Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dHXyz9jE3eQGaYdkCkC9OnVQUTI.roa
File:                     dHXyz9jE3eQGaYdkCkC9OnVQUTI.roa (raw, json)
Hash identifier:          WWIWVw1+XDUE+Hx/T4bToQB6zdC+m+hvEsGqn8mcIwI=
Subject key identifier:   74:75:F2:CF:D8:C4:DD:E4:06:69:87:64:0A:40:BD:3A:75:50:51:32
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E216BD9F270FB2F828F305D7460D06383
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dHXyz9jE3eQGaYdkCkC9OnVQUTI.roa
Signing time:             Wed 13 May 2026 12:59:36 +0000
ROA not before:           Wed 13 May 2026 12:59:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215224
IP address blocks:        191.44.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:21:6b:d9:f2:70:fb:2f:82:8f:30:5d:74:60:d0:63:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 13 12:59:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7475f2cfd8c4dde4066987640a40bd3a75505132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b5:45:97:62:7d:e6:49:55:e0:a4:01:ec:e2:
                    05:fd:b1:12:f5:fe:0a:d4:63:19:46:46:cb:05:8b:
                    ce:aa:b9:99:96:8f:56:e3:15:80:22:f1:ae:36:df:
                    12:85:f8:25:0f:31:f4:b5:95:f7:ff:8e:46:61:4a:
                    73:59:36:07:d2:d2:83:c3:ad:42:4a:17:6c:7e:3f:
                    f2:25:ce:e1:85:8f:f8:b2:41:a9:98:a2:3c:f9:be:
                    af:17:e2:8e:9b:18:5d:27:b4:eb:2e:a5:86:89:92:
                    dd:e4:3d:dc:c2:fc:a7:36:f1:a6:c0:3d:32:23:d0:
                    c9:ee:a9:a1:63:28:78:b7:27:6f:bd:fa:23:1b:2c:
                    d5:75:dd:0f:ee:01:03:82:e4:75:e9:cf:76:a7:06:
                    6a:39:09:dd:5c:26:79:da:d8:ab:75:4c:5e:e2:bf:
                    28:ba:3e:21:cf:b6:5b:be:ec:e9:5e:39:5b:27:09:
                    3f:8a:bb:1c:71:9f:0f:a2:95:5e:ac:9d:51:f4:ed:
                    54:e4:a1:1d:3a:a3:e1:08:f0:ba:6c:5f:0a:52:a2:
                    76:90:07:4a:f7:14:f4:2f:b0:3e:a6:26:f8:96:bd:
                    fc:ad:0b:b0:39:12:cb:d0:da:d4:cb:73:fd:cd:08:
                    5b:23:ba:82:90:b0:41:7f:ec:15:23:0c:f7:b4:bd:
                    f8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:75:F2:CF:D8:C4:DD:E4:06:69:87:64:0A:40:BD:3A:75:50:51:32
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dHXyz9jE3eQGaYdkCkC9OnVQUTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:3d:94:20:cb:04:f3:39:40:3d:f1:81:bb:88:2d:5d:af:b6:
         52:50:f4:81:b5:c8:32:e3:4c:e3:14:61:d7:01:96:c8:05:8d:
         c0:a6:87:3c:4e:89:a7:84:e6:bb:99:0d:c2:74:26:c4:3e:ec:
         da:99:d6:77:58:c0:a2:20:4c:2b:73:f4:b7:6c:f5:6b:59:0c:
         44:b1:0d:5a:7f:31:d5:72:46:5f:91:e0:c8:5d:e0:0c:39:cc:
         f2:dc:24:15:4e:4d:a7:38:86:ec:d2:6e:d8:b6:d3:c1:ed:d0:
         1b:51:22:ee:f5:9e:a5:fd:f2:7c:97:45:61:44:1f:4d:6f:73:
         79:5b:1d:6b:e0:c4:65:de:17:ce:07:e2:9e:45:b0:e1:a3:d9:
         2d:de:59:fc:36:fc:92:18:70:23:d2:70:40:56:66:66:d1:63:
         41:c9:eb:dd:7d:a0:01:15:79:04:25:77:17:f5:8b:1c:06:77:
         19:8e:1f:28:5c:c3:69:35:b7:95:0e:96:33:48:57:88:4d:30:
         db:b4:76:fa:8d:6b:51:d4:3d:f9:f1:b5:aa:04:c4:55:e7:46:
         6b:67:88:84:af:ee:8e:2f:18:b2:29:52:e3:50:2d:70:aa:f8:
         cd:7f:6a:55:92:bf:e5:2c:af:86:73:0c:8a:06:45:d3:12:82:
         89:13:06:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4ha9nycPsvgo8wXXRg0GODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTEzMTI1OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDc1ZjJjZmQ4YzRkZGU0MDY2OTg3NjQwYTQwYmQzYTc1NTA1MTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobVFl2J95klV4KQB7OIF/bES9f4K
1GMZRkbLBYvOqrmZlo9W4xWAIvGuNt8ShfglDzH0tZX3/45GYUpzWTYH0tKDw61C
Shdsfj/yJc7hhY/4skGpmKI8+b6vF+KOmxhdJ7TrLqWGiZLd5D3cwvynNvGmwD0y
I9DJ7qmhYyh4tydvvfojGyzVdd0P7gEDguR16c92pwZqOQndXCZ52tirdUxe4r8o
uj4hz7ZbvuzpXjlbJwk/irsccZ8PopVerJ1R9O1U5KEdOqPhCPC6bF8KUqJ2kAdK
9xT0L7A+pib4lr38rQuwORLL0NrUy3P9zQhbI7qCkLBBf+wVIwz3tL34BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR18s/YxN3kBmmHZApAvTp1UFEyMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvZEhYeXo5akUzZVFHYVlka0NrQzlPblZRVVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx7MA0G
CSqGSIb3DQEBCwUAA4IBAQAfPZQgywTzOUA98YG7iC1dr7ZSUPSBtcgy40zjFGHX
AZbIBY3Apoc8TomnhOa7mQ3CdCbEPuzamdZ3WMCiIEwrc/S3bPVrWQxEsQ1afzHV
ckZfkeDIXeAMOczy3CQVTk2nOIbs0m7YttPB7dAbUSLu9Z6l/fJ8l0VhRB9Nb3N5
Wx1r4MRl3hfOB+KeRbDho9kt3ln8NvySGHAj0nBAVmZm0WNByevdfaABFXkEJXcX
9YscBncZjh8oXMNpNbeVDpYzSFeITTDbtHb6jWtR1D358bWqBMRV50ZrZ4iEr+6O
LxiyKVLjUC1wqvjNf2pVkr/lLK+GcwyKBkXTEoKJEwbt
-----END CERTIFICATE-----