Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SmU641R_8CxFq7De2crtrfOYByY.roa
File:                     SmU641R_8CxFq7De2crtrfOYByY.roa (raw, json)
Hash identifier:          0xEikSFQcdObzPP+bNYxTZs6hUpDMRnZEZ7oSCQCmMI=
Subject key identifier:   4A:65:3A:E3:54:7F:F0:2C:45:AB:B0:DE:D9:CA:ED:AD:F3:98:07:26
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E5F59200679E08D7B0CCE93EC5A017B31
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SmU641R_8CxFq7De2crtrfOYByY.roa
Signing time:             Mon 25 May 2026 13:35:36 +0000
ROA not before:           Mon 25 May 2026 13:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3503
IP address blocks:        191.44.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:59:20:06:79:e0:8d:7b:0c:ce:93:ec:5a:01:7b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 25 13:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a653ae3547ff02c45abb0ded9caedadf3980726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:26:79:fe:5d:3e:e2:f4:30:ce:70:f9:94:5c:
                    23:5c:7a:54:e1:54:f4:97:54:19:e7:fd:24:21:e0:
                    58:88:19:31:d1:ea:a1:0f:e0:46:4d:c1:75:e1:cd:
                    a5:97:8a:13:11:6c:89:8b:9c:60:03:de:8e:b1:67:
                    87:f4:f1:18:37:de:ac:40:ee:91:7e:8e:f2:85:13:
                    e6:37:23:b8:15:c3:40:ab:50:e4:b5:49:5d:63:1e:
                    cf:e0:cf:e2:c9:38:df:9b:9f:59:bf:af:8c:22:7c:
                    70:b0:ef:57:6c:82:95:03:9b:98:9b:4b:e3:aa:cd:
                    e3:55:ad:41:37:fe:6b:76:f0:5b:c7:f1:ce:1e:d1:
                    5d:8d:eb:79:c3:14:98:7e:8d:6f:c5:95:46:26:8f:
                    4a:c8:79:29:67:c9:0e:35:65:19:4e:a6:ce:5c:fc:
                    86:ca:b3:78:e0:1e:c8:31:22:c1:2f:e8:9a:70:af:
                    3e:00:63:a3:ac:74:ac:39:41:64:72:dd:31:90:1e:
                    22:ff:e0:10:28:05:98:0c:b0:d8:c5:4f:82:7c:53:
                    43:c8:40:42:d3:52:e9:7e:c6:cc:35:9a:31:f0:bd:
                    93:08:6b:74:85:7f:2d:23:38:e4:83:d9:bc:2d:28:
                    7b:da:26:d7:7f:f1:8b:53:8a:14:98:d7:4e:15:13:
                    be:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:65:3A:E3:54:7F:F0:2C:45:AB:B0:DE:D9:CA:ED:AD:F3:98:07:26
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SmU641R_8CxFq7De2crtrfOYByY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:89:be:b1:a8:05:a3:a7:10:bd:fd:ed:8d:d8:a7:97:79:f9:
         a4:72:b6:bf:79:df:ad:b3:7a:f4:a2:ee:eb:36:79:dd:55:75:
         38:ae:c3:bb:68:a3:6d:f6:35:ed:94:77:66:93:8a:2f:7f:f3:
         c9:42:64:db:18:6d:d3:dc:8b:f6:2f:44:8a:5b:55:8b:e4:b1:
         9a:cf:be:9c:e2:97:c0:4e:7d:d1:6c:5f:d7:81:63:e6:65:95:
         55:d6:03:9b:c3:a0:69:88:bd:96:3f:6c:0d:97:57:df:af:72:
         ad:51:03:23:ae:99:e9:ed:50:ab:c6:5a:dd:89:1b:bc:26:12:
         3f:e8:13:ca:98:38:b9:18:1c:6d:d3:0e:0d:71:0b:74:09:09:
         5f:51:ef:e6:75:8f:af:81:a3:54:53:03:12:f8:1e:61:43:65:
         17:64:ae:dd:a1:d4:75:f8:99:2a:ea:37:28:82:c1:45:7b:cb:
         b8:3d:0a:87:ae:0c:d6:a2:5d:2e:1b:91:3f:dc:98:b1:be:0a:
         0f:cf:12:d9:b8:29:f8:7d:28:fe:e1:b1:af:cb:e3:d2:bd:75:
         f4:f1:fd:70:de:9c:b5:b9:54:be:ab:a7:1d:b1:9d:83:18:fd:
         83:78:f2:13:ad:ba:6e:15:ea:ff:06:6b:71:f6:7c:a5:b3:d9:
         02:94:e3:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5fWSAGeeCNewzOk+xaAXsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTI1MTMzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY1M2FlMzU0N2ZmMDJjNDVhYmIwZGVkOWNhZWRhZGYzOTgwNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iZ5/l0+4vQwznD5lFwjXHpU4VT0
l1QZ5/0kIeBYiBkx0eqhD+BGTcF14c2ll4oTEWyJi5xgA96OsWeH9PEYN96sQO6R
fo7yhRPmNyO4FcNAq1DktUldYx7P4M/iyTjfm59Zv6+MInxwsO9XbIKVA5uYm0vj
qs3jVa1BN/5rdvBbx/HOHtFdjet5wxSYfo1vxZVGJo9KyHkpZ8kONWUZTqbOXPyG
yrN44B7IMSLBL+iacK8+AGOjrHSsOUFkct0xkB4i/+AQKAWYDLDYxU+CfFNDyEBC
01LpfsbMNZox8L2TCGt0hX8tIzjkg9m8LSh72ibXf/GLU4oUmNdOFRO+fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEplOuNUf/AsRauw3tnK7a3zmAcmMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvU21VNjQxUl84Q3hGcTdEZTJjcnRyZk9ZQnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxuMA0G
CSqGSIb3DQEBCwUAA4IBAQAKib6xqAWjpxC9/e2N2KeXefmkcra/ed+ts3r0ou7r
NnndVXU4rsO7aKNt9jXtlHdmk4ovf/PJQmTbGG3T3Iv2L0SKW1WL5LGaz76c4pfA
Tn3RbF/XgWPmZZVV1gObw6BpiL2WP2wNl1ffr3KtUQMjrpnp7VCrxlrdiRu8JhI/
6BPKmDi5GBxt0w4NcQt0CQlfUe/mdY+vgaNUUwMS+B5hQ2UXZK7dodR1+Jkq6jco
gsFFe8u4PQqHrgzWol0uG5E/3JixvgoPzxLZuCn4fSj+4bGvy+PSvXX08f1w3py1
uVS+q6cdsZ2DGP2DePITrbpuFer/Bmtx9nyls9kClOOE
-----END CERTIFICATE-----