Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8kaPWUt3LTB-nTOBG8BeXyCt8fk.roa
File:                     8kaPWUt3LTB-nTOBG8BeXyCt8fk.roa (raw, json)
Hash identifier:          qe4IgtnINsi8fCVJudGH7hMV4bWsJb8TramXpFBtIiU=
Subject key identifier:   F2:46:8F:59:4B:77:2D:30:7E:9D:33:81:1B:C0:5E:5F:20:AD:F1:F9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E137863C5DA75A6590147F798ABCA8A04
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8kaPWUt3LTB-nTOBG8BeXyCt8fk.roa
Signing time:             Sun 10 May 2026 19:58:37 +0000
ROA not before:           Sun 10 May 2026 19:58:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        144.31.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:13:78:63:c5:da:75:a6:59:01:47:f7:98:ab:ca:8a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 10 19:58:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2468f594b772d307e9d33811bc05e5f20adf1f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a0:ce:7c:cd:61:cf:5f:31:6c:72:86:42:05:
                    f8:40:2c:d8:87:1f:39:df:32:f4:d1:85:b7:c5:94:
                    2c:27:51:1f:17:28:17:82:c9:4f:11:74:5d:82:46:
                    b9:82:77:92:42:d4:88:58:5f:57:65:ad:0e:d3:89:
                    eb:47:61:c1:6f:a8:76:31:45:80:6f:5b:e1:04:20:
                    8b:fd:a2:4d:13:ce:b8:7a:87:8e:48:29:c8:59:03:
                    1e:59:8c:d3:79:ea:5a:f8:15:2d:c3:be:ac:cd:5d:
                    fe:02:b7:89:d7:5f:0f:e2:0b:7e:e9:a2:b9:80:3b:
                    fb:83:da:1b:ec:40:86:7b:4c:33:69:a2:89:e2:58:
                    eb:1e:be:2c:bd:b7:61:36:0a:68:ec:42:f8:ba:f6:
                    4f:7c:c6:80:d5:0d:9d:34:3e:5e:f0:5d:1f:d7:74:
                    eb:d1:10:94:63:bc:f6:28:e9:27:7a:ca:11:2f:9e:
                    b4:77:13:07:81:b3:c7:f8:35:21:f9:f8:e2:f2:28:
                    47:31:5d:1c:dc:a0:79:27:6b:78:45:84:12:c5:b9:
                    23:7a:1c:f2:02:d4:43:d8:ff:88:3c:32:01:37:ae:
                    fa:1c:b2:28:7a:fe:d0:29:b6:25:36:b5:a2:e1:fa:
                    e6:c5:db:58:8f:ed:9b:62:4b:b1:f5:95:1f:6c:7e:
                    75:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:46:8F:59:4B:77:2D:30:7E:9D:33:81:1B:C0:5E:5F:20:AD:F1:F9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8kaPWUt3LTB-nTOBG8BeXyCt8fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:16:4f:3b:16:0c:03:47:a4:a6:83:24:52:90:a7:b4:f0:25:
         da:b3:6d:08:45:30:83:c5:ba:b7:69:c3:ab:eb:be:2b:e2:61:
         fc:02:1b:de:18:e8:4f:75:5a:c8:2d:5f:43:c9:f1:69:a4:82:
         f6:98:29:90:33:57:36:7a:37:47:bd:0f:ce:f1:f3:08:b1:0b:
         fe:50:03:75:ce:e1:55:be:bb:17:cb:ad:9b:99:7a:03:b3:f2:
         b7:e3:df:26:97:19:7b:dc:d3:cf:29:4f:6a:f8:dc:3b:bb:6e:
         d7:b7:4c:d1:7d:b0:11:1e:db:b5:06:9b:59:27:e3:23:4a:0d:
         60:fe:86:69:82:5e:81:cb:9f:45:8a:93:a8:ce:8a:80:b6:6a:
         71:fb:5c:f0:f8:7f:da:8b:86:8d:aa:b7:a6:8f:bc:0b:4e:e2:
         9e:71:6a:51:e9:50:29:85:48:e4:c7:35:8f:91:cd:bf:b0:e2:
         43:08:1f:c9:86:e2:1c:b9:9a:b7:ef:e2:90:31:7c:2b:ec:c6:
         dd:3b:6d:70:0d:cf:df:b2:5f:dd:79:91:9d:a8:cb:2a:1f:7a:
         0d:40:17:6f:cf:13:12:11:84:ce:97:9a:16:31:28:8a:83:3a:
         96:0d:5d:1b:c7:28:89:e7:90:b1:56:4f:01:15:65:93:a0:4b:
         aa:97:90:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4TeGPF2nWmWQFH95iryooEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTEwMTk1ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ2OGY1OTRiNzcyZDMwN2U5ZDMzODExYmMwNWU1ZjIwYWRmMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaDOfM1hz18xbHKGQgX4QCzYhx85
3zL00YW3xZQsJ1EfFygXgslPEXRdgka5gneSQtSIWF9XZa0O04nrR2HBb6h2MUWA
b1vhBCCL/aJNE864eoeOSCnIWQMeWYzTeepa+BUtw76szV3+AreJ118P4gt+6aK5
gDv7g9ob7ECGe0wzaaKJ4ljrHr4svbdhNgpo7EL4uvZPfMaA1Q2dND5e8F0f13Tr
0RCUY7z2KOknesoRL560dxMHgbPH+DUh+fji8ihHMV0c3KB5J2t4RYQSxbkjehzy
AtRD2P+IPDIBN676HLIoev7QKbYlNrWi4frmxdtYj+2bYkux9ZUfbH51fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJGj1lLdy0wfp0zgRvAXl8grfH5MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOGthUFdVdDNMVEItblRPQkc4QmVYeUN0OGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB8hMA0G
CSqGSIb3DQEBCwUAA4IBAQAIFk87FgwDR6SmgyRSkKe08CXas20IRTCDxbq3acOr
674r4mH8AhveGOhPdVrILV9DyfFppIL2mCmQM1c2ejdHvQ/O8fMIsQv+UAN1zuFV
vrsXy62bmXoDs/K3498mlxl73NPPKU9q+Nw7u27Xt0zRfbARHtu1BptZJ+MjSg1g
/oZpgl6By59FipOozoqAtmpx+1zw+H/ai4aNqremj7wLTuKecWpR6VAphUjkxzWP
kc2/sOJDCB/JhuIcuZq37+KQMXwr7MbdO21wDc/fsl/deZGdqMsqH3oNQBdvzxMS
EYTOl5oWMSiKgzqWDV0bxyiJ55CxVk8BFWWToEuql5Bj
-----END CERTIFICATE-----