Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Hov7V6hVEmjU5ndiGUSv_Rn_SAU.roa
File:                     Hov7V6hVEmjU5ndiGUSv_Rn_SAU.roa (raw, json)
Hash identifier:          uVN/2DfNKjtZgXNjK/TPWRA/QSvv58WdyhUkL8zDXMg=
Subject key identifier:   1E:8B:FB:57:A8:55:12:68:D4:E6:77:62:19:44:AF:FD:19:FF:48:05
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E5054D32EE8BECFB9EBD41E820DAFDCF0
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Hov7V6hVEmjU5ndiGUSv_Rn_SAU.roa
Signing time:             Fri 22 May 2026 15:36:36 +0000
ROA not before:           Fri 22 May 2026 15:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401881
IP address blocks:        191.44.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:54:d3:2e:e8:be:cf:b9:eb:d4:1e:82:0d:af:dc:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 22 15:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e8bfb57a8551268d4e677621944affd19ff4805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:48:3f:48:f9:af:e3:e0:b6:bd:e0:55:c7:f6:
                    75:f8:1d:4d:60:9c:1e:39:b4:7e:fb:33:8a:ba:35:
                    59:bb:cf:c9:69:27:ea:5e:eb:a7:89:b7:b4:28:14:
                    a6:ee:18:c3:a1:88:ed:43:ea:b6:14:03:d3:fe:56:
                    f5:6a:5d:76:e7:62:f9:3e:2b:84:0b:0b:87:0f:9c:
                    a1:9d:15:0a:ff:b0:64:30:d6:92:2b:fe:cd:6a:35:
                    b9:18:c0:b0:b5:40:2e:5e:ad:0a:73:c7:85:a3:36:
                    9d:fe:d5:cd:c5:85:7f:99:67:d6:99:cf:fb:4e:3f:
                    84:33:aa:18:d3:6d:da:eb:ac:b0:9c:9a:f3:82:96:
                    25:4b:b0:04:be:02:2f:2a:7b:0c:38:97:f4:bd:a8:
                    40:d1:75:3a:7e:c7:48:7b:d0:02:ce:23:ef:19:78:
                    03:19:f3:35:87:ad:15:90:77:dd:83:eb:ea:f1:08:
                    8a:3b:f6:ee:7e:e2:d1:b4:1d:11:0e:24:99:3a:94:
                    a1:e6:e6:5b:5b:79:bd:56:8d:ab:df:23:74:2f:b5:
                    72:3b:d9:eb:be:52:a8:60:21:89:3a:d0:3d:3c:76:
                    b7:d2:6c:7d:91:60:3e:e1:87:a4:25:c1:20:7d:3e:
                    0f:f5:4c:34:e3:f1:1b:5c:e0:40:de:e7:d1:fe:2a:
                    04:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8B:FB:57:A8:55:12:68:D4:E6:77:62:19:44:AF:FD:19:FF:48:05
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Hov7V6hVEmjU5ndiGUSv_Rn_SAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:8b:49:4f:98:61:17:ef:54:da:6c:03:f8:5f:4f:c8:e3:6f:
         e2:c0:1d:bf:04:bd:c5:f3:46:ea:c4:0e:37:45:6a:b3:a0:72:
         1c:f2:8e:b9:bd:52:b6:38:33:0f:fe:36:4d:77:30:d8:39:54:
         8f:2d:81:77:cf:38:ab:bd:15:e4:2f:aa:a1:b4:49:ff:00:a7:
         32:b6:79:23:8b:62:b6:96:8b:59:ff:a5:11:a3:cc:a8:9b:23:
         c8:a8:9d:f5:b8:54:41:b6:17:99:31:96:6d:ba:3f:df:36:50:
         78:2c:17:6f:8c:a8:c5:33:e4:0a:13:d9:27:76:a6:de:74:0d:
         ce:8e:8a:0f:ec:38:2c:7c:c3:c2:80:74:95:fc:32:52:d1:c9:
         28:96:6a:79:8e:6e:6b:5f:0c:62:8f:61:9e:19:06:86:d6:04:
         9b:15:82:cc:68:79:7e:16:37:1a:6f:8b:0d:da:1a:f4:df:ad:
         05:ab:25:cd:28:60:0f:95:69:38:dc:c1:25:9c:51:44:15:ce:
         9a:10:0b:ac:c6:80:cb:57:11:eb:e4:31:e1:58:e6:80:b9:22:
         86:67:84:bd:19:b2:6a:3b:d9:0b:6f:fe:85:92:75:41:f4:63:
         14:34:8d:01:c7:c3:0b:c9:6b:e9:d9:13:28:23:c9:57:d0:40:
         7e:b8:cc:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5QVNMu6L7PuevUHoINr9zwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTIyMTUzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThiZmI1N2E4NTUxMjY4ZDRlNjc3NjIxOTQ0YWZmZDE5ZmY0ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Eg/SPmv4+C2veBVx/Z1+B1NYJwe
ObR++zOKujVZu8/JaSfqXuunibe0KBSm7hjDoYjtQ+q2FAPT/lb1al1252L5PiuE
CwuHD5yhnRUK/7BkMNaSK/7NajW5GMCwtUAuXq0Kc8eFozad/tXNxYV/mWfWmc/7
Tj+EM6oY023a66ywnJrzgpYlS7AEvgIvKnsMOJf0vahA0XU6fsdIe9ACziPvGXgD
GfM1h60VkHfdg+vq8QiKO/bufuLRtB0RDiSZOpSh5uZbW3m9Vo2r3yN0L7VyO9nr
vlKoYCGJOtA9PHa30mx9kWA+4YekJcEgfT4P9Uw04/EbXOBA3ufR/ioEeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6L+1eoVRJo1OZ3YhlEr/0Z/0gFMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvSG92N1Y2aFZFbWpVNW5kaUdVU3ZfUm5fU0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxQMA0G
CSqGSIb3DQEBCwUAA4IBAQAHi0lPmGEX71TabAP4X0/I42/iwB2/BL3F80bqxA43
RWqzoHIc8o65vVK2ODMP/jZNdzDYOVSPLYF3zzirvRXkL6qhtEn/AKcytnkji2K2
lotZ/6URo8yomyPIqJ31uFRBtheZMZZtuj/fNlB4LBdvjKjFM+QKE9kndqbedA3O
jooP7DgsfMPCgHSV/DJS0ckolmp5jm5rXwxij2GeGQaG1gSbFYLMaHl+Fjcab4sN
2hr0360FqyXNKGAPlWk43MElnFFEFc6aEAusxoDLVxHr5DHhWOaAuSKGZ4S9GbJq
O9kLb/6FknVB9GMUNI0Bx8MLyWvp2RMoI8lX0EB+uMx0
-----END CERTIFICATE-----