Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1aDQEQPBPAC_w_8fqiW4AIxGWMQ.roa
File:                     1aDQEQPBPAC_w_8fqiW4AIxGWMQ.roa (raw, json)
Hash identifier:          RnK+mcoz8AaUtmlED2tvPM299d9IKX09E3ef+ksQnZg=
Subject key identifier:   D5:A0:D0:11:03:C1:3C:00:BF:C3:FF:1F:AA:25:B8:00:8C:46:58:C4
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E59C89002CE9486083932696D4AADBA45
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1aDQEQPBPAC_w_8fqiW4AIxGWMQ.roa
Signing time:             Sun 24 May 2026 11:39:36 +0000
ROA not before:           Sun 24 May 2026 11:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151389
IP address blocks:        191.44.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:c8:90:02:ce:94:86:08:39:32:69:6d:4a:ad:ba:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 24 11:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5a0d01103c13c00bfc3ff1faa25b8008c4658c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:24:ec:e8:aa:ce:a4:b8:81:5e:ab:18:f6:e1:
                    43:fb:47:08:80:a7:2b:54:ce:09:e4:42:35:28:8e:
                    4c:d3:3f:26:1d:e3:53:d6:6a:2c:c0:89:be:aa:cb:
                    3d:47:f4:3a:75:4b:88:9a:b3:d4:e8:39:a1:34:30:
                    5d:5a:a3:7c:25:96:0d:e4:f1:6f:e0:4d:02:6b:7a:
                    bc:6a:bf:81:bb:e9:95:6a:da:70:d9:33:9e:0d:cc:
                    84:51:1b:a8:19:e2:8b:c3:dd:9b:b2:a9:46:e3:3e:
                    2c:52:54:62:40:4d:ca:4c:54:44:5c:64:61:43:a5:
                    a9:bb:74:b1:09:19:e6:e7:19:01:cc:85:b4:03:35:
                    24:cf:4d:c9:42:4b:da:5c:dc:c3:4f:0e:44:4e:a2:
                    30:17:3d:90:b5:97:9b:75:83:81:9e:d7:6e:2c:29:
                    be:a1:a4:c3:fa:ff:82:2d:68:f9:06:78:22:ec:34:
                    65:83:e9:b5:6d:f1:02:37:3c:37:36:38:b6:6e:e7:
                    57:68:f3:ec:58:d3:ce:01:a8:cc:51:aa:b9:c3:d1:
                    77:8b:53:7e:b7:10:14:36:3a:a6:a1:99:2e:f3:7b:
                    aa:6c:03:59:7f:79:3b:a0:52:81:a2:b0:5b:2b:bd:
                    0b:8c:e1:c9:41:2a:92:59:0e:5d:25:fc:b1:96:1e:
                    79:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A0:D0:11:03:C1:3C:00:BF:C3:FF:1F:AA:25:B8:00:8C:46:58:C4
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1aDQEQPBPAC_w_8fqiW4AIxGWMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:4f:b0:f5:bd:01:14:d5:f3:1a:53:8e:b1:71:34:fe:19:ad:
         bf:03:02:47:45:57:82:5d:a1:c8:cf:7d:97:dc:f3:42:a9:a7:
         c6:76:68:83:fb:29:14:f8:48:35:d9:81:6c:44:d4:1e:51:c6:
         4c:39:43:fa:cf:88:1f:29:97:8f:c8:9a:80:08:f4:4d:22:e2:
         a7:45:16:6b:00:d5:0c:3b:09:8c:9f:01:2c:f4:01:46:cb:90:
         07:e2:4f:a4:75:ba:f1:37:3a:69:cf:91:bb:61:5e:b0:bc:50:
         5f:25:69:17:b2:04:b8:a5:48:87:59:34:14:de:0b:77:29:2f:
         33:ce:62:3e:62:b7:f5:10:b8:7e:45:a6:2c:b8:fa:b4:04:6d:
         ce:2b:9f:26:09:f9:aa:b4:02:0f:21:20:f2:6b:2e:31:b7:f2:
         97:a8:25:cf:66:7b:7b:a6:72:45:28:be:09:a3:2a:80:3a:6e:
         17:92:7d:a6:8e:95:fb:aa:94:da:8e:fd:34:60:1e:72:ba:0f:
         e7:a3:6d:5b:7f:49:c8:df:a4:f0:70:99:c3:b3:54:b7:5c:30:
         d2:81:03:fe:e7:fa:56:98:35:0f:5b:3b:79:a6:02:e6:fc:72:
         f5:19:91:23:00:1b:80:35:01:91:72:95:2d:da:37:e3:66:69:
         10:32:f7:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ZyJACzpSGCDkyaW1KrbpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTI0MTEzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWEwZDAxMTAzYzEzYzAwYmZjM2ZmMWZhYTI1YjgwMDhjNDY1OGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iTs6KrOpLiBXqsY9uFD+0cIgKcr
VM4J5EI1KI5M0z8mHeNT1moswIm+qss9R/Q6dUuImrPU6DmhNDBdWqN8JZYN5PFv
4E0Ca3q8ar+Bu+mVatpw2TOeDcyEURuoGeKLw92bsqlG4z4sUlRiQE3KTFREXGRh
Q6Wpu3SxCRnm5xkBzIW0AzUkz03JQkvaXNzDTw5ETqIwFz2QtZebdYOBntduLCm+
oaTD+v+CLWj5Bngi7DRlg+m1bfECNzw3Nji2budXaPPsWNPOAajMUaq5w9F3i1N+
txAUNjqmoZku83uqbANZf3k7oFKBorBbK70LjOHJQSqSWQ5dJfyxlh55vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWg0BEDwTwAv8P/H6oluACMRljEMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvMWFEUUVRUEJQQUNfd184ZnFpVzRBSXhHV01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxVMA0G
CSqGSIb3DQEBCwUAA4IBAQACT7D1vQEU1fMaU46xcTT+Ga2/AwJHRVeCXaHIz32X
3PNCqafGdmiD+ykU+Eg12YFsRNQeUcZMOUP6z4gfKZePyJqACPRNIuKnRRZrANUM
OwmMnwEs9AFGy5AH4k+kdbrxNzppz5G7YV6wvFBfJWkXsgS4pUiHWTQU3gt3KS8z
zmI+Yrf1ELh+RaYsuPq0BG3OK58mCfmqtAIPISDyay4xt/KXqCXPZnt7pnJFKL4J
oyqAOm4Xkn2mjpX7qpTajv00YB5yug/no21bf0nI36TwcJnDs1S3XDDSgQP+5/pW
mDUPWzt5pgLm/HL1GZEjABuANQGRcpUt2jfjZmkQMvdI
-----END CERTIFICATE-----