Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Qq56FaCGU2IzplgSaj-xYpdHx3g.roa
File:                     Qq56FaCGU2IzplgSaj-xYpdHx3g.roa (raw, json)
Hash identifier:          wz8dI35s4/dwIMjdXNsVkJaK1oAp+agECI61HaKZ3Dk=
Subject key identifier:   42:AE:7A:15:A0:86:53:62:33:A6:58:12:6A:3F:B1:62:97:47:C7:78
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E4C38E24AF2F1FED68075426054E296FF
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Qq56FaCGU2IzplgSaj-xYpdHx3g.roa
Signing time:             Thu 21 May 2026 20:27:36 +0000
ROA not before:           Thu 21 May 2026 20:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198550
IP address blocks:        191.44.108.0/23 maxlen: 23
                          191.44.112.0/24 maxlen: 24
                          191.44.113.0/24 maxlen: 24
                          191.44.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4c:38:e2:4a:f2:f1:fe:d6:80:75:42:60:54:e2:96:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 21 20:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42ae7a15a086536233a658126a3fb1629747c778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:87:db:d3:87:bb:10:62:fb:ea:62:0a:a6:a0:
                    54:da:74:33:8c:e7:c1:d9:35:90:2e:5c:36:ac:6b:
                    9e:d8:31:8d:c5:97:99:06:91:a5:cf:3c:60:ca:74:
                    5a:d1:06:08:9e:e0:c8:02:c3:6e:fa:59:5d:14:89:
                    20:61:24:0d:92:d9:43:98:31:3b:9d:28:ca:20:a5:
                    04:fa:4e:c5:d2:e3:ed:1c:58:92:b9:69:30:26:f2:
                    5d:89:9c:bc:3a:d6:d8:f2:27:35:f5:29:23:01:79:
                    7a:92:72:da:8f:15:48:e6:22:23:ac:b4:bc:b6:da:
                    0c:38:3a:26:10:98:0f:b2:9c:4b:d2:fb:0e:70:45:
                    02:9f:f9:9a:4a:54:8b:43:63:2f:fd:ba:44:1d:8e:
                    18:d8:64:03:50:8e:e8:1e:df:75:f4:b0:e7:2b:e6:
                    63:65:e3:80:ce:f1:24:75:e3:a0:19:d8:fb:7c:be:
                    ab:a6:a1:76:43:55:55:32:bb:e3:5f:85:c6:8c:9f:
                    2f:c1:82:cf:85:2f:97:57:99:c2:70:71:2a:2a:f1:
                    d6:c2:2e:d8:ca:69:f9:19:d9:f9:1c:31:45:b8:a4:
                    c9:ec:2f:c2:01:c2:c0:a8:3f:1e:76:bd:2c:12:96:
                    ce:7d:85:ca:11:cb:38:7b:cf:7e:e4:4e:d8:bd:cf:
                    d8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:AE:7A:15:A0:86:53:62:33:A6:58:12:6A:3F:B1:62:97:47:C7:78
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/Qq56FaCGU2IzplgSaj-xYpdHx3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.108.0/23
                  191.44.112.0-191.44.114.255

    Signature Algorithm: sha256WithRSAEncryption
         82:96:c4:dd:74:b0:4f:2e:01:ad:42:9c:91:02:2e:1f:ad:5d:
         78:ad:01:e7:b6:56:1e:93:78:58:54:ca:10:9d:6f:df:4f:d7:
         50:d8:89:26:d9:ea:52:86:85:0c:3e:27:a0:a2:56:57:72:a1:
         41:97:2b:67:54:92:94:e4:c1:a6:19:da:aa:61:6d:f9:ba:5d:
         8f:7f:12:97:8c:d8:69:2d:51:15:30:4e:61:ed:7c:3e:4f:52:
         02:c5:af:1d:f6:52:72:e0:20:87:de:d7:57:be:80:19:95:a8:
         68:9d:63:5a:f5:48:1f:87:41:92:b5:84:88:e8:11:b2:ab:0f:
         f5:30:63:fd:a9:9d:97:7c:be:89:08:8b:27:65:7b:15:11:20:
         ea:02:9e:f1:67:76:0c:f0:b4:8d:69:1a:38:0d:1a:16:c5:c4:
         b7:cc:00:24:f0:98:23:ad:09:06:49:cf:ca:8f:22:b0:45:da:
         98:fc:82:30:86:c5:dc:11:b3:22:e9:24:00:1f:0f:5c:fb:4e:
         67:62:5f:cd:ef:3d:bc:d4:27:db:29:aa:e1:95:f7:69:9b:d9:
         c6:b2:01:80:6f:83:6c:58:de:12:ca:c0:f3:0b:43:9e:ce:c9:
         37:f7:9f:e0:5b:46:da:27:f6:9d:7c:91:10:5b:b1:26:b3:a4:
         c0:72:df:83
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ5MOOJK8vH+1oB1QmBU4pb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTIxMjAyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmFlN2ExNWEwODY1MzYyMzNhNjU4MTI2YTNmYjE2Mjk3NDdjNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYfb04e7EGL76mIKpqBU2nQzjOfB
2TWQLlw2rGue2DGNxZeZBpGlzzxgynRa0QYInuDIAsNu+lldFIkgYSQNktlDmDE7
nSjKIKUE+k7F0uPtHFiSuWkwJvJdiZy8OtbY8ic19SkjAXl6knLajxVI5iIjrLS8
ttoMODomEJgPspxL0vsOcEUCn/maSlSLQ2Mv/bpEHY4Y2GQDUI7oHt919LDnK+Zj
ZeOAzvEkdeOgGdj7fL6rpqF2Q1VVMrvjX4XGjJ8vwYLPhS+XV5nCcHEqKvHWwi7Y
ymn5Gdn5HDFFuKTJ7C/CAcLAqD8edr0sEpbOfYXKEcs4e89+5E7Yvc/YWQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEKuehWghlNiM6ZYEmo/sWKXR8d4MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvUXE1NkZhQ0dVMkl6cGxnU2FqLXhZcGRIeDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBvyxsMAwD
BAS/LHADBAC/LHIwDQYJKoZIhvcNAQELBQADggEBAIKWxN10sE8uAa1CnJECLh+t
XXitAee2Vh6TeFhUyhCdb99P11DYiSbZ6lKGhQw+J6CiVldyoUGXK2dUkpTkwaYZ
2qphbfm6XY9/EpeM2GktURUwTmHtfD5PUgLFrx32UnLgIIfe11e+gBmVqGidY1r1
SB+HQZK1hIjoEbKrD/UwY/2pnZd8vokIiydlexURIOoCnvFndgzwtI1pGjgNGhbF
xLfMACTwmCOtCQZJz8qPIrBF2pj8gjCGxdwRsyLpJAAfD1z7TmdiX83vPbzUJ9sp
quGV92mb2cayAYBvg2xY3hLKwPMLQ57OyTf3n+BbRton9p18kRBbsSazpMBy34M=
-----END CERTIFICATE-----