Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/IRK7I1amzHidRVxJZDigDz1Gkp8.roa
File:                     IRK7I1amzHidRVxJZDigDz1Gkp8.roa (raw, json)
Hash identifier:          ePGXanE4zQTDq+4595u/jPY6c29fMe4Mj77oOpq/dPU=
Subject key identifier:   21:12:BB:23:56:A6:CC:78:9D:45:5C:49:64:38:A0:0F:3D:46:92:9F
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E6E55385A6AFBBD3B72CD215681672A50
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/IRK7I1amzHidRVxJZDigDz1Gkp8.roa
Signing time:             Thu 28 May 2026 11:25:39 +0000
ROA not before:           Thu 28 May 2026 11:25:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197256
IP address blocks:        191.44.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:55:38:5a:6a:fb:bd:3b:72:cd:21:56:81:67:2a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 28 11:25:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2112bb2356a6cc789d455c496438a00f3d46929f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:65:0f:42:e3:84:88:9f:c7:72:19:5c:4f:e8:
                    f5:8d:a0:ea:f1:ad:9f:ed:cd:6c:17:df:4b:41:98:
                    0a:9e:9a:de:10:e9:32:cc:73:01:a3:9f:46:11:3c:
                    fa:8a:19:cc:70:11:d5:fd:ef:61:ea:4f:34:96:43:
                    e4:03:fe:df:c8:0d:83:46:2e:90:6e:6e:08:42:2d:
                    a0:41:96:d2:09:8a:19:69:6c:7f:f0:4c:1c:22:6a:
                    4a:62:57:6d:9e:1b:54:36:29:d9:ab:aa:05:9f:f4:
                    0a:91:43:51:02:40:18:a8:75:f8:bb:df:07:0d:16:
                    cc:42:60:1e:d8:bb:e0:32:8b:26:62:49:65:6e:90:
                    b7:c7:f7:af:15:f5:c3:8e:c2:b9:1b:53:5f:9e:38:
                    25:a6:93:09:a4:c0:9e:c6:bc:9b:5e:76:f9:68:65:
                    5a:79:24:4f:22:0f:98:36:1b:37:3c:18:27:e5:56:
                    40:13:90:fd:a1:39:a4:26:b7:b9:72:51:66:80:e1:
                    af:74:3b:45:85:d8:a7:50:ad:c1:61:21:8f:7e:79:
                    59:0f:77:d7:80:a3:40:93:44:8e:0e:08:78:b0:7f:
                    81:25:57:23:5b:4f:b5:dd:20:19:1b:e9:48:9e:90:
                    0e:60:c6:71:02:cb:56:fb:72:93:00:95:fb:79:48:
                    19:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:12:BB:23:56:A6:CC:78:9D:45:5C:49:64:38:A0:0F:3D:46:92:9F
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/IRK7I1amzHidRVxJZDigDz1Gkp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:49:37:d3:56:da:1a:db:18:16:46:c1:3d:d4:72:7a:22:fc:
         98:b6:76:4c:12:1c:a0:11:08:94:e9:da:93:cc:08:a5:43:59:
         0a:41:08:48:f0:2d:6e:0e:d7:28:37:a6:42:73:6b:84:37:5c:
         c9:02:d9:49:50:df:31:8a:e1:2f:7e:0d:d2:e2:25:aa:af:85:
         d4:64:0e:ad:b9:83:02:ee:1f:1f:87:a7:72:55:d9:6c:d2:24:
         27:1a:ab:10:a6:69:1f:12:40:cf:5d:ca:de:77:de:94:15:a7:
         d6:a9:35:b9:ac:f8:5d:b3:df:3d:02:db:00:ae:de:cc:0e:43:
         d3:ea:f1:14:c6:e9:6a:01:2e:cb:88:cf:03:a2:97:18:29:37:
         0a:a9:49:f9:01:f1:75:6b:81:f4:63:72:32:1c:e0:a3:56:53:
         24:cb:5d:7f:2f:76:f2:36:31:9a:fe:c8:77:65:6d:bd:34:8e:
         52:4d:00:bc:24:a9:e3:2a:9f:9b:11:be:5b:ed:55:1a:4c:dc:
         b4:b1:24:c9:43:07:e7:12:b5:cb:1c:48:fd:48:73:0e:ba:f5:
         d7:f9:b5:76:62:c2:53:58:1b:73:a8:51:f5:6a:8f:43:c8:24:
         17:99:31:0e:f7:06:c0:dc:7b:46:f9:aa:9a:0b:af:1f:da:47:
         4f:63:70:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5uVThaavu9O3LNIVaBZypQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTI4MTEyNTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTEyYmIyMzU2YTZjYzc4OWQ0NTVjNDk2NDM4YTAwZjNkNDY5MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGUPQuOEiJ/HchlcT+j1jaDq8a2f
7c1sF99LQZgKnpreEOkyzHMBo59GETz6ihnMcBHV/e9h6k80lkPkA/7fyA2DRi6Q
bm4IQi2gQZbSCYoZaWx/8EwcImpKYldtnhtUNinZq6oFn/QKkUNRAkAYqHX4u98H
DRbMQmAe2LvgMosmYkllbpC3x/evFfXDjsK5G1NfnjglppMJpMCexrybXnb5aGVa
eSRPIg+YNhs3PBgn5VZAE5D9oTmkJre5clFmgOGvdDtFhdinUK3BYSGPfnlZD3fX
gKNAk0SODgh4sH+BJVcjW0+13SAZG+lInpAOYMZxAstW+3KTAJX7eUgZRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCESuyNWpsx4nUVcSWQ4oA89RpKfMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvSVJLN0kxYW16SGlkUlZ4SlpEaWdEejFHa3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxdMA0G
CSqGSIb3DQEBCwUAA4IBAQB7STfTVtoa2xgWRsE91HJ6IvyYtnZMEhygEQiU6dqT
zAilQ1kKQQhI8C1uDtcoN6ZCc2uEN1zJAtlJUN8xiuEvfg3S4iWqr4XUZA6tuYMC
7h8fh6dyVdls0iQnGqsQpmkfEkDPXcred96UFafWqTW5rPhds989AtsArt7MDkPT
6vEUxulqAS7LiM8DopcYKTcKqUn5AfF1a4H0Y3IyHOCjVlMky11/L3byNjGa/sh3
ZW29NI5STQC8JKnjKp+bEb5b7VUaTNy0sSTJQwfnErXLHEj9SHMOuvXX+bV2YsJT
WBtzqFH1ao9DyCQXmTEO9wbA3HtG+aqaC68f2kdPY3DN
-----END CERTIFICATE-----