Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/9bJfCaU9jjcbgwkv3514HV6a3t0.roa
File:                     9bJfCaU9jjcbgwkv3514HV6a3t0.roa (raw, json)
Hash identifier:          Iu6zKu3vexFGwK/OJ83RH5QR5u7MhPbyO8svvIWVbHU=
Subject key identifier:   F5:B2:5F:09:A5:3D:8E:37:1B:83:09:2F:DF:9D:78:1D:5E:9A:DE:DD
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E934BABBEA98196CBD5940122489EE2C3
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/9bJfCaU9jjcbgwkv3514HV6a3t0.roa
Signing time:             Thu 04 Jun 2026 15:41:10 +0000
ROA not before:           Thu 04 Jun 2026 15:41:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215133
IP address blocks:        191.44.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:4b:ab:be:a9:81:96:cb:d5:94:01:22:48:9e:e2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Jun  4 15:41:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5b25f09a53d8e371b83092fdf9d781d5e9adedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:7d:fa:ec:fd:fb:84:6e:52:3f:db:78:38:
                    74:36:c9:0b:3e:88:e3:b2:82:ba:e9:57:d1:da:a0:
                    b9:ac:a2:24:78:9f:df:6e:fb:7b:a7:64:02:51:ad:
                    d9:d2:c3:be:48:d3:5d:d2:44:ca:cb:7a:b4:13:4c:
                    08:12:bd:b9:20:9f:78:31:bc:38:ef:4e:25:43:93:
                    c4:1d:0e:4e:92:25:d5:38:84:bc:63:08:5d:17:50:
                    f0:45:87:6f:0e:57:54:36:cc:3b:5e:90:02:50:d8:
                    08:bb:f5:7a:47:50:c3:e9:bb:57:bc:89:a5:4f:e0:
                    8a:9f:cf:d5:b5:bf:46:d8:86:b5:5e:45:75:8c:02:
                    90:23:20:f1:3c:82:5f:8b:e3:3f:4d:5a:81:47:7d:
                    f7:25:04:dd:15:b3:c7:df:ff:32:c9:a8:ea:fb:e5:
                    be:ce:27:9f:ba:e0:3a:50:9a:d7:72:ab:3a:b0:4e:
                    7a:81:fa:2d:7d:87:a2:78:28:d8:bc:6e:67:0c:9f:
                    0a:bb:2d:3b:d0:45:c4:e4:b9:c1:3b:8a:b8:3e:e8:
                    3f:39:41:74:a3:b7:0a:16:cf:47:1a:f2:7a:af:46:
                    e7:0f:7d:b7:29:31:25:7e:6d:08:36:b0:0f:bb:5f:
                    b9:e6:bc:9e:1d:10:7c:56:d1:f2:c6:30:b2:1d:e6:
                    a4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B2:5F:09:A5:3D:8E:37:1B:83:09:2F:DF:9D:78:1D:5E:9A:DE:DD
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/9bJfCaU9jjcbgwkv3514HV6a3t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:8a:ea:6d:49:7e:b2:d6:30:51:f5:7e:3b:79:05:e0:b1:28:
         f6:e4:24:96:b8:3c:1a:45:c7:08:45:77:f6:21:12:3e:c2:2f:
         b4:ec:95:dc:93:af:73:99:66:ef:b6:e1:2d:e3:fd:b3:50:9c:
         a6:a6:e1:78:29:2c:8d:69:8f:f9:0c:b2:97:7f:31:51:6e:f6:
         fa:f5:dd:89:bc:73:bf:86:5c:7f:3b:23:71:1e:30:17:2d:ca:
         73:14:04:73:29:9e:bb:82:31:34:00:f0:90:df:9d:de:28:33:
         ba:13:47:9d:55:5d:27:34:99:d5:6b:4e:fd:ce:67:db:82:71:
         c6:bd:f2:91:ad:2b:be:8a:1a:3c:b5:8e:b5:bd:65:6b:16:b0:
         eb:c6:dd:11:6d:a2:d8:8e:42:df:9a:77:04:f8:cf:ac:49:34:
         f2:82:19:b8:5c:85:f6:71:59:c4:87:7e:cc:85:fc:69:d3:d2:
         31:b8:68:e7:46:34:56:f8:82:e0:e7:eb:7b:02:7e:27:ca:3f:
         37:22:45:b6:86:cd:b6:91:53:41:f3:94:ab:07:8b:a8:69:f2:
         d6:37:a8:6d:81:5b:3a:d1:57:82:4e:77:ef:3f:ab:24:84:ef:
         33:61:d4:07:0c:fe:28:e8:7b:47:63:32:fa:a9:b1:0a:99:61:
         fb:53:03:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6TS6u+qYGWy9WUASJInuLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNjA0MTU0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWIyNWYwOWE1M2Q4ZTM3MWI4MzA5MmZkZjlkNzgxZDVlOWFkZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9d9+uz9+4RuUj/beDh0NskLPojj
soK66VfR2qC5rKIkeJ/fbvt7p2QCUa3Z0sO+SNNd0kTKy3q0E0wIEr25IJ94Mbw4
704lQ5PEHQ5OkiXVOIS8YwhdF1DwRYdvDldUNsw7XpACUNgIu/V6R1DD6btXvIml
T+CKn8/Vtb9G2Ia1XkV1jAKQIyDxPIJfi+M/TVqBR333JQTdFbPH3/8yyajq++W+
ziefuuA6UJrXcqs6sE56gfotfYeieCjYvG5nDJ8Kuy070EXE5LnBO4q4Pug/OUF0
o7cKFs9HGvJ6r0bnD323KTElfm0INrAPu1+55ryeHRB8VtHyxjCyHeak/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWyXwmlPY43G4MJL9+deB1emt7dMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvOWJKZkNhVTlqamNiZ3drdjM1MTRIVjZhM3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxBMA0G
CSqGSIb3DQEBCwUAA4IBAQA/iuptSX6y1jBR9X47eQXgsSj25CSWuDwaRccIRXf2
IRI+wi+07JXck69zmWbvtuEt4/2zUJympuF4KSyNaY/5DLKXfzFRbvb69d2JvHO/
hlx/OyNxHjAXLcpzFARzKZ67gjE0APCQ353eKDO6E0edVV0nNJnVa079zmfbgnHG
vfKRrSu+iho8tY61vWVrFrDrxt0RbaLYjkLfmncE+M+sSTTyghm4XIX2cVnEh37M
hfxp09IxuGjnRjRW+ILg5+t7An4nyj83IkW2hs22kVNB85SrB4uoafLWN6htgVs6
0VeCTnfvP6skhO8zYdQHDP4o6HtHYzL6qbEKmWH7UwOr
-----END CERTIFICATE-----