Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dD7ci-MSV8rEZ6dBQrJZinXH3Ww.roa
File:                     dD7ci-MSV8rEZ6dBQrJZinXH3Ww.roa (raw, json)
Hash identifier:          hbDyjrM3vU5CtMU5lAYqhDJ/nIs2DnUkJ4zFik8vON0=
Subject key identifier:   74:3E:DC:8B:E3:12:57:CA:C4:67:A7:41:42:B2:59:8A:75:C7:DD:6C
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E97889143ABF22D8B8EE8E5E0DB480965
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dD7ci-MSV8rEZ6dBQrJZinXH3Ww.roa
Signing time:             Fri 05 Jun 2026 11:26:10 +0000
ROA not before:           Fri 05 Jun 2026 11:26:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211895
IP address blocks:        191.44.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:88:91:43:ab:f2:2d:8b:8e:e8:e5:e0:db:48:09:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Jun  5 11:26:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=743edc8be31257cac467a74142b2598a75c7dd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:7c:31:ad:35:43:b5:ee:5c:b3:64:23:5e:
                    99:36:04:ca:45:67:b3:69:3c:a2:e3:83:2c:92:76:
                    55:1e:cc:16:9f:6e:75:b3:57:14:de:2f:62:2c:9b:
                    b5:c8:e2:69:00:ac:b9:cb:fd:b4:54:76:02:c9:66:
                    f5:e4:3c:8e:32:ec:69:00:1b:df:26:4b:8c:e1:7a:
                    48:90:b5:3c:39:34:96:ab:ab:92:9e:aa:68:ef:34:
                    e9:3f:7a:7a:89:ca:f9:3f:34:79:64:c5:2a:e0:c9:
                    d0:2c:b7:2c:ee:69:81:38:49:9d:ea:26:5b:13:62:
                    8f:a3:ca:f2:6b:79:6a:aa:eb:4d:9c:e4:23:af:51:
                    dc:fe:63:5d:48:21:62:f9:08:c1:93:4d:b4:a3:0f:
                    2f:f0:28:ac:29:89:a0:c6:3f:a3:f7:14:ca:d1:00:
                    3e:98:86:fa:94:ad:fc:a5:4e:dc:59:5f:6e:25:8f:
                    61:0b:3b:44:ce:05:c1:02:23:39:a7:55:6d:6b:79:
                    a8:af:52:74:a1:66:2e:c3:44:7e:63:1d:a5:34:5a:
                    0c:84:9f:c9:aa:aa:e8:af:6a:27:59:fc:45:ce:bd:
                    e3:3c:b9:41:6d:0a:86:90:48:1f:f4:03:4f:06:30:
                    28:df:56:4e:13:e5:e9:57:be:6c:ea:fd:20:e3:fc:
                    a5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:3E:DC:8B:E3:12:57:CA:C4:67:A7:41:42:B2:59:8A:75:C7:DD:6C
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dD7ci-MSV8rEZ6dBQrJZinXH3Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:2a:46:1a:4b:47:fd:a3:38:45:6c:b9:7d:d9:61:c3:0e:7a:
         8c:7a:97:d0:e8:16:25:83:3a:0f:45:45:7c:bc:0d:db:f9:60:
         21:0f:e1:cd:01:34:a8:49:e9:b9:46:6e:d9:ee:00:9b:f8:45:
         98:54:2f:46:fb:48:9f:d7:ab:19:e5:6b:04:5a:79:54:f7:7e:
         1b:4b:8e:ca:3b:4d:e5:14:02:46:4f:d9:3d:c3:6e:7c:98:9f:
         89:60:a5:57:82:3d:9c:2c:e6:b1:79:9c:a2:80:e3:44:39:4d:
         fb:24:6c:18:f3:34:69:9c:78:48:11:f4:03:e9:d3:bd:0d:12:
         7b:51:75:65:b0:5b:05:5d:85:41:91:28:bd:78:21:48:d5:73:
         d7:39:f0:48:59:85:64:da:c8:e7:19:07:38:57:37:44:8d:35:
         3d:80:a7:db:4a:ca:7f:30:85:56:34:24:3a:45:f9:b4:6f:c0:
         7a:9c:04:ea:30:4c:3b:15:c3:02:91:be:bf:70:a7:23:ba:17:
         45:ce:cc:d0:c0:a9:66:b0:9d:58:ca:0a:a0:82:70:22:f0:4a:
         1a:78:27:f1:1e:8e:c3:df:9d:bc:a2:cc:db:b6:58:08:01:7c:
         67:5d:54:b0:56:ff:ec:b3:47:7d:07:61:7d:d1:d4:84:08:c1:
         8f:55:1e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XiJFDq/Iti47o5eDbSAllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNjA1MTEyNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDNlZGM4YmUzMTI1N2NhYzQ2N2E3NDE0MmIyNTk4YTc1YzdkZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiR8Ma01Q7XuXLNkI16ZNgTKRWez
aTyi44MsknZVHswWn251s1cU3i9iLJu1yOJpAKy5y/20VHYCyWb15DyOMuxpABvf
JkuM4XpIkLU8OTSWq6uSnqpo7zTpP3p6icr5PzR5ZMUq4MnQLLcs7mmBOEmd6iZb
E2KPo8rya3lqqutNnOQjr1Hc/mNdSCFi+QjBk020ow8v8CisKYmgxj+j9xTK0QA+
mIb6lK38pU7cWV9uJY9hCztEzgXBAiM5p1Vta3mor1J0oWYuw0R+Yx2lNFoMhJ/J
qqror2onWfxFzr3jPLlBbQqGkEgf9ANPBjAo31ZOE+XpV75s6v0g4/ylnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQ+3IvjElfKxGenQUKyWYp1x91sMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvZEQ3Y2ktTVNWOHJFWjZkQlFySlppblhIM1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx5MA0G
CSqGSIb3DQEBCwUAA4IBAQAHKkYaS0f9ozhFbLl92WHDDnqMepfQ6BYlgzoPRUV8
vA3b+WAhD+HNATSoSem5Rm7Z7gCb+EWYVC9G+0if16sZ5WsEWnlU934bS47KO03l
FAJGT9k9w258mJ+JYKVXgj2cLOaxeZyigONEOU37JGwY8zRpnHhIEfQD6dO9DRJ7
UXVlsFsFXYVBkSi9eCFI1XPXOfBIWYVk2sjnGQc4VzdEjTU9gKfbSsp/MIVWNCQ6
Rfm0b8B6nATqMEw7FcMCkb6/cKcjuhdFzszQwKlmsJ1YygqggnAi8EoaeCfxHo7D
3528oszbtlgIAXxnXVSwVv/ss0d9B2F90dSECMGPVR7Q
-----END CERTIFICATE-----