Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CmjvQVjXtaOjlF3EqmLw4ipI_lc.roa
File:                     CmjvQVjXtaOjlF3EqmLw4ipI_lc.roa (raw, json)
Hash identifier:          6EfZvO/i/QKaYyRocEzvnL4Y1ZMOUb1nG3zI9JwNSXs=
Subject key identifier:   0A:68:EF:41:58:D7:B5:A3:A3:94:5D:C4:AA:62:F0:E2:2A:48:FE:57
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E8D27F6D144C09CCF09B578AB5197CD71
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CmjvQVjXtaOjlF3EqmLw4ipI_lc.roa
Signing time:             Wed 03 Jun 2026 11:04:27 +0000
ROA not before:           Wed 03 Jun 2026 11:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        191.44.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:27:f6:d1:44:c0:9c:cf:09:b5:78:ab:51:97:cd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Jun  3 11:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a68ef4158d7b5a3a3945dc4aa62f0e22a48fe57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:60:db:99:ec:00:be:0b:89:2f:53:4b:a2:07:
                    b7:ea:98:97:19:62:d5:98:d9:16:45:f3:f3:cd:d9:
                    41:2b:71:b3:76:75:39:d0:e8:72:d3:da:34:e8:63:
                    52:d0:bd:09:c0:d8:3f:54:00:e3:52:06:9d:9d:1e:
                    73:96:78:72:e3:1e:36:1c:17:70:41:e3:b0:dc:74:
                    10:27:97:80:64:38:3b:93:f1:5e:0c:e7:52:f2:46:
                    9a:5c:86:bb:52:76:2e:3a:f7:40:25:81:5b:03:0a:
                    52:b4:38:47:96:ae:db:81:89:37:ce:2e:0d:6a:d4:
                    9a:2b:de:2d:a1:97:f6:ee:e3:55:f2:12:51:99:e2:
                    79:47:98:0b:f4:d3:51:d1:bc:8f:6e:7a:f2:db:7e:
                    fe:e8:ca:88:a9:c9:e0:bb:64:ec:ef:90:23:60:fc:
                    2e:19:8e:30:0a:fd:17:5f:06:de:c8:ef:f9:1e:a8:
                    59:62:68:17:89:a8:fb:da:02:23:7d:a1:88:ec:14:
                    b7:ee:25:92:ac:a5:34:e9:ba:5b:00:82:d6:78:4d:
                    0f:d6:9e:f1:9b:53:e6:07:52:da:fb:9f:79:69:9d:
                    af:b4:1a:fc:0c:45:af:8d:23:f2:b9:8d:50:19:fd:
                    f7:f5:83:3f:9c:2f:77:c5:81:54:79:02:74:e6:08:
                    57:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:68:EF:41:58:D7:B5:A3:A3:94:5D:C4:AA:62:F0:E2:2A:48:FE:57
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/CmjvQVjXtaOjlF3EqmLw4ipI_lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:bb:0d:22:42:46:6d:9e:9b:29:17:e5:51:03:73:ce:4e:68:
         ed:0a:bf:0c:b2:3e:d9:43:b1:b6:f7:83:35:07:e9:d6:d6:51:
         16:37:27:82:2b:af:c6:2f:15:c7:ce:33:75:49:fa:0d:e5:5f:
         0b:17:7d:4e:c2:c7:25:17:d8:3f:03:3d:5e:de:dd:5b:c9:a1:
         33:29:11:32:ca:e3:5e:39:3b:d0:3a:90:85:b6:b3:f4:c6:6f:
         d4:60:d0:ce:86:c6:e9:e7:53:9d:1b:66:38:86:3b:dd:da:10:
         40:21:50:f6:1f:77:a7:c3:96:8d:0d:1e:4c:39:19:97:fc:b3:
         af:51:5c:3e:f8:76:43:8c:34:b6:b6:e7:69:a6:a2:79:16:f4:
         26:5d:63:a6:63:2e:ce:b1:41:59:14:dc:3a:9d:c5:46:f3:c1:
         83:6c:7e:e0:02:2e:f3:7b:33:af:cb:63:22:59:97:bf:75:26:
         15:a5:c0:b9:67:03:b8:18:2e:ea:09:6f:84:37:3c:ac:f2:b8:
         d3:28:82:b9:e5:73:23:47:bb:3b:89:bf:9c:da:e5:40:7f:3d:
         03:82:bd:c9:e2:f5:27:c6:9b:72:ce:1b:e6:f9:4f:8d:4f:2b:
         53:ca:1d:a5:8b:1b:c3:d2:9e:b7:c5:8b:03:c0:0b:b9:14:42:
         33:ad:fa:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NJ/bRRMCczwm1eKtRl81xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNjAzMTEwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY4ZWY0MTU4ZDdiNWEzYTM5NDVkYzRhYTYyZjBlMjJhNDhmZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWDbmewAvguJL1NLoge36piXGWLV
mNkWRfPzzdlBK3GzdnU50Ohy09o06GNS0L0JwNg/VADjUgadnR5zlnhy4x42HBdw
QeOw3HQQJ5eAZDg7k/FeDOdS8kaaXIa7UnYuOvdAJYFbAwpStDhHlq7bgYk3zi4N
atSaK94toZf27uNV8hJRmeJ5R5gL9NNR0byPbnry237+6MqIqcngu2Ts75AjYPwu
GY4wCv0XXwbeyO/5HqhZYmgXiaj72gIjfaGI7BS37iWSrKU06bpbAILWeE0P1p7x
m1PmB1La+595aZ2vtBr8DEWvjSPyuY1QGf339YM/nC93xYFUeQJ05ghXLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApo70FY17Wjo5RdxKpi8OIqSP5XMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvQ21qdlFWalh0YU9qbEYzRXFtTHc0aXBJX2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxhMA0G
CSqGSIb3DQEBCwUAA4IBAQBAuw0iQkZtnpspF+VRA3POTmjtCr8Msj7ZQ7G294M1
B+nW1lEWNyeCK6/GLxXHzjN1SfoN5V8LF31OwsclF9g/Az1e3t1byaEzKREyyuNe
OTvQOpCFtrP0xm/UYNDOhsbp51OdG2Y4hjvd2hBAIVD2H3enw5aNDR5MORmX/LOv
UVw++HZDjDS2tudppqJ5FvQmXWOmYy7OsUFZFNw6ncVG88GDbH7gAi7zezOvy2Mi
WZe/dSYVpcC5ZwO4GC7qCW+ENzys8rjTKIK55XMjR7s7ib+c2uVAfz0Dgr3J4vUn
xptyzhvm+U+NTytTyh2lixvD0p63xYsDwAu5FEIzrfqY
-----END CERTIFICATE-----