Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1jPrjcP2Oj8_AmzW5zOOcEBA9t8.roa
File:                     1jPrjcP2Oj8_AmzW5zOOcEBA9t8.roa (raw, json)
Hash identifier:          AEgZaSkuaCzxd1rcrgHOutoGBk8puLKlgjW59hEh1Oo=
Subject key identifier:   D6:33:EB:8D:C3:F6:3A:3F:3F:02:6C:D6:E7:33:8E:70:40:40:F6:DF
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E69F9ECA36DB55C179207F987B06E0ECF
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1jPrjcP2Oj8_AmzW5zOOcEBA9t8.roa
Signing time:             Wed 27 May 2026 15:07:27 +0000
ROA not before:           Wed 27 May 2026 15:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        191.44.92.0/24 maxlen: 24
                          191.44.98.0/24 maxlen: 24
                          191.44.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:69:f9:ec:a3:6d:b5:5c:17:92:07:f9:87:b0:6e:0e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 27 15:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d633eb8dc3f63a3f3f026cd6e7338e704040f6df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b6:e1:23:b6:c1:92:6d:22:73:49:db:66:52:
                    3e:1a:c0:38:43:cd:4b:8a:ef:0d:af:65:df:f6:bd:
                    47:94:72:09:27:47:dd:ea:96:ea:b1:95:02:4d:f3:
                    1d:dd:72:57:45:52:62:1a:80:38:72:ab:37:ae:e6:
                    92:82:d0:0d:43:65:42:f9:38:8f:4c:ee:25:d6:7f:
                    17:16:31:c8:f9:66:1c:83:13:89:cf:65:90:0e:a1:
                    40:88:e7:0f:b4:91:f0:09:68:ab:0f:7d:a9:9b:69:
                    65:63:ad:fd:7f:60:21:4c:f5:b4:1b:a5:d7:1f:a3:
                    0f:0e:43:d2:21:55:d5:90:a7:76:8f:0d:65:db:11:
                    89:d5:88:22:02:23:8a:8a:88:87:17:6b:49:12:ff:
                    eb:33:78:3f:3d:99:52:c3:0e:36:f7:a0:76:a8:43:
                    2c:94:30:5e:a4:dd:c0:ff:0c:61:a3:9c:5d:1f:c4:
                    2b:11:9c:66:6d:2f:41:38:b1:22:d0:08:6f:1b:c0:
                    7b:0c:43:ad:a4:5d:46:5c:14:f9:5c:54:93:8a:51:
                    7a:58:53:6d:d0:5c:10:8f:a0:da:ef:06:e4:01:9c:
                    bb:49:29:bf:af:92:21:30:97:26:a9:f8:75:57:6d:
                    f7:9b:ef:bb:67:e2:ee:e4:e4:c2:9c:11:10:78:1a:
                    3e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:33:EB:8D:C3:F6:3A:3F:3F:02:6C:D6:E7:33:8E:70:40:40:F6:DF
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1jPrjcP2Oj8_AmzW5zOOcEBA9t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.92.0/24
                  191.44.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:22:ed:75:45:f0:37:f8:fd:9d:36:48:76:7b:d1:f8:8a:5c:
         ad:04:60:2a:9e:27:51:96:8d:ed:f2:04:96:0f:52:aa:79:67:
         c8:35:61:7c:5a:f5:93:a1:a0:f3:09:7c:14:a7:33:3c:3a:9f:
         6d:a5:12:fb:f2:f9:0b:e5:52:30:6a:d8:8e:ce:e0:83:00:5b:
         78:52:c3:91:9d:e0:0a:ae:82:f6:bc:a3:b2:4a:1d:2f:1a:10:
         38:ca:92:02:fa:04:75:1c:6e:39:c1:2a:ec:42:b1:5f:3e:f5:
         95:80:5b:b3:1d:0b:3d:65:21:36:25:20:f0:66:40:04:fa:83:
         70:74:53:08:0f:33:7a:28:66:88:82:9a:8e:2a:ad:05:d6:d8:
         7b:ed:5c:bf:f5:d4:01:84:b8:a2:c8:a9:69:64:76:ee:a2:9d:
         e2:08:9b:3b:70:33:5c:29:45:2a:5e:b8:0f:68:1a:fa:d8:7e:
         db:b5:02:f7:6a:f3:91:78:83:70:02:1f:f5:1f:cb:0a:5f:9c:
         82:b9:d6:a0:2e:b4:89:8e:25:10:d1:c1:75:6c:16:9c:81:be:
         45:1c:2e:07:97:5e:d4:62:19:b9:80:41:f5:4d:c6:07:91:d4:
         9b:6b:79:65:9c:e8:59:7b:77:3b:ce:9c:3e:80:9c:79:f4:f8:
         ee:33:32:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5p+eyjbbVcF5IH+Yewbg7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTI3MTUwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjMzZWI4ZGMzZjYzYTNmM2YwMjZjZDZlNzMzOGU3MDQwNDBmNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rbhI7bBkm0ic0nbZlI+GsA4Q81L
iu8Nr2Xf9r1HlHIJJ0fd6pbqsZUCTfMd3XJXRVJiGoA4cqs3ruaSgtANQ2VC+TiP
TO4l1n8XFjHI+WYcgxOJz2WQDqFAiOcPtJHwCWirD32pm2llY639f2AhTPW0G6XX
H6MPDkPSIVXVkKd2jw1l2xGJ1YgiAiOKioiHF2tJEv/rM3g/PZlSww4296B2qEMs
lDBepN3A/wxho5xdH8QrEZxmbS9BOLEi0AhvG8B7DEOtpF1GXBT5XFSTilF6WFNt
0FwQj6Da7wbkAZy7SSm/r5IhMJcmqfh1V233m++7Z+Lu5OTCnBEQeBo+6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYz643D9jo/PwJs1uczjnBAQPbfMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvMWpQcmpjUDJPajhfQW16VzV6T09jRUJBOXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvyxcAwQB
vyxiMA0GCSqGSIb3DQEBCwUAA4IBAQCVIu11RfA3+P2dNkh2e9H4ilytBGAqnidR
lo3t8gSWD1KqeWfINWF8WvWToaDzCXwUpzM8Op9tpRL78vkL5VIwatiOzuCDAFt4
UsORneAKroL2vKOySh0vGhA4ypIC+gR1HG45wSrsQrFfPvWVgFuzHQs9ZSE2JSDw
ZkAE+oNwdFMIDzN6KGaIgpqOKq0F1th77Vy/9dQBhLiiyKlpZHbuop3iCJs7cDNc
KUUqXrgPaBr62H7btQL3avOReINwAh/1H8sKX5yCudagLrSJjiUQ0cF1bBacgb5F
HC4Hl17UYhm5gEH1TcYHkdSba3llnOhZe3c7zpw+gJx59PjuMzLM
-----END CERTIFICATE-----