Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CLxmmzY5XSgsxI8CRjjJzvpYmws.roa
File:                     CLxmmzY5XSgsxI8CRjjJzvpYmws.roa (raw, json)
Hash identifier:          KY/55fXsDwYRuaze9aKDk9CwxlXC0t+tJnvqtD5wY2g=
Subject key identifier:   08:BC:66:9B:36:39:5D:28:2C:C4:8F:02:46:38:C9:CE:FA:58:9B:0B
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DBF44224C2B79E31A588DEA91DD02F59C
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CLxmmzY5XSgsxI8CRjjJzvpYmws.roa
Signing time:             Fri 24 Apr 2026 11:33:26 +0000
ROA not before:           Fri 24 Apr 2026 11:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205987
IP address blocks:        191.44.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:44:22:4c:2b:79:e3:1a:58:8d:ea:91:dd:02:f5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 24 11:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08bc669b36395d282cc48f024638c9cefa589b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:01:98:82:6b:75:b1:ae:17:75:4c:79:ef:c4:
                    9a:ab:90:05:78:0c:1f:22:be:3d:bc:83:5e:aa:74:
                    2a:38:1c:e2:b5:61:10:eb:0e:14:8b:cc:be:27:db:
                    08:20:53:1d:40:61:78:7b:0d:5e:2a:8e:ae:68:3a:
                    7b:d0:3a:7b:8a:2c:57:1e:e0:26:29:44:8c:76:ea:
                    09:86:4c:11:61:4d:20:61:65:c7:7b:57:c5:dc:84:
                    5f:32:20:1b:0e:f4:4f:4f:d5:ce:f1:d4:dc:7d:fa:
                    41:a8:91:07:73:70:52:c0:b3:66:e5:13:dd:37:59:
                    ff:41:cd:a2:3a:cc:dd:dc:b1:a0:43:ea:63:ae:9a:
                    ac:2d:3a:9a:eb:17:c6:75:ba:7f:e8:a5:a3:a9:d7:
                    48:fc:82:3b:f1:4c:e6:ce:64:aa:76:00:45:c2:14:
                    35:6f:b4:41:63:e5:43:8e:00:c1:ae:a2:23:92:29:
                    d3:25:f1:2e:38:31:6b:bc:99:4f:8a:44:24:fc:74:
                    88:79:ad:5f:cd:ed:07:e6:42:7d:b4:03:1d:6b:96:
                    9f:97:dd:67:04:73:01:5c:c3:ec:78:cc:d5:07:24:
                    7c:26:c4:7e:b0:37:cb:f0:97:fd:c8:df:94:bd:44:
                    cb:10:d9:f4:9a:b9:8c:6c:7b:f4:0a:d4:71:5e:25:
                    a8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BC:66:9B:36:39:5D:28:2C:C4:8F:02:46:38:C9:CE:FA:58:9B:0B
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CLxmmzY5XSgsxI8CRjjJzvpYmws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:c4:ea:f2:72:48:ae:d8:83:ab:7a:14:2a:0b:ef:cb:d3:3c:
         8d:d5:2f:3c:a9:4f:d5:1a:a6:6c:ed:9c:a1:fe:2e:c9:6a:e2:
         e9:30:76:88:3a:d9:a7:c1:b7:08:bf:77:a3:59:9c:5d:04:1d:
         c1:4e:ed:44:d3:19:7c:2c:9a:c4:bf:94:5b:cd:8c:fe:1c:ed:
         92:18:f7:7c:70:a8:b7:86:9c:7d:84:74:e0:e4:6c:1f:74:da:
         c1:5b:6d:ef:18:47:bf:e2:c1:f1:7e:92:59:6f:d7:96:c0:42:
         75:26:67:e7:17:8b:5d:0c:3f:8c:e8:c5:9c:55:69:0d:0c:6d:
         fe:47:ca:86:26:e7:e1:fd:44:0d:5d:ee:df:38:b9:b9:4a:57:
         8a:4e:fa:c5:27:8c:84:95:dc:57:a3:86:c7:03:22:84:12:d5:
         d8:1e:30:71:5c:62:b3:cd:a2:1f:3c:61:60:9c:e4:2e:ae:cc:
         ae:7a:96:99:83:32:b2:92:70:05:41:69:12:85:b5:c5:50:92:
         8c:92:1e:04:42:e9:5c:c6:a2:23:4f:0c:23:78:ec:1a:74:19:
         e5:61:c4:cc:28:4e:66:3d:2d:72:4e:67:5a:c9:92:b2:0c:71:
         c8:0a:79:cc:ea:b2:0c:b0:39:7c:56:63:7c:fe:a7:fc:af:4a:
         6a:35:f8:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/RCJMK3njGliN6pHdAvWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDI0MTEzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJjNjY5YjM2Mzk1ZDI4MmNjNDhmMDI0NjM4YzljZWZhNTg5YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQGYgmt1sa4XdUx578Saq5AFeAwf
Ir49vINeqnQqOBzitWEQ6w4Ui8y+J9sIIFMdQGF4ew1eKo6uaDp70Dp7iixXHuAm
KUSMduoJhkwRYU0gYWXHe1fF3IRfMiAbDvRPT9XO8dTcffpBqJEHc3BSwLNm5RPd
N1n/Qc2iOszd3LGgQ+pjrpqsLTqa6xfGdbp/6KWjqddI/II78UzmzmSqdgBFwhQ1
b7RBY+VDjgDBrqIjkinTJfEuODFrvJlPikQk/HSIea1fze0H5kJ9tAMda5afl91n
BHMBXMPseMzVByR8JsR+sDfL8Jf9yN+UvUTLENn0mrmMbHv0CtRxXiWohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAi8Zps2OV0oLMSPAkY4yc76WJsLMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvQ0x4bW16WTVYU2dzeEk4Q1Jqakp6dnBZbXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxSMA0G
CSqGSIb3DQEBCwUAA4IBAQCJxOryckiu2IOrehQqC+/L0zyN1S88qU/VGqZs7Zyh
/i7JauLpMHaIOtmnwbcIv3ejWZxdBB3BTu1E0xl8LJrEv5RbzYz+HO2SGPd8cKi3
hpx9hHTg5GwfdNrBW23vGEe/4sHxfpJZb9eWwEJ1JmfnF4tdDD+M6MWcVWkNDG3+
R8qGJufh/UQNXe7fOLm5SleKTvrFJ4yEldxXo4bHAyKEEtXYHjBxXGKzzaIfPGFg
nOQursyuepaZgzKyknAFQWkShbXFUJKMkh4EQulcxqIjTwwjeOwadBnlYcTMKE5m
PS1yTmdayZKyDHHICnnM6rIMsDl8VmN8/qf8r0pqNfjN
-----END CERTIFICATE-----