Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/ME6IpY0e6is0iL7jrzO8oaY85Rw.roa
File:                     ME6IpY0e6is0iL7jrzO8oaY85Rw.roa (raw, json)
Hash identifier:          rAekRKCmN/5lCziqs3wus7Ac161OgYY0VDQ691q63tQ=
Subject key identifier:   30:4E:88:A5:8D:1E:EA:2B:34:88:BE:E3:AF:33:BC:A1:A6:3C:E5:1C
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DBFE0B02AC771714A3B74F33DC09ECDCC
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/ME6IpY0e6is0iL7jrzO8oaY85Rw.roa
Signing time:             Fri 24 Apr 2026 14:24:26 +0000
ROA not before:           Fri 24 Apr 2026 14:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207158
IP address blocks:        191.44.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:e0:b0:2a:c7:71:71:4a:3b:74:f3:3d:c0:9e:cd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 24 14:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=304e88a58d1eea2b3488bee3af33bca1a63ce51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a7:6f:0b:3d:94:f9:2d:73:fa:2e:78:c2:db:
                    26:b0:d7:4a:09:3c:2d:7e:2c:c2:d6:58:5e:67:6c:
                    70:91:cd:18:f0:16:eb:ff:3c:41:f4:01:c5:0d:55:
                    81:be:22:bc:37:a9:e5:8f:88:29:8b:65:b4:37:47:
                    f3:3b:2e:51:43:75:bc:df:d7:f3:e8:09:27:58:a6:
                    a4:05:b1:39:1b:43:42:df:a2:3b:30:e4:c9:4e:3f:
                    34:f8:1a:80:e3:e9:ea:15:a1:1d:9a:d2:1b:92:e7:
                    0a:2f:61:40:7d:56:5f:24:21:76:7a:48:0b:09:b8:
                    68:16:31:b3:31:9e:b7:ec:c3:c3:32:29:1f:7b:12:
                    85:89:b8:62:eb:e1:c9:f1:62:d1:79:c9:5e:ae:cf:
                    86:61:34:9a:43:0d:2f:41:ab:5c:5a:61:d9:53:31:
                    b7:77:96:fa:f2:8f:8a:57:9e:cf:01:b5:c2:8a:e8:
                    d4:30:c4:53:fe:fe:d8:4c:9a:7b:23:98:07:90:65:
                    bf:89:fb:bb:7b:74:f2:8a:f3:53:0a:4e:71:d8:9b:
                    d4:99:fd:54:2a:d9:fe:13:ca:26:63:59:0f:1d:f5:
                    3b:0a:fb:3a:8a:a9:4c:db:b8:18:c8:f8:ab:ce:db:
                    38:26:60:b6:96:c8:74:91:fa:8d:92:19:28:f5:0c:
                    29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4E:88:A5:8D:1E:EA:2B:34:88:BE:E3:AF:33:BC:A1:A6:3C:E5:1C
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/ME6IpY0e6is0iL7jrzO8oaY85Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:5c:3d:3b:56:94:2f:15:68:29:16:f0:c1:27:1b:49:bb:9e:
         03:4d:4f:ae:2b:3e:7a:b2:ee:1d:d7:9b:6b:83:e4:c8:95:3a:
         77:06:6f:4c:07:26:c5:2c:5a:ab:d5:88:7e:bf:37:6d:4f:1e:
         ae:00:5c:64:ce:20:bd:7b:48:61:f4:37:ef:44:e2:ee:9f:71:
         0b:c1:94:df:4d:a8:90:8f:23:33:73:ab:df:36:96:e7:35:06:
         70:56:20:71:d4:5a:c0:dc:d5:d1:ac:a7:9a:ec:29:1d:bc:a4:
         bd:8f:e8:fe:29:1c:3e:3f:d1:f2:5a:8c:ec:4f:9b:29:8f:e8:
         c2:1e:03:98:a0:c7:b8:05:63:8c:58:23:c5:3f:3e:98:01:0c:
         4d:a5:cc:c5:72:ba:4c:6b:40:71:ab:09:15:60:29:c3:fc:74:
         3e:f9:eb:b8:8c:1f:4c:9b:39:69:c4:73:39:78:df:a7:93:fa:
         ea:60:b9:0f:21:e9:a1:ca:c1:5d:89:4d:5c:9a:24:70:61:2a:
         05:07:78:fa:86:d4:ab:69:56:78:37:69:f7:63:f6:51:15:72:
         90:48:f3:f3:23:1e:08:33:cc:5a:10:85:f3:87:cd:e1:6f:d8:
         63:c6:a7:79:c2:4c:d3:a9:55:dc:73:99:36:6b:ad:fa:9b:18:
         02:f3:48:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/4LAqx3FxSjt08z3Ans3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDI0MTQyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRlODhhNThkMWVlYTJiMzQ4OGJlZTNhZjMzYmNhMWE2M2NlNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqadvCz2U+S1z+i54wtsmsNdKCTwt
fizC1lheZ2xwkc0Y8Bbr/zxB9AHFDVWBviK8N6nlj4gpi2W0N0fzOy5RQ3W839fz
6AknWKakBbE5G0NC36I7MOTJTj80+BqA4+nqFaEdmtIbkucKL2FAfVZfJCF2ekgL
CbhoFjGzMZ637MPDMikfexKFibhi6+HJ8WLReclers+GYTSaQw0vQatcWmHZUzG3
d5b68o+KV57PAbXCiujUMMRT/v7YTJp7I5gHkGW/ifu7e3TyivNTCk5x2JvUmf1U
Ktn+E8omY1kPHfU7Cvs6iqlM27gYyPirzts4JmC2lsh0kfqNkhko9Qwp0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBOiKWNHuorNIi+468zvKGmPOUcMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvTUU2SXBZMGU2aXMwaUw3anJ6TzhvYVk4NVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCvXD07VpQvFWgpFvDBJxtJu54DTU+uKz56su4d15tr
g+TIlTp3Bm9MBybFLFqr1Yh+vzdtTx6uAFxkziC9e0hh9DfvROLun3ELwZTfTaiQ
jyMzc6vfNpbnNQZwViBx1FrA3NXRrKea7CkdvKS9j+j+KRw+P9HyWozsT5spj+jC
HgOYoMe4BWOMWCPFPz6YAQxNpczFcrpMa0BxqwkVYCnD/HQ++eu4jB9MmzlpxHM5
eN+nk/rqYLkPIemhysFdiU1cmiRwYSoFB3j6htSraVZ4N2n3Y/ZRFXKQSPPzIx4I
M8xaEIXzh83hb9hjxqd5wkzTqVXcc5k2a636mxgC80gK
-----END CERTIFICATE-----