Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/21NcYfRsremo1THdF4Fu_-amfjk.roa
File:                     21NcYfRsremo1THdF4Fu_-amfjk.roa (raw, json)
Hash identifier:          vjZQelzID1bkQLOFIHE/oKQQTaP/AQvVzCiWIvtxNWA=
Subject key identifier:   DB:53:5C:61:F4:6C:AD:E9:A8:D5:31:DD:17:81:6E:FF:E6:A6:7E:39
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E4662BF75C8AF699935626722535B291A
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/21NcYfRsremo1THdF4Fu_-amfjk.roa
Signing time:             Wed 20 May 2026 17:15:37 +0000
ROA not before:           Wed 20 May 2026 17:15:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203545
IP address blocks:        191.44.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:62:bf:75:c8:af:69:99:35:62:67:22:53:5b:29:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 20 17:15:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db535c61f46cade9a8d531dd17816effe6a67e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f8:08:34:48:7a:e8:cb:2e:cd:17:28:41:91:
                    bf:7a:42:ae:e5:48:16:9e:1b:31:85:8f:0d:32:bd:
                    be:5f:f5:36:bb:f7:07:c1:0b:7d:39:6b:a4:55:0d:
                    c1:db:81:72:fb:6b:77:df:2e:66:57:d2:3c:b6:16:
                    d9:57:60:3c:11:9d:89:bc:7d:00:da:7c:48:fa:d5:
                    74:e1:a7:33:6a:cc:08:fc:7e:f4:bb:93:21:20:60:
                    c9:7b:05:ba:1c:47:d6:98:ba:d9:96:c7:99:b6:30:
                    2d:83:ce:cc:6a:cb:de:fd:70:8f:a1:57:af:28:37:
                    78:4d:2c:ec:75:9e:12:62:99:2d:f8:ee:5e:e3:36:
                    39:ae:d5:5a:e5:f2:b2:fc:02:36:7d:0d:5d:1c:f2:
                    8a:92:6b:3e:b9:3a:3e:7f:c8:ed:38:7e:7c:85:68:
                    b7:8c:72:66:84:cf:c1:d4:85:fa:dc:cb:2f:7f:3a:
                    ae:98:95:b9:97:d5:aa:89:fa:74:d7:97:e8:6e:27:
                    c2:c3:b7:c8:2b:6d:4f:e4:4d:7f:00:bd:68:ae:30:
                    e2:37:45:6f:01:4e:19:0f:76:aa:98:34:e5:e1:e7:
                    45:39:a5:17:21:cd:9e:4c:b3:87:d9:81:30:ca:8f:
                    2e:cb:e0:d0:78:a9:10:53:a7:7d:7e:09:85:cf:c1:
                    51:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:53:5C:61:F4:6C:AD:E9:A8:D5:31:DD:17:81:6E:FF:E6:A6:7E:39
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/21NcYfRsremo1THdF4Fu_-amfjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:89:9d:61:af:3a:28:8d:ef:61:a8:95:1f:c4:f2:ef:cd:3f:
         4f:b9:34:d5:1d:96:e1:d3:f5:4a:b4:df:0f:7c:2d:32:a5:36:
         f3:d5:34:95:31:5e:1a:8a:7c:df:9c:b5:fc:1b:a6:1f:b7:2b:
         e0:79:ac:fa:c0:92:87:52:3b:aa:11:f9:bf:49:c3:9b:51:fc:
         82:9a:de:32:88:bb:af:9f:ae:2f:31:a1:79:1f:49:50:dc:be:
         39:c8:e1:2d:82:c5:82:b3:b7:9d:24:bf:f8:1e:d4:f7:1e:00:
         b8:93:e7:3f:28:0a:b1:ba:30:11:7a:8e:ab:77:c9:88:91:6d:
         a7:87:d1:21:83:ad:2f:04:fd:91:03:8d:bf:1b:71:3d:e4:9d:
         32:bf:82:f5:62:44:30:51:96:db:05:be:dc:34:a0:de:a0:a9:
         51:7c:e7:56:d7:ee:55:96:bb:19:e6:2e:95:41:87:97:7f:15:
         40:b4:40:72:2d:f0:91:dd:96:79:2b:2e:1f:bd:5a:75:a3:83:
         b4:23:22:54:a1:7d:ff:e9:c5:25:be:b8:08:3c:8c:b3:63:65:
         af:42:0f:e5:10:54:11:b2:1d:11:90:f5:1d:0f:b6:fc:f5:f6:
         20:6b:f3:2e:3d:03:46:d7:ff:f7:ed:f1:77:46:c9:ac:79:b7:
         58:1b:66:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GYr91yK9pmTViZyJTWykaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTIwMTcxNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjUzNWM2MWY0NmNhZGU5YThkNTMxZGQxNzgxNmVmZmU2YTY3ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPgINEh66MsuzRcoQZG/ekKu5UgW
nhsxhY8NMr2+X/U2u/cHwQt9OWukVQ3B24Fy+2t33y5mV9I8thbZV2A8EZ2JvH0A
2nxI+tV04aczaswI/H70u5MhIGDJewW6HEfWmLrZlseZtjAtg87Masve/XCPoVev
KDd4TSzsdZ4SYpkt+O5e4zY5rtVa5fKy/AI2fQ1dHPKKkms+uTo+f8jtOH58hWi3
jHJmhM/B1IX63MsvfzqumJW5l9Wqifp015fobifCw7fIK21P5E1/AL1orjDiN0Vv
AU4ZD3aqmDTl4edFOaUXIc2eTLOH2YEwyo8uy+DQeKkQU6d9fgmFz8FR8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtTXGH0bK3pqNUx3ReBbv/mpn45MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvMjFOY1lmUnNyZW1vMVRIZEY0RnVfLWFtZmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxGMA0G
CSqGSIb3DQEBCwUAA4IBAQBpiZ1hrzooje9hqJUfxPLvzT9PuTTVHZbh0/VKtN8P
fC0ypTbz1TSVMV4ainzfnLX8G6Yftyvgeaz6wJKHUjuqEfm/ScObUfyCmt4yiLuv
n64vMaF5H0lQ3L45yOEtgsWCs7edJL/4HtT3HgC4k+c/KAqxujAReo6rd8mIkW2n
h9Ehg60vBP2RA42/G3E95J0yv4L1YkQwUZbbBb7cNKDeoKlRfOdW1+5VlrsZ5i6V
QYeXfxVAtEByLfCR3ZZ5Ky4fvVp1o4O0IyJUoX3/6cUlvrgIPIyzY2WvQg/lEFQR
sh0RkPUdD7b89fYga/MuPQNG1//37fF3RsmsebdYG2Yo
-----END CERTIFICATE-----