Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/VIBiJE8jO2D6NekR1BaSOtCO6Ok.roa
File:                     VIBiJE8jO2D6NekR1BaSOtCO6Ok.roa (raw, json)
Hash identifier:          Yn3CqdZVKDLeT4Hf6VkuKU0b5C8N6Ud2qMot9S9FbDc=
Subject key identifier:   54:80:62:24:4F:23:3B:60:FA:35:E9:11:D4:16:92:3A:D0:8E:E8:E9
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E21F26F30C945A9D72AE76B7DBFEA2789
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/VIBiJE8jO2D6NekR1BaSOtCO6Ok.roa
Signing time:             Wed 13 May 2026 15:26:36 +0000
ROA not before:           Wed 13 May 2026 15:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402479
IP address blocks:        191.44.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 09:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:f2:6f:30:c9:45:a9:d7:2a:e7:6b:7d:bf:ea:27:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 13 15:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=548062244f233b60fa35e911d416923ad08ee8e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9a:56:b9:66:09:ea:97:e0:80:03:1d:d8:b4:
                    83:f7:7e:35:b6:38:c9:5e:f3:97:92:67:b4:df:3a:
                    9d:9c:bf:ff:fe:74:90:62:82:c3:aa:4b:c4:e4:14:
                    a6:ea:5c:30:63:f0:71:76:a3:21:39:e3:79:01:d4:
                    ff:f0:3b:5c:7b:4d:a4:5b:69:18:61:bf:37:09:5a:
                    10:ea:6a:b9:f4:23:04:7e:25:ac:75:0c:19:00:74:
                    c3:a9:27:14:69:17:eb:96:b6:ea:27:67:76:8b:52:
                    d3:3d:8a:d4:4d:19:f2:f8:53:b6:3d:35:7a:61:ee:
                    39:c7:4e:dc:4a:68:89:86:96:25:62:13:57:b8:b8:
                    69:34:0e:46:08:60:dc:92:38:39:69:48:1f:06:44:
                    ad:08:39:fd:50:d6:99:f9:80:ca:3c:94:6c:13:ae:
                    ac:58:a9:81:63:89:dd:8a:4a:c3:20:1a:a5:a1:1a:
                    c1:41:68:81:8d:ca:ad:df:21:30:37:aa:46:39:b5:
                    d6:7b:76:44:57:d2:d0:4d:68:07:4a:79:1d:ac:cc:
                    8b:7d:42:be:40:49:9b:78:cb:78:8e:36:53:8b:72:
                    ba:00:c2:07:91:5d:b8:f8:b6:18:01:87:10:96:8a:
                    ed:1b:24:4d:0c:46:4a:58:36:e1:b7:29:7e:1d:8b:
                    e9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:80:62:24:4F:23:3B:60:FA:35:E9:11:D4:16:92:3A:D0:8E:E8:E9
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/VIBiJE8jO2D6NekR1BaSOtCO6Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ac:7a:b9:53:b5:90:be:90:6b:23:a1:e7:4d:17:75:8e:22:
         81:30:74:d6:41:ce:44:2b:52:79:13:0b:01:8f:8b:55:7c:a6:
         f7:2a:fe:64:d6:9c:a0:cc:d0:17:60:8c:f0:9d:49:c1:d5:e2:
         1b:ed:85:4d:ef:d6:25:f2:66:a1:3a:5d:09:56:51:a8:0f:90:
         7f:55:1a:fc:e8:77:0b:05:66:e1:e7:1d:11:d6:5a:81:1e:03:
         0b:54:8f:3d:78:0e:02:59:57:6e:85:49:75:3d:63:6b:95:be:
         a2:ad:ec:68:be:6d:98:e3:7d:87:ae:ff:53:53:87:2c:a3:1c:
         ae:2a:b1:fc:b0:eb:df:31:21:23:99:0f:97:a6:8e:2b:f8:f8:
         35:9b:88:f0:89:04:e2:b4:53:b5:0e:bb:17:69:e8:0e:f9:a5:
         4c:f6:83:9b:08:28:35:3d:9f:30:3d:f7:68:07:1d:c2:af:f6:
         28:27:b3:a6:89:4a:17:69:f9:ac:4f:5d:49:63:fb:62:3d:3b:
         66:c1:26:04:fb:42:ba:4d:0f:0d:cc:35:51:f6:62:fd:22:c1:
         5f:40:a5:36:d2:ee:8e:00:b5:86:8d:e3:7f:ec:11:43:81:41:
         04:40:cc:ad:99:27:de:04:52:7f:d6:eb:73:39:37:5d:18:11:
         ed:f8:00:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4h8m8wyUWp1yrna32/6ieJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTEzMTUyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgwNjIyNDRmMjMzYjYwZmEzNWU5MTFkNDE2OTIzYWQwOGVlOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5pWuWYJ6pfggAMd2LSD9341tjjJ
XvOXkme03zqdnL///nSQYoLDqkvE5BSm6lwwY/BxdqMhOeN5AdT/8Dtce02kW2kY
Yb83CVoQ6mq59CMEfiWsdQwZAHTDqScUaRfrlrbqJ2d2i1LTPYrUTRny+FO2PTV6
Ye45x07cSmiJhpYlYhNXuLhpNA5GCGDckjg5aUgfBkStCDn9UNaZ+YDKPJRsE66s
WKmBY4ndikrDIBqloRrBQWiBjcqt3yEwN6pGObXWe3ZEV9LQTWgHSnkdrMyLfUK+
QEmbeMt4jjZTi3K6AMIHkV24+LYYAYcQlortGyRNDEZKWDbhtyl+HYvpgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSAYiRPIztg+jXpEdQWkjrQjujpMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvVklCaUpFOGpPMkQ2TmVrUjFCYVNPdENPNk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxkMA0G
CSqGSIb3DQEBCwUAA4IBAQAfrHq5U7WQvpBrI6HnTRd1jiKBMHTWQc5EK1J5EwsB
j4tVfKb3Kv5k1pygzNAXYIzwnUnB1eIb7YVN79Yl8mahOl0JVlGoD5B/VRr86HcL
BWbh5x0R1lqBHgMLVI89eA4CWVduhUl1PWNrlb6irexovm2Y432Hrv9TU4csoxyu
KrH8sOvfMSEjmQ+Xpo4r+Pg1m4jwiQTitFO1DrsXaegO+aVM9oObCCg1PZ8wPfdo
Bx3Cr/YoJ7OmiUoXafmsT11JY/tiPTtmwSYE+0K6TQ8NzDVR9mL9IsFfQKU20u6O
ALWGjeN/7BFDgUEEQMytmSfeBFJ/1utzOTddGBHt+ADo
-----END CERTIFICATE-----