Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1qpAl4bTS8EVENkLAwILH5C8a8A.roa
File:                     1qpAl4bTS8EVENkLAwILH5C8a8A.roa (raw, json)
Hash identifier:          xf0YY0lUTQ36a4ZM0Ib91bNmA7fKC7ZOqgsJfC456BE=
Subject key identifier:   D6:AA:40:97:86:D3:4B:C1:15:10:D9:0B:03:02:0B:1F:90:BC:6B:C0
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E3FF3B65EFE20E0FD28A21D02362A86C1
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1qpAl4bTS8EVENkLAwILH5C8a8A.roa
Signing time:             Tue 19 May 2026 11:16:36 +0000
ROA not before:           Tue 19 May 2026 11:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216416
IP address blocks:        191.44.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:f3:b6:5e:fe:20:e0:fd:28:a2:1d:02:36:2a:86:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 19 11:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6aa409786d34bc11510d90b03020b1f90bc6bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:c5:aa:63:3f:b3:2c:b3:b4:79:71:fc:c1:
                    31:23:df:5c:79:de:83:7a:32:73:c2:c2:ce:1e:5a:
                    05:8c:2b:f6:ec:c7:44:86:e1:53:e6:01:d9:ea:b4:
                    a1:a9:83:5e:0a:bd:7c:f2:3b:76:c5:38:04:1e:11:
                    ff:81:81:12:0d:cf:76:83:c2:06:a3:96:d1:e8:b9:
                    48:39:5e:2a:72:52:80:bd:ba:17:f9:0b:c6:85:00:
                    1d:5c:bf:a4:cf:88:78:1a:0d:d5:7f:3f:ad:34:99:
                    08:a0:b0:7e:8e:47:43:e1:72:12:c8:2b:80:cb:17:
                    a0:c0:b0:43:c6:5c:e8:d4:c3:89:a9:2b:d9:43:f6:
                    e3:e8:bf:9a:60:eb:95:ea:f8:c1:de:db:c5:34:c5:
                    98:7f:28:78:5d:4f:33:c3:1d:62:c6:65:d6:b7:d5:
                    fb:05:53:1c:2f:61:bb:82:f8:37:5e:1c:75:54:b2:
                    08:d0:5e:6a:6e:1f:b0:4c:09:11:8e:84:69:e0:aa:
                    60:f4:25:7f:35:d9:88:a8:a2:7e:3e:ee:f4:23:7b:
                    3b:d0:b9:80:db:9b:45:e8:91:7a:89:42:c1:4d:0e:
                    71:bd:6a:ec:85:6e:86:2c:b7:e5:21:56:ea:45:46:
                    08:50:60:6f:d1:97:fc:d3:db:2e:ff:d0:d4:ef:aa:
                    25:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AA:40:97:86:D3:4B:C1:15:10:D9:0B:03:02:0B:1F:90:BC:6B:C0
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/1qpAl4bTS8EVENkLAwILH5C8a8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:c1:f9:88:20:53:ba:f1:c3:05:4d:4b:14:3e:12:b5:6a:18:
         12:b8:d2:fe:4d:b2:d2:55:1e:4e:d3:1e:20:72:81:d3:47:dd:
         59:11:5a:7f:21:f6:93:bb:df:74:4a:53:4f:db:1e:d8:40:a3:
         dc:4f:ff:c5:89:10:bb:a3:3b:6c:e2:ec:09:79:01:75:9a:91:
         66:30:db:e9:6d:da:7b:11:e1:c2:8d:c2:14:e0:7d:b3:cf:97:
         d6:84:ce:40:75:fd:cb:a2:84:62:b2:a7:e9:b7:63:38:e0:c4:
         1d:fc:aa:b9:3f:a6:0a:2b:e8:dc:f1:04:63:e5:39:5d:bd:1e:
         e5:93:ef:74:99:8e:5e:f6:ef:1f:93:2c:6f:d3:cd:6f:27:c3:
         aa:03:92:f8:58:3e:fa:85:b0:d5:a1:e7:a8:2e:0b:fa:63:77:
         f0:14:4a:12:22:ef:90:fb:2a:51:77:f2:f8:78:91:e8:43:ff:
         cc:5c:5c:3f:8d:dd:79:4a:e9:17:85:6f:a9:16:e0:db:5b:78:
         70:92:ba:03:87:91:e7:66:0b:82:1c:db:42:eb:55:d9:44:76:
         86:95:ec:50:6b:4d:76:23:4a:8a:34:b0:3d:9f:9a:9e:96:fb:
         a1:ed:eb:58:ac:0f:4e:e0:9a:13:3e:6a:80:1a:66:b5:f9:80:
         74:4c:b0:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/87Ze/iDg/SiiHQI2KobBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTE5MTExNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmFhNDA5Nzg2ZDM0YmMxMTUxMGQ5MGIwMzAyMGIxZjkwYmM2YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOLFqmM/syyztHlx/MExI99ced6D
ejJzwsLOHloFjCv27MdEhuFT5gHZ6rShqYNeCr188jt2xTgEHhH/gYESDc92g8IG
o5bR6LlIOV4qclKAvboX+QvGhQAdXL+kz4h4Gg3Vfz+tNJkIoLB+jkdD4XISyCuA
yxegwLBDxlzo1MOJqSvZQ/bj6L+aYOuV6vjB3tvFNMWYfyh4XU8zwx1ixmXWt9X7
BVMcL2G7gvg3Xhx1VLII0F5qbh+wTAkRjoRp4Kpg9CV/NdmIqKJ+Pu70I3s70LmA
25tF6JF6iULBTQ5xvWrshW6GLLflIVbqRUYIUGBv0Zf809su/9DU76ol4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaqQJeG00vBFRDZCwMCCx+QvGvAMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvMXFwQWw0YlRTOEVWRU5rTEF3SUxINUM4YThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxOMA0G
CSqGSIb3DQEBCwUAA4IBAQBcwfmIIFO68cMFTUsUPhK1ahgSuNL+TbLSVR5O0x4g
coHTR91ZEVp/IfaTu990SlNP2x7YQKPcT//FiRC7ozts4uwJeQF1mpFmMNvpbdp7
EeHCjcIU4H2zz5fWhM5Adf3LooRisqfpt2M44MQd/Kq5P6YKK+jc8QRj5TldvR7l
k+90mY5e9u8fkyxv081vJ8OqA5L4WD76hbDVoeeoLgv6Y3fwFEoSIu+Q+ypRd/L4
eJHoQ//MXFw/jd15SukXhW+pFuDbW3hwkroDh5HnZguCHNtC61XZRHaGlexQa012
I0qKNLA9n5qelvuh7etYrA9O4JoTPmqAGma1+YB0TLDM
-----END CERTIFICATE-----