Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tcQM5-jYVYFGm6DJD3PkvwiwLNo.roa
File:                     tcQM5-jYVYFGm6DJD3PkvwiwLNo.roa (raw, json)
Hash identifier:          vQDF5M/Y84mrp48eyLndoDdSFI7vXdOJGnMxzQk8KXk=
Subject key identifier:   B5:C4:0C:E7:E8:D8:55:81:46:9B:A0:C9:0F:73:E4:BF:08:B0:2C:DA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019C33D39C16D0979838989DD2626907D8EE
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tcQM5-jYVYFGm6DJD3PkvwiwLNo.roa
Signing time:             Fri 06 Feb 2026 16:40:31 +0000
ROA not before:           Fri 06 Feb 2026 16:40:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        144.31.42.0/24 maxlen: 24
                          144.31.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 14:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:33:d3:9c:16:d0:97:98:38:98:9d:d2:62:69:07:d8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb  6 16:40:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5c40ce7e8d85581469ba0c90f73e4bf08b02cda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c1:5c:92:77:f0:73:42:b2:16:bb:3d:3d:5b:
                    78:1f:5d:18:c0:ac:c9:bc:5d:eb:e9:8b:a9:cb:42:
                    26:55:d6:00:ae:09:de:7b:2b:62:1c:ff:a6:79:36:
                    57:0f:6c:1f:e1:ce:60:68:52:24:bf:4a:2a:a6:8e:
                    45:9f:13:3b:f5:a4:2a:8d:96:ea:a3:86:60:71:3c:
                    d0:0e:c0:ec:75:32:59:00:9d:d4:f0:90:43:1b:1d:
                    eb:8a:b7:4b:a1:8d:ee:4c:f2:f1:55:b7:ce:47:ec:
                    8a:17:aa:3b:eb:4b:86:e5:16:e6:0a:27:e9:19:d2:
                    fc:5a:c8:fb:74:4a:31:23:67:52:55:61:5e:1e:9a:
                    36:87:77:8f:d1:4a:22:b5:3f:df:3e:06:c8:db:88:
                    f7:e4:cf:7b:34:a1:0d:0d:2b:e9:3d:1c:18:a4:62:
                    58:d9:1a:54:48:a0:10:0e:1b:03:fd:d7:9e:c0:70:
                    3f:b2:da:48:d3:88:2e:24:03:6e:40:9c:79:a0:98:
                    80:b7:8f:5c:0e:a8:1f:da:c8:f8:cb:6a:b8:85:42:
                    2c:7e:34:15:02:d8:25:ca:3d:72:e4:4d:08:07:4c:
                    62:3f:64:8a:49:06:ad:a5:80:3d:d9:14:d7:b6:3c:
                    95:47:96:cc:bb:8b:cd:55:6b:1b:52:14:d1:56:34:
                    89:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C4:0C:E7:E8:D8:55:81:46:9B:A0:C9:0F:73:E4:BF:08:B0:2C:DA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/tcQM5-jYVYFGm6DJD3PkvwiwLNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.42.0/24
                  144.31.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:68:a3:e3:eb:cd:17:5b:26:d7:5c:ef:d4:70:48:b1:f2:00:
         d7:1e:44:ef:11:8c:82:5c:8b:09:8b:c6:4b:a8:41:f3:22:17:
         0f:95:b5:20:a1:48:7c:dc:aa:e1:5d:ef:ab:0f:71:16:e6:c3:
         93:7b:85:72:14:e5:8b:3a:e2:f5:be:b7:2f:b8:7b:e8:0a:38:
         c4:f2:e9:83:81:87:22:10:89:44:61:48:38:5e:f2:75:0d:6a:
         b2:b7:9a:88:29:04:34:89:bd:9e:13:61:ec:f3:db:de:a6:68:
         6d:a9:fd:63:95:81:0f:f3:b0:20:be:98:2c:47:8f:d8:4c:6f:
         98:81:fa:5e:d1:83:1f:85:64:5c:7b:2f:09:2f:f5:c1:74:b4:
         56:7e:84:49:bb:b4:7a:dd:82:ec:92:da:91:8b:a7:32:b2:a1:
         84:0a:26:f2:44:07:84:73:61:ee:5a:78:a1:52:71:52:b4:7d:
         62:ba:55:20:62:3f:20:aa:f5:63:f3:d6:91:d4:4f:e5:22:55:
         64:aa:89:b6:b0:73:82:1e:01:d3:27:5a:7e:69:1d:fe:1f:74:
         22:c8:39:d6:6a:76:f8:37:97:67:ba:a4:24:4c:03:05:56:1e:
         71:80:c8:05:ab:b4:3d:3d:58:b1:70:12:8a:57:56:1c:e0:a6:
         c4:f6:38:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwz05wW0JeYOJid0mJpB9juMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMjA2MTY0MDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM0MGNlN2U4ZDg1NTgxNDY5YmEwYzkwZjczZTRiZjA4YjAyY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMFcknfwc0KyFrs9PVt4H10YwKzJ
vF3r6Yupy0ImVdYArgneeytiHP+meTZXD2wf4c5gaFIkv0oqpo5FnxM79aQqjZbq
o4ZgcTzQDsDsdTJZAJ3U8JBDGx3rirdLoY3uTPLxVbfOR+yKF6o760uG5RbmCifp
GdL8Wsj7dEoxI2dSVWFeHpo2h3eP0UoitT/fPgbI24j35M97NKENDSvpPRwYpGJY
2RpUSKAQDhsD/deewHA/stpI04guJANuQJx5oJiAt49cDqgf2sj4y2q4hUIsfjQV
Atglyj1y5E0IB0xiP2SKSQatpYA92RTXtjyVR5bMu4vNVWsbUhTRVjSJ7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLXEDOfo2FWBRpugyQ9z5L8IsCzaMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdGNRTTUtallWWUZHbTZESkQzUGt2d2l3TE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkB8qAwQA
kB8sMA0GCSqGSIb3DQEBCwUAA4IBAQBqaKPj680XWybXXO/UcEix8gDXHkTvEYyC
XIsJi8ZLqEHzIhcPlbUgoUh83KrhXe+rD3EW5sOTe4VyFOWLOuL1vrcvuHvoCjjE
8umDgYciEIlEYUg4XvJ1DWqyt5qIKQQ0ib2eE2Hs89vepmhtqf1jlYEP87Agvpgs
R4/YTG+Ygfpe0YMfhWRcey8JL/XBdLRWfoRJu7R63YLsktqRi6cysqGECibyRAeE
c2HuWnihUnFStH1iulUgYj8gqvVj89aR1E/lIlVkqom2sHOCHgHTJ1p+aR3+H3Qi
yDnWanb4N5dnuqQkTAMFVh5xgMgFq7Q9PVixcBKKV1Yc4KbE9jh4
-----END CERTIFICATE-----