Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/V1iA51v4wBuRwVnj-6oJKLFo-24.roa
File:                     V1iA51v4wBuRwVnj-6oJKLFo-24.roa (raw, json)
Hash identifier:          ROl73KBjelO938WYLFrt9k+QsM2DphWSX7z1b8bJhBQ=
Subject key identifier:   57:58:80:E7:5B:F8:C0:1B:91:C1:59:E3:FB:AA:09:28:B1:68:FB:6E
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E8F4872068F8399A1E9D7BA2ECEF90209
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/V1iA51v4wBuRwVnj-6oJKLFo-24.roa
Signing time:             Wed 03 Jun 2026 20:59:10 +0000
ROA not before:           Wed 03 Jun 2026 20:59:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34346
IP address blocks:        191.44.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:59:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8f:48:72:06:8f:83:99:a1:e9:d7:ba:2e:ce:f9:02:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Jun  3 20:59:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=575880e75bf8c01b91c159e3fbaa0928b168fb6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1d:02:67:4c:ce:eb:7b:bc:70:a6:20:33:33:
                    af:86:a9:33:0f:f9:fa:06:52:ce:48:ba:e2:f2:92:
                    e4:f5:7f:b7:f2:56:61:d0:2d:43:93:f4:ea:62:b1:
                    87:f0:08:62:3e:29:5d:fa:67:b2:93:fb:ff:08:21:
                    83:d0:49:ea:98:9f:a1:dc:62:c4:f3:c8:d9:38:bd:
                    e8:b6:dd:4f:9d:0d:6f:72:d3:31:af:fe:5d:4a:3e:
                    97:78:d3:37:00:69:f9:bf:77:c5:11:1f:d6:bb:cc:
                    ac:2b:35:0b:05:77:ee:09:af:52:0c:21:63:ba:a1:
                    6a:29:93:61:65:4f:87:68:70:cb:89:ac:61:71:b1:
                    2a:ea:11:9e:b4:45:f7:8a:fe:53:fe:47:d7:a1:01:
                    98:54:23:d8:33:79:54:ad:b5:8a:86:e3:2a:f4:01:
                    d0:68:2a:da:6e:f6:7a:3a:69:74:cd:ab:fc:33:1e:
                    32:b6:07:45:77:8e:d8:9c:1b:1e:d4:db:93:0e:8a:
                    da:3a:f6:9d:b9:5f:90:bc:4c:4d:14:50:8a:28:d9:
                    96:cf:29:3e:30:f6:84:a9:68:67:f2:51:9b:d7:93:
                    8d:98:83:f9:f6:91:00:3b:1e:46:d4:dc:49:fe:0d:
                    80:9b:39:73:4d:da:3f:cb:26:3e:2e:8b:bb:b7:ce:
                    24:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:58:80:E7:5B:F8:C0:1B:91:C1:59:E3:FB:AA:09:28:B1:68:FB:6E
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/V1iA51v4wBuRwVnj-6oJKLFo-24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fe:3f:0e:95:76:b6:cb:e5:9f:40:46:f9:a0:50:62:30:52:
         ce:32:fd:80:75:2d:9b:14:b2:fa:52:c5:0b:b7:21:36:e6:a2:
         6b:79:f7:53:d6:28:95:ae:35:7a:d2:f3:26:94:ef:4a:bf:14:
         4a:a9:6c:9e:1a:96:ff:8e:35:61:73:71:02:ee:02:af:26:97:
         5e:3f:f2:30:f2:e3:01:2a:02:b0:98:92:23:8d:9c:3b:0f:c8:
         9d:c1:1e:36:ba:8f:bc:9f:95:1f:06:08:f7:fd:12:9d:ce:16:
         57:44:57:79:b2:b8:04:34:f9:a4:79:2b:9b:81:b2:52:88:0a:
         23:c9:49:2e:39:58:61:b0:b9:9a:29:0c:89:e9:36:24:47:97:
         0e:28:fe:3f:d2:82:62:ce:13:b8:6e:48:3c:2f:57:c6:69:6e:
         45:15:00:4f:bf:dd:49:48:36:22:81:bf:f8:39:15:0d:41:fd:
         82:47:cb:af:30:b3:2b:44:f5:b5:44:44:e7:8f:11:b7:32:95:
         d0:44:1d:2a:1c:95:0a:a0:fd:50:21:d2:e8:0f:ba:8a:3d:d3:
         a6:79:8d:85:c0:c3:83:de:da:3c:62:87:b0:92:05:7c:80:08:
         19:0d:87:7e:61:fc:d3:a6:29:bd:23:7b:f4:4c:b9:d2:52:1e:
         6a:da:cd:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6PSHIGj4OZoenXui7O+QIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNjAzMjA1OTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzU4ODBlNzViZjhjMDFiOTFjMTU5ZTNmYmFhMDkyOGIxNjhmYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnB0CZ0zO63u8cKYgMzOvhqkzD/n6
BlLOSLri8pLk9X+38lZh0C1Dk/TqYrGH8AhiPild+meyk/v/CCGD0EnqmJ+h3GLE
88jZOL3ott1PnQ1vctMxr/5dSj6XeNM3AGn5v3fFER/Wu8ysKzULBXfuCa9SDCFj
uqFqKZNhZU+HaHDLiaxhcbEq6hGetEX3iv5T/kfXoQGYVCPYM3lUrbWKhuMq9AHQ
aCrabvZ6Oml0zav8Mx4ytgdFd47YnBse1NuTDoraOvaduV+QvExNFFCKKNmWzyk+
MPaEqWhn8lGb15ONmIP59pEAOx5G1NxJ/g2AmzlzTdo/yyY+Lou7t84kXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdYgOdb+MAbkcFZ4/uqCSixaPtuMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvVjFpQTUxdjR3QnVSd1Zuai02b0pLTEZvLTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx8MA0G
CSqGSIb3DQEBCwUAA4IBAQBI/j8OlXa2y+WfQEb5oFBiMFLOMv2AdS2bFLL6UsUL
tyE25qJrefdT1iiVrjV60vMmlO9KvxRKqWyeGpb/jjVhc3EC7gKvJpdeP/Iw8uMB
KgKwmJIjjZw7D8idwR42uo+8n5UfBgj3/RKdzhZXRFd5srgENPmkeSubgbJSiAoj
yUkuOVhhsLmaKQyJ6TYkR5cOKP4/0oJizhO4bkg8L1fGaW5FFQBPv91JSDYigb/4
ORUNQf2CR8uvMLMrRPW1RETnjxG3MpXQRB0qHJUKoP1QIdLoD7qKPdOmeY2FwMOD
3to8YoewkgV8gAgZDYd+YfzTpim9I3v0TLnSUh5q2s0l
-----END CERTIFICATE-----