Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/5K8ok207PvC5p786MjVAljnosd0.roa
File:                     5K8ok207PvC5p786MjVAljnosd0.roa (raw, json)
Hash identifier:          nJalIRGjF6v3f50vQemTpioud2dpZHABU6LXzGwHaPU=
Subject key identifier:   E4:AF:28:93:6D:3B:3E:F0:B9:A7:BF:3A:32:35:40:96:39:E8:B1:DD
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E5054D2F006DFD6BFD5661FF12941B8B5
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/5K8ok207PvC5p786MjVAljnosd0.roa
Signing time:             Fri 22 May 2026 15:36:36 +0000
ROA not before:           Fri 22 May 2026 15:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        191.44.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:54:d2:f0:06:df:d6:bf:d5:66:1f:f1:29:41:b8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 22 15:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4af28936d3b3ef0b9a7bf3a3235409639e8b1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ca:9b:3e:9e:0e:4d:74:53:eb:28:8a:f1:6d:
                    09:b9:5c:da:10:7f:a6:84:50:cb:b3:c6:86:71:bc:
                    eb:9b:c8:f3:ed:25:a3:9d:22:94:67:81:1d:c4:3c:
                    87:98:2d:da:ed:19:f4:0d:f3:6f:cf:11:6e:5f:42:
                    3d:bf:b2:ad:2e:a4:a4:99:0e:85:9e:2c:c9:14:f4:
                    06:07:d9:c0:ca:b6:8f:9d:f4:c5:33:25:2d:5c:4b:
                    aa:3b:c3:dd:8d:3c:0c:3a:66:ab:c9:31:4e:ae:e5:
                    42:87:97:bf:ed:ac:50:21:63:91:5d:a2:14:cc:f8:
                    6b:cc:1b:26:c2:a1:c8:23:cc:f9:c5:37:24:ef:3d:
                    13:5d:bb:06:0d:ae:57:2b:d3:6d:09:e2:a1:4c:7a:
                    2e:2d:0c:f4:80:da:8c:fe:8c:6e:8a:37:70:14:7d:
                    66:9e:83:84:59:a6:3c:e7:15:a1:ef:fc:de:b9:d6:
                    35:5e:06:d2:08:b6:fd:1b:1e:f2:52:ef:e4:bd:f1:
                    46:50:21:80:18:8b:69:e4:96:86:42:7a:be:69:53:
                    39:58:db:09:c5:2d:11:88:41:61:5e:a6:c5:c7:5c:
                    87:18:0f:0c:ba:a6:1e:1b:09:3c:24:02:11:24:dc:
                    0c:12:7b:de:ed:49:cb:71:cb:68:a6:24:9f:00:c9:
                    c2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:AF:28:93:6D:3B:3E:F0:B9:A7:BF:3A:32:35:40:96:39:E8:B1:DD
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/5K8ok207PvC5p786MjVAljnosd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:a5:70:01:75:f6:b9:c4:74:55:07:2e:52:65:22:d8:a4:33:
         27:97:f2:3d:94:31:ef:93:54:2a:15:ad:63:87:6c:f9:d5:45:
         2a:4a:e8:2b:f3:21:1f:d4:f8:fc:fe:96:31:f4:f1:5a:53:bd:
         7b:79:4e:7a:e3:ff:4a:3d:1e:96:6a:07:42:20:36:88:52:74:
         b9:4b:98:c7:78:10:68:46:36:98:03:b4:f1:04:c7:9e:d3:da:
         f6:49:56:45:6e:2c:0e:1b:1d:80:31:90:75:48:bf:1d:a9:32:
         98:a3:08:53:a9:53:7b:9c:16:1c:c1:0c:d1:bf:4d:82:db:39:
         7c:6c:13:28:6c:5e:50:51:85:4e:d6:b9:55:42:6c:47:ca:67:
         18:6b:f6:8c:12:1a:43:75:06:c5:54:f0:c5:b0:ae:21:03:2e:
         71:02:fe:b1:ee:a4:4d:74:45:70:cb:55:2c:78:30:5c:3b:37:
         9b:af:4c:d0:1d:76:7d:d2:28:06:63:a3:26:49:61:5b:03:a5:
         5e:b9:a9:2b:29:d1:a9:79:89:8a:6d:fd:ee:2b:1c:36:52:fc:
         5e:f3:72:50:a0:1d:f5:80:ed:2e:d3:e9:18:5a:2b:58:a3:b6:
         b9:8f:28:c4:b0:f6:c0:37:49:22:b3:8f:81:44:a4:09:b4:56:
         bc:92:71:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5QVNLwBt/Wv9VmH/EpQbi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTIyMTUzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGFmMjg5MzZkM2IzZWYwYjlhN2JmM2EzMjM1NDA5NjM5ZThiMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8qbPp4OTXRT6yiK8W0JuVzaEH+m
hFDLs8aGcbzrm8jz7SWjnSKUZ4EdxDyHmC3a7Rn0DfNvzxFuX0I9v7KtLqSkmQ6F
nizJFPQGB9nAyraPnfTFMyUtXEuqO8PdjTwMOmaryTFOruVCh5e/7axQIWORXaIU
zPhrzBsmwqHII8z5xTck7z0TXbsGDa5XK9NtCeKhTHouLQz0gNqM/oxuijdwFH1m
noOEWaY85xWh7/zeudY1XgbSCLb9Gx7yUu/kvfFGUCGAGItp5JaGQnq+aVM5WNsJ
xS0RiEFhXqbFx1yHGA8MuqYeGwk8JAIRJNwMEnve7UnLcctopiSfAMnCDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSvKJNtOz7wuae/OjI1QJY56LHdMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvNUs4b2syMDdQdkM1cDc4Nk1qVkFsam5vc2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxQMA0G
CSqGSIb3DQEBCwUAA4IBAQC/pXABdfa5xHRVBy5SZSLYpDMnl/I9lDHvk1QqFa1j
h2z51UUqSugr8yEf1Pj8/pYx9PFaU717eU564/9KPR6WagdCIDaIUnS5S5jHeBBo
RjaYA7TxBMee09r2SVZFbiwOGx2AMZB1SL8dqTKYowhTqVN7nBYcwQzRv02C2zl8
bBMobF5QUYVO1rlVQmxHymcYa/aMEhpDdQbFVPDFsK4hAy5xAv6x7qRNdEVwy1Us
eDBcOzebr0zQHXZ90igGY6MmSWFbA6VeuakrKdGpeYmKbf3uKxw2Uvxe83JQoB31
gO0u0+kYWitYo7a5jyjEsPbAN0kis4+BRKQJtFa8knGb
-----END CERTIFICATE-----