Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/3ctZQUozMKkDVo59fLMZssh8XaA.roa
File:                     3ctZQUozMKkDVo59fLMZssh8XaA.roa (raw, json)
Hash identifier:          KSpBuKqiKqBujIhTOJYqoBunSyhHcexE+/SV+7vpRy4=
Subject key identifier:   DD:CB:59:41:4A:33:30:A9:03:56:8E:7D:7C:B3:19:B2:C8:7C:5D:A0
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DB158E640A0DC34F18AC47F6038EC6E57
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/3ctZQUozMKkDVo59fLMZssh8XaA.roa
Signing time:             Tue 21 Apr 2026 18:41:26 +0000
ROA not before:           Tue 21 Apr 2026 18:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        191.44.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 18:41:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b1:58:e6:40:a0:dc:34:f1:8a:c4:7f:60:38:ec:6e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 21 18:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddcb59414a3330a903568e7d7cb319b2c87c5da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b9:3e:70:0d:dc:0f:85:dd:c5:76:41:45:0a:
                    b3:e5:dd:d9:ac:db:d0:89:71:41:e7:ec:25:ab:f6:
                    3e:14:1f:1a:78:73:99:5d:b1:02:d1:ec:1e:96:63:
                    ca:dc:e2:df:43:6b:04:12:48:3d:2e:55:b9:a5:cb:
                    60:38:1a:1c:27:bd:8b:49:ff:1e:30:5e:5e:c6:ec:
                    31:a6:df:c1:53:5c:5c:13:5f:8b:e9:8c:5d:b1:25:
                    74:16:52:40:c2:16:36:e8:d1:e2:e9:c1:30:7e:66:
                    59:f2:90:51:d0:26:f1:a8:a9:ae:d9:17:b7:67:bd:
                    c8:4d:2f:48:9e:6d:d4:f6:78:50:27:cb:b1:6a:6e:
                    7e:a9:1a:58:75:8d:c1:dd:c5:5c:5c:7d:a9:c0:d8:
                    92:fd:d2:e6:75:c7:50:90:07:a7:22:a3:79:27:db:
                    f9:f0:04:62:77:b6:6f:72:55:4d:5c:04:9c:63:56:
                    6b:30:6b:61:fb:7d:ee:40:51:fa:47:45:2d:33:04:
                    68:d7:1c:f2:1a:bb:06:2f:20:a0:d5:61:90:86:b9:
                    23:58:58:19:5e:8d:57:90:24:34:45:ff:3a:7e:66:
                    41:18:4c:6e:c0:6e:a3:1b:43:c9:02:c5:22:71:95:
                    14:b0:4f:fe:ac:ec:51:42:61:05:cc:7f:9f:2b:42:
                    4d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:CB:59:41:4A:33:30:A9:03:56:8E:7D:7C:B3:19:B2:C8:7C:5D:A0
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/3ctZQUozMKkDVo59fLMZssh8XaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b1:d7:4d:2d:4b:0f:57:be:70:5f:29:b8:a7:dd:e4:07:3f:
         25:37:3c:70:7f:04:24:cb:76:6a:57:77:1a:05:de:dd:2e:80:
         a0:84:a4:75:47:79:39:2b:e1:3a:ae:fa:4c:74:3e:81:60:bb:
         81:12:d0:37:af:39:bc:13:56:c4:e0:5e:db:b5:c0:90:7e:24:
         89:3b:f5:83:fc:13:fd:74:96:9f:dd:f5:9e:b9:16:bd:43:52:
         85:e6:73:00:9a:32:67:c1:2c:61:96:2f:26:4b:8c:61:66:22:
         a9:51:10:c8:d4:09:b4:9d:d5:88:ca:98:c7:9b:e7:a1:00:67:
         fd:7a:eb:5b:0d:6a:89:a1:50:fe:ff:40:91:11:2f:af:05:76:
         3a:7a:b7:82:c5:6b:0d:a0:ae:56:c1:4b:b2:3e:4b:23:2c:a7:
         77:2b:13:4c:12:5e:64:ff:50:f4:ec:dd:fd:35:fa:d1:c3:c1:
         88:c4:64:5f:66:28:13:31:be:da:03:31:94:10:b9:90:4e:98:
         04:3b:36:1c:42:0f:b9:68:ea:ff:89:5f:77:78:23:f6:49:8a:
         29:eb:96:d1:49:b4:d0:74:38:71:b8:ab:1c:fa:11:9c:8f:82:
         cc:d7:52:c0:ca:bf:d6:73:55:61:81:4a:59:cd:53:dd:be:08:
         7b:0f:04:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2xWOZAoNw08YrEf2A47G5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDIxMTg0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGNiNTk0MTRhMzMzMGE5MDM1NjhlN2Q3Y2IzMTliMmM4N2M1ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybk+cA3cD4XdxXZBRQqz5d3ZrNvQ
iXFB5+wlq/Y+FB8aeHOZXbEC0ewelmPK3OLfQ2sEEkg9LlW5pctgOBocJ72LSf8e
MF5exuwxpt/BU1xcE1+L6YxdsSV0FlJAwhY26NHi6cEwfmZZ8pBR0CbxqKmu2Re3
Z73ITS9Inm3U9nhQJ8uxam5+qRpYdY3B3cVcXH2pwNiS/dLmdcdQkAenIqN5J9v5
8ARid7ZvclVNXAScY1ZrMGth+33uQFH6R0UtMwRo1xzyGrsGLyCg1WGQhrkjWFgZ
Xo1XkCQ0Rf86fmZBGExuwG6jG0PJAsUicZUUsE/+rOxRQmEFzH+fK0JNcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3LWUFKMzCpA1aOfXyzGbLIfF2gMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvM2N0WlFVb3pNS2tEVm81OWZMTVpzc2g4WGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxQMA0G
CSqGSIb3DQEBCwUAA4IBAQA2sddNLUsPV75wXym4p93kBz8lNzxwfwQky3ZqV3ca
Bd7dLoCghKR1R3k5K+E6rvpMdD6BYLuBEtA3rzm8E1bE4F7btcCQfiSJO/WD/BP9
dJaf3fWeuRa9Q1KF5nMAmjJnwSxhli8mS4xhZiKpURDI1Am0ndWIypjHm+ehAGf9
eutbDWqJoVD+/0CRES+vBXY6ereCxWsNoK5WwUuyPksjLKd3KxNMEl5k/1D07N39
NfrRw8GIxGRfZigTMb7aAzGUELmQTpgEOzYcQg+5aOr/iV93eCP2SYop65bRSbTQ
dDhxuKsc+hGcj4LM11LAyr/Wc1VhgUpZzVPdvgh7DwQb
-----END CERTIFICATE-----