Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hzJZFNFvME9wXw9_Q1aYCPoxBL8.roa
File:                     hzJZFNFvME9wXw9_Q1aYCPoxBL8.roa (raw, json)
Hash identifier:          WP+E4/IZcvKdRNOjMmxw0KfN1/07OXewn9+QRyXA/1Q=
Subject key identifier:   87:32:59:14:D1:6F:30:4F:70:5F:0F:7F:43:56:98:08:FA:31:04:BF
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CBEF625C67A1AB265C3FD2670CFB39044
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hzJZFNFvME9wXw9_Q1aYCPoxBL8.roa
Signing time:             Thu 05 Mar 2026 17:05:28 +0000
ROA not before:           Thu 05 Mar 2026 17:05:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401856
IP address blocks:        144.31.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 16:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:f6:25:c6:7a:1a:b2:65:c3:fd:26:70:cf:b3:90:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar  5 17:05:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87325914d16f304f705f0f7f43569808fa3104bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b7:72:c0:c1:83:eb:55:86:72:19:1d:0e:fb:
                    55:3c:76:bb:8e:06:9d:8e:1a:cb:28:f1:78:c1:dc:
                    08:b9:a9:fe:0c:a5:c1:e1:10:8e:fe:c3:8e:22:b6:
                    1a:2a:72:01:0e:cd:5c:48:48:04:43:1b:d9:3e:4a:
                    80:3b:6b:c3:5b:d0:4b:18:cb:ca:0b:3e:f6:dd:94:
                    e1:37:0e:6d:2c:27:47:17:41:63:75:68:cf:ca:28:
                    12:6c:83:3f:52:c5:97:8a:fb:98:31:e6:f9:b5:c1:
                    3c:42:1a:25:d4:1d:4c:a9:a1:ce:f9:1c:ee:b3:1d:
                    d8:fa:2b:3f:03:48:8e:16:db:45:9e:37:47:14:02:
                    95:77:16:f3:d6:1c:84:bd:f4:20:1d:04:f1:21:c2:
                    b7:df:05:ac:ec:01:65:d5:8c:9d:32:60:98:c4:7c:
                    6c:5a:64:22:6a:3d:d2:a9:b8:21:92:fa:e3:ba:a8:
                    92:5d:4b:5c:9e:3f:ff:a3:40:7b:83:22:67:cc:e7:
                    37:f2:17:7b:01:3f:c3:37:59:9d:d8:56:30:ad:0a:
                    00:cd:2c:34:14:2a:0c:83:1f:63:a3:9d:bf:db:54:
                    a2:97:24:24:f2:d8:48:6b:b0:7e:49:bc:3b:80:f5:
                    8c:66:07:16:73:54:d3:7b:7c:02:d0:c4:27:02:5c:
                    fd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:32:59:14:D1:6F:30:4F:70:5F:0F:7F:43:56:98:08:FA:31:04:BF
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/hzJZFNFvME9wXw9_Q1aYCPoxBL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:03:7e:97:8a:e6:48:8b:32:f4:d2:c0:fb:9d:4e:9b:4b:9a:
         95:26:9a:a9:65:60:b6:ca:5b:f6:2f:68:02:54:57:e5:1e:76:
         35:1b:ed:74:af:a7:a7:01:8f:ae:59:fd:4e:d8:a2:37:c2:12:
         76:a2:06:59:3a:f1:d3:9d:e2:0f:7c:ac:56:69:e8:53:bb:46:
         e3:d6:ac:18:04:19:d9:5c:ed:f7:ec:15:fa:72:ca:db:53:a0:
         e1:32:dc:78:32:25:c8:1c:fc:66:af:7e:06:15:eb:b8:96:98:
         b2:0d:33:e8:59:18:6a:47:fe:1b:95:3a:1f:3e:60:08:7e:09:
         ae:9a:fb:cf:87:34:20:2d:7e:17:68:92:c6:b5:78:e7:da:48:
         22:bd:d1:32:cb:11:2a:e3:c9:ba:0c:b0:c8:2f:b2:75:9f:56:
         4e:e4:6b:0b:e6:ca:64:ff:da:98:70:01:a6:70:48:87:0e:e2:
         ee:97:e1:51:a5:09:a6:c1:e1:ce:e1:6b:71:24:d4:86:51:9b:
         bd:58:b2:d7:0d:22:5f:fa:33:1b:17:37:fc:33:44:ea:4f:65:
         2c:b9:c3:c5:8f:73:1a:06:e6:97:09:9a:86:89:be:89:84:8c:
         06:44:d1:b3:24:9d:29:63:53:27:39:e0:b1:56:d9:6a:aa:e5:
         5b:48:05:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+9iXGehqyZcP9JnDPs5BEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzA1MTcwNTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMyNTkxNGQxNmYzMDRmNzA1ZjBmN2Y0MzU2OTgwOGZhMzEwNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bdywMGD61WGchkdDvtVPHa7jgad
jhrLKPF4wdwIuan+DKXB4RCO/sOOIrYaKnIBDs1cSEgEQxvZPkqAO2vDW9BLGMvK
Cz723ZThNw5tLCdHF0FjdWjPyigSbIM/UsWXivuYMeb5tcE8Qhol1B1MqaHO+Rzu
sx3Y+is/A0iOFttFnjdHFAKVdxbz1hyEvfQgHQTxIcK33wWs7AFl1YydMmCYxHxs
WmQiaj3SqbghkvrjuqiSXUtcnj//o0B7gyJnzOc38hd7AT/DN1md2FYwrQoAzSw0
FCoMgx9jo52/21SilyQk8thIa7B+Sbw7gPWMZgcWc1TTe3wC0MQnAlz9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcyWRTRbzBPcF8Pf0NWmAj6MQS/MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaHpKWkZORnZNRTl3WHc5X1ExYVlDUG94Qkw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB+TMA0G
CSqGSIb3DQEBCwUAA4IBAQBNA36XiuZIizL00sD7nU6bS5qVJpqpZWC2ylv2L2gC
VFflHnY1G+10r6enAY+uWf1O2KI3whJ2ogZZOvHTneIPfKxWaehTu0bj1qwYBBnZ
XO337BX6csrbU6DhMtx4MiXIHPxmr34GFeu4lpiyDTPoWRhqR/4blTofPmAIfgmu
mvvPhzQgLX4XaJLGtXjn2kgivdEyyxEq48m6DLDIL7J1n1ZO5GsL5spk/9qYcAGm
cEiHDuLul+FRpQmmweHO4WtxJNSGUZu9WLLXDSJf+jMbFzf8M0TqT2UsucPFj3Ma
BuaXCZqGib6JhIwGRNGzJJ0pY1MnOeCxVtlqquVbSAXy
-----END CERTIFICATE-----