Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/TSGHGo2mm4skq9NSMtfNbmDhB6Y.roa
File:                     TSGHGo2mm4skq9NSMtfNbmDhB6Y.roa (raw, json)
Hash identifier:          o0vuFzo0xXDRqLpQOlTMNsKiUggTuKSoQsQGM+3WwHw=
Subject key identifier:   4D:21:87:1A:8D:A6:9B:8B:24:AB:D3:52:32:D7:CD:6E:60:E1:07:A6
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E5EFAD4AC43B1DF39653A34F59526E04C
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/TSGHGo2mm4skq9NSMtfNbmDhB6Y.roa
Signing time:             Mon 25 May 2026 11:52:37 +0000
ROA not before:           Mon 25 May 2026 11:52:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207992
IP address blocks:        191.44.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:fa:d4:ac:43:b1:df:39:65:3a:34:f5:95:26:e0:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 25 11:52:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d21871a8da69b8b24abd35232d7cd6e60e107a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:07:00:bf:47:44:b4:bc:cb:23:f1:8c:8e:7f:
                    76:cb:4d:0e:ca:ea:2c:d5:da:6b:b0:0c:24:1f:ce:
                    e7:91:c3:d9:6d:be:d8:d6:20:06:56:e5:10:e9:3c:
                    cd:4b:ba:1d:7c:48:02:d4:91:de:5e:b7:40:48:44:
                    a0:f4:bd:f9:85:a7:a8:49:06:d0:7f:7c:33:a3:ab:
                    1c:cd:96:9b:69:5e:c7:c1:dd:7d:8c:ac:2c:0d:3e:
                    1f:08:66:15:0f:c8:e6:9c:b9:98:28:99:5c:4a:73:
                    50:11:6c:fe:f3:59:25:f2:76:b3:28:7d:dd:42:61:
                    f2:aa:36:a1:49:c5:f3:8e:35:fd:34:c0:e3:6a:ac:
                    29:5b:1c:3c:5f:ec:3e:a1:73:45:81:57:f3:96:fd:
                    94:7d:9c:e6:95:bd:87:88:15:42:dd:5f:02:2d:61:
                    87:06:3b:cb:53:c3:3d:d5:36:db:5b:97:e1:fa:5f:
                    bb:64:2a:3e:28:ba:fd:4b:f5:64:b1:71:df:a3:64:
                    aa:09:37:67:fc:6c:20:5d:51:df:96:5a:2d:88:02:
                    61:d8:16:c7:4d:6f:1e:cf:e0:54:d6:0e:45:31:ec:
                    6c:23:9e:f6:76:cb:a4:13:a8:ee:37:f9:a8:c9:79:
                    e5:97:b2:9e:b2:c1:ef:87:60:2c:fc:0d:95:f0:d2:
                    23:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:21:87:1A:8D:A6:9B:8B:24:AB:D3:52:32:D7:CD:6E:60:E1:07:A6
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/TSGHGo2mm4skq9NSMtfNbmDhB6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1a:5c:93:90:91:35:bd:13:f4:92:22:e4:c1:d4:29:81:42:
         d1:80:d5:aa:9d:48:91:ea:5e:ab:6f:55:4b:4c:f5:f2:40:6d:
         d1:1f:67:e4:5c:c8:13:37:b7:fa:ff:36:0e:c8:4f:46:1e:0c:
         53:b4:69:14:c1:f5:60:0a:b5:a8:7b:80:14:83:b7:88:7d:3b:
         85:3e:64:6d:de:21:29:c5:8b:55:50:1f:1f:b8:d0:54:94:cc:
         0a:e6:a1:bd:3a:23:71:9b:a1:81:0d:63:4d:47:65:88:58:16:
         59:c6:5e:6f:8f:8b:c3:7c:d3:a9:41:33:01:eb:3e:62:49:c0:
         99:f4:b1:cd:39:2a:54:21:29:3f:e8:92:53:ea:78:40:12:18:
         00:b2:b8:98:86:b1:07:9d:65:e3:e8:55:70:cb:f8:2f:2c:94:
         d6:27:fe:aa:5f:03:d3:95:51:9d:e2:6b:90:cc:a0:54:99:18:
         1c:10:8a:12:01:68:f1:6a:56:da:dd:4f:77:f7:24:90:c9:e7:
         28:5c:90:87:e9:e1:a7:aa:32:db:7a:49:e1:60:4b:b2:6b:6b:
         5b:1b:ea:44:27:96:1e:44:f5:b7:a9:77:0a:5e:02:a9:3f:b4:
         1f:8a:9d:cc:4b:f0:3e:20:72:29:0e:ff:8f:7b:22:56:52:f0:
         e6:b2:a3:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5e+tSsQ7HfOWU6NPWVJuBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTI1MTE1MjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDIxODcxYThkYTY5YjhiMjRhYmQzNTIzMmQ3Y2Q2ZTYwZTEwN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAcAv0dEtLzLI/GMjn92y00Oyuos
1dprsAwkH87nkcPZbb7Y1iAGVuUQ6TzNS7odfEgC1JHeXrdASESg9L35haeoSQbQ
f3wzo6sczZabaV7Hwd19jKwsDT4fCGYVD8jmnLmYKJlcSnNQEWz+81kl8nazKH3d
QmHyqjahScXzjjX9NMDjaqwpWxw8X+w+oXNFgVfzlv2UfZzmlb2HiBVC3V8CLWGH
BjvLU8M91TbbW5fh+l+7ZCo+KLr9S/VksXHfo2SqCTdn/GwgXVHfllotiAJh2BbH
TW8ez+BU1g5FMexsI572dsukE6juN/moyXnll7KessHvh2As/A2V8NIjqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0hhxqNppuLJKvTUjLXzW5g4QemMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvVFNHSEdvMm1tNHNrcTlOU010Zk5ibURoQjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx3MA0G
CSqGSIb3DQEBCwUAA4IBAQAtGlyTkJE1vRP0kiLkwdQpgULRgNWqnUiR6l6rb1VL
TPXyQG3RH2fkXMgTN7f6/zYOyE9GHgxTtGkUwfVgCrWoe4AUg7eIfTuFPmRt3iEp
xYtVUB8fuNBUlMwK5qG9OiNxm6GBDWNNR2WIWBZZxl5vj4vDfNOpQTMB6z5iScCZ
9LHNOSpUISk/6JJT6nhAEhgAsriYhrEHnWXj6FVwy/gvLJTWJ/6qXwPTlVGd4muQ
zKBUmRgcEIoSAWjxalba3U939ySQyecoXJCH6eGnqjLbeknhYEuya2tbG+pEJ5Ye
RPW3qXcKXgKpP7Qfip3MS/A+IHIpDv+PeyJWUvDmsqMx
-----END CERTIFICATE-----