Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gCt2E1-DSlyV1-3Elibwp5UaHkw.roa
File:                     gCt2E1-DSlyV1-3Elibwp5UaHkw.roa (raw, json)
Hash identifier:          rWLpj07skdiHZThpFdmF/Xr5TOgiJQ2jo8UUFrn/WWk=
Subject key identifier:   80:2B:76:13:5F:83:4A:5C:95:D7:ED:C4:96:26:F0:A7:95:1A:1E:4C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D6DF931C7024233704CF22AEDEB264723
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gCt2E1-DSlyV1-3Elibwp5UaHkw.roa
Signing time:             Wed 08 Apr 2026 16:42:20 +0000
ROA not before:           Wed 08 Apr 2026 16:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199566
IP address blocks:        144.31.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:f9:31:c7:02:42:33:70:4c:f2:2a:ed:eb:26:47:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  8 16:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=802b76135f834a5c95d7edc49626f0a7951a1e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c1:59:37:8d:ca:b7:f3:1a:ec:9c:ad:7a:7e:
                    5d:2d:ab:5d:a3:52:64:6d:bd:e7:52:e8:ac:b2:d2:
                    a0:b1:f3:86:dd:d6:0f:53:58:ae:d9:f5:0a:16:ff:
                    bf:b3:f0:3c:65:e0:01:16:8a:5e:95:b6:d4:e7:ff:
                    32:a6:c3:59:b9:34:83:a9:1c:21:b8:8e:d7:01:58:
                    58:17:2e:c4:84:58:92:13:c8:73:55:eb:3f:4a:39:
                    94:85:76:2e:e0:5f:e6:0e:a5:ee:8a:f5:51:4a:3d:
                    90:be:9d:86:b2:ae:0e:41:3c:ab:a0:20:dd:ef:99:
                    ed:db:3b:87:45:cf:52:76:07:b4:06:82:87:2e:cd:
                    3a:c3:ef:c6:af:1d:f7:d5:c3:59:91:e3:5b:3d:f4:
                    2d:01:fb:d4:9e:43:6a:8f:fd:9a:bc:36:d5:a7:cc:
                    e1:df:11:7a:9d:13:7b:f6:a7:6a:f8:f4:d6:3c:09:
                    a3:5b:29:39:8b:dd:c1:49:0c:53:5a:ff:f5:e1:57:
                    a8:e8:0f:43:e5:b2:aa:ca:8f:da:8a:28:04:9d:3a:
                    dd:c3:f4:f3:cd:9a:a8:17:8d:c6:bd:87:02:7d:d8:
                    a9:f9:cf:6d:0e:62:e3:c8:8a:7b:0a:cb:d3:0f:9f:
                    83:93:77:69:ca:0a:8b:25:71:49:93:d8:72:f1:f4:
                    11:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:2B:76:13:5F:83:4A:5C:95:D7:ED:C4:96:26:F0:A7:95:1A:1E:4C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/gCt2E1-DSlyV1-3Elibwp5UaHkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:77:79:00:fb:f9:cc:d3:55:1b:a1:08:c2:df:1a:2c:f6:df:
         58:79:03:8c:e0:3c:41:f0:4b:60:99:e5:ef:87:28:e9:68:0c:
         fa:c0:42:9f:22:6e:3f:84:89:51:b0:7f:b0:99:af:16:49:74:
         ef:b3:5e:66:76:7a:49:3f:91:1a:d6:da:3b:6e:a7:d7:95:79:
         a9:45:4f:c4:1c:2e:d8:b9:e5:da:ae:e0:eb:a7:06:47:26:3f:
         76:e4:7e:97:f9:a3:61:59:e2:30:35:21:92:72:0f:f1:76:01:
         e8:c5:14:75:f9:b7:8b:42:98:65:10:e3:91:8f:3f:90:22:b2:
         8a:06:db:ef:cc:a5:e3:53:1d:ea:66:08:00:4a:69:2a:44:fa:
         85:21:72:b9:72:ad:e3:27:9e:16:76:67:77:09:e3:a2:25:4f:
         4f:80:8a:2d:ea:84:8d:40:e7:50:91:f6:db:44:e4:bf:50:fa:
         4c:b3:23:01:9a:c1:8d:45:dc:e0:4f:df:f7:be:05:c9:c5:39:
         2f:50:69:54:c3:af:f9:47:16:0a:f4:4e:c7:a9:93:c8:65:45:
         de:9b:a8:30:50:85:82:03:d4:a6:eb:42:95:0a:4f:f3:2f:2c:
         0b:2b:85:7a:e8:12:09:bd:c7:3b:60:b7:d1:63:ac:78:e5:28:
         1a:62:a0:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1t+THHAkIzcEzyKu3rJkcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA4MTY0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDJiNzYxMzVmODM0YTVjOTVkN2VkYzQ5NjI2ZjBhNzk1MWExZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8FZN43Kt/Ma7Jyten5dLatdo1Jk
bb3nUuisstKgsfOG3dYPU1iu2fUKFv+/s/A8ZeABFopelbbU5/8ypsNZuTSDqRwh
uI7XAVhYFy7EhFiSE8hzVes/SjmUhXYu4F/mDqXuivVRSj2Qvp2Gsq4OQTyroCDd
75nt2zuHRc9Sdge0BoKHLs06w+/Grx331cNZkeNbPfQtAfvUnkNqj/2avDbVp8zh
3xF6nRN79qdq+PTWPAmjWyk5i93BSQxTWv/14Veo6A9D5bKqyo/aiigEnTrdw/Tz
zZqoF43GvYcCfdip+c9tDmLjyIp7CsvTD5+Dk3dpygqLJXFJk9hy8fQRgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIArdhNfg0pcldftxJYm8KeVGh5MMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZ0N0MkUxLURTbHlWMS0zRWxpYndwNVVhSGt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB8mMA0G
CSqGSIb3DQEBCwUAA4IBAQAud3kA+/nM01UboQjC3xos9t9YeQOM4DxB8EtgmeXv
hyjpaAz6wEKfIm4/hIlRsH+wma8WSXTvs15mdnpJP5Ea1to7bqfXlXmpRU/EHC7Y
ueXaruDrpwZHJj925H6X+aNhWeIwNSGScg/xdgHoxRR1+beLQphlEOORjz+QIrKK
BtvvzKXjUx3qZggASmkqRPqFIXK5cq3jJ54Wdmd3CeOiJU9PgIot6oSNQOdQkfbb
ROS/UPpMsyMBmsGNRdzgT9/3vgXJxTkvUGlUw6/5RxYK9E7HqZPIZUXem6gwUIWC
A9Sm60KVCk/zLywLK4V66BIJvcc7YLfRY6x45SgaYqB9
-----END CERTIFICATE-----