99:3e:b7:3a:c3:79:87:0a:5d:72:8b:a6:ac:b8:
                    43:08:25:b4:9b:85:90:d7:a3:61:9f:31:da:80:ae:
                    74:70:36:35:2b:99:cf:10:32:12:7d:95:39:76:d1:
                    a3:7d:70:f0:ec:68:cb:a2:d3:81:be:01:0e:2c:e7:
                    f7:01:e7:09:52:77:bd:43:60:c5:df:ed:43:5b:65:
                    af:95:c5:4a:0e:0c:55:44:23:56:06:ba:68:66:00:
                    0c:4d:13:63:0f:63:d3:a1:04:34:58:90:74:a5:96:
                    4c:ee:66:3c:ff:52:9c:cd:91:22:2e:4b:f0:89:71:
                    6c:9e:92:76:03:15:8b:af:5f:db:29:64:26:50:2b:
                    5f:df:3a:1b:5a:20:cb:ca:bf:df:2b:03:74:8c:91:
                    3b:dc:b0:4c:e5:f6:f6:d1:0c:3c:bc:2b:e5:85:a8:
                    7f:09:2d:69:58:39:ac:1f:51:a9:c3:a6:74:f0:69:
                    8e:d0:4f:c0:fd:bf:04:fa:46:40:a1:03:a9:39:f4:
                    b9:7f:dc:99:90:19:60:3f:8f:8e:3c:51:d7:05:fb:
                    b9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:62:48:98:7D:F1:03:6F:B9:A6:E5:7F:DC:6A:E5:24:63:D8:1D:DA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bGJImH3xA2-5puV_3GrlJGPYHdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.47.0/24
                  144.31.148.0/24
                  144.31.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:bf:c8:d3:cb:a1:f4:b6:12:9f:b7:88:51:6e:cc:e9:0e:8a:
         f2:18:14:d2:b3:c2:d3:76:be:b7:9a:85:a0:7b:d4:1f:3a:df:
         cd:a6:48:3c:5e:ca:9f:1a:15:36:fe:56:f9:50:da:38:d8:18:
         6b:cd:4a:cd:c0:a1:ed:ce:6e:d0:ed:da:8e:a5:a5:7f:ff:6f:
         78:f7:a4:6a:c4:5b:6f:9a:63:65:9b:6c:fd:aa:31:f4:6e:12:
         a8:82:df:84:46:31:08:6b:be:59:ff:31:cd:b6:79:0c:a4:e2:
         b0:c8:99:21:90:c5:cc:1e:f1:39:8b:f3:c8:e3:0a:ae:f2:82:
         14:3c:d3:58:54:4d:11:13:3b:d9:9b:e6:32:2c:66:d7:4e:cc:
         ac:3f:51:82:26:e8:03:0d:ac:db:aa:34:58:39:d8:25:67:e1:
         64:0e:dd:a0:8d:cd:48:1c:7a:8a:13:53:a1:4d:11:7f:56:3e:
         9c:6a:10:a3:c7:48:5d:e3:59:a4:e8:d9:08:36:48:7d:0b:97:
         55:95:9d:a2:e9:e6:30:09:fa:93:e7:36:20:af:ec:0b:6b:f0:
         88:c0:43:f7:b9:3b:67:fe:c0:fb:e4:4a:c2:57:c6:9f:b4:a3:
         26:f5:0e:e9:98:25:fb:f3:80:d6:96:88:d6:31:b7:10:3e:0f:
         31:20:f3:c3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy6BckhE5q2y4nPh9o0Z7WVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzA0MTgwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYyNDg5ODdkZjEwMzZmYjlhNmU1N2ZkYzZhZTUyNDYzZDgxZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5Xyiy0KDEzxh3Gjbzc6kctLp2Ri
ilJ3k/yhn5cPhWZzz3gwtLob19v5t1jYmT63OsN5hwpdcoumrLhDCCW0m4WQ16Nh
nzHagK50cDY1K5nPEDISfZU5dtGjfXDw7GjLotOBvgEOLOf3AecJUne9Q2DF3+1D
W2WvlcVKDgxVRCNWBrpoZgAMTRNjD2PToQQ0WJB0pZZM7mY8/1KczZEiLkvwiXFs
npJ2AxWLr1/bKWQmUCtf3zobWiDLyr/fKwN0jJE73LBM5fb20Qw8vCvlhah/CS1p
WDmsH1Gpw6Z08GmO0E/A/b8E+kZAoQOpOfS5f9yZkBlgP4+OPFHXBfu5QQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGxiSJh98QNvuablf9xq5SRj2B3aMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYkdKSW1IM3hBMi01cHVWXzNHcmxKR1BZSGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkB8vAwQA
kB+UAwQAkB+cMA0GCSqGSIb3DQEBCwUAA4IBAQBMv8jTy6H0thKft4hRbszpDory
GBTSs8LTdr63moWge9QfOt/Npkg8XsqfGhU2/lb5UNo42BhrzUrNwKHtzm7Q7dqO
paV//29496RqxFtvmmNlm2z9qjH0bhKogt+ERjEIa75Z/zHNtnkMpOKwyJkhkMXM
HvE5i/PI4wqu8oIUPNNYVE0REzvZm+YyLGbXTsysP1GCJugDDazbqjRYOdglZ+Fk
Dt2gjc1IHHqKE1OhTRF/Vj6cahCjx0hd41mk6NkINkh9C5dVlZ2i6eYwCfqT5zYg
r+wLa/CIwEP3uTtn/sD75ErCV8aftKMm9Q7pmCX784DWlojWMbcQPg8xIPPD
-----END CERTIFICATE-----