Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dvq5w2q2zN_mq-AZDV0T40Oa_cE.roa
File:                     dvq5w2q2zN_mq-AZDV0T40Oa_cE.roa (raw, json)
Hash identifier:          MgP8+aUJ4ghQ1ZiOSVmomAq1gt9aaGNDzSB3ivnADqI=
Subject key identifier:   76:FA:B9:C3:6A:B6:CC:DF:E6:AB:E0:19:0D:5D:13:E3:43:9A:FD:C1
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DF479B14F5A2A5E3379A6DC2F09A8860F
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dvq5w2q2zN_mq-AZDV0T40Oa_cE.roa
Signing time:             Mon 04 May 2026 19:31:49 +0000
ROA not before:           Mon 04 May 2026 19:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44620
IP address blocks:        191.44.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 19:31:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:79:b1:4f:5a:2a:5e:33:79:a6:dc:2f:09:a8:86:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May  4 19:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76fab9c36ab6ccdfe6abe0190d5d13e3439afdc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:11:7e:d2:06:ba:ce:03:43:7c:1a:06:08:6f:
                    c0:7d:ee:7b:02:a0:fe:2f:6c:d4:fa:37:f4:4f:94:
                    8f:e7:25:01:9c:a4:c1:1d:95:d3:76:7b:d4:9a:55:
                    89:03:2a:f0:56:34:8e:27:76:69:35:5c:02:ad:95:
                    10:a4:6c:2c:a2:76:a2:fb:18:32:99:76:03:66:16:
                    34:4f:28:67:5e:51:f7:77:64:fa:33:8f:b0:2e:37:
                    f9:bb:55:1f:f0:94:c9:8d:1a:0b:9f:82:f4:f7:9b:
                    91:4b:ba:95:c3:10:d0:12:c7:22:a6:76:96:83:14:
                    c0:49:8c:85:7b:64:be:79:6b:42:6e:51:f7:cf:80:
                    4b:c7:45:f7:e8:1a:83:05:02:d7:78:05:ec:be:ca:
                    fb:5e:95:09:ff:84:59:68:34:07:9a:2a:45:c5:df:
                    ec:88:8f:21:38:ad:40:e0:d9:39:63:07:52:46:05:
                    c3:c3:96:42:c8:52:b1:75:d3:19:3a:2b:1b:88:7c:
                    36:d1:11:97:6d:80:1f:20:5d:1c:72:5d:34:d2:e6:
                    a8:14:29:38:28:5c:73:a7:2d:c5:76:50:43:fe:94:
                    69:de:32:96:79:47:2d:07:21:83:fa:68:a9:c3:18:
                    8a:88:46:c9:40:07:6a:c2:5c:84:f2:f1:3c:e1:a4:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FA:B9:C3:6A:B6:CC:DF:E6:AB:E0:19:0D:5D:13:E3:43:9A:FD:C1
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/dvq5w2q2zN_mq-AZDV0T40Oa_cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0b:39:1f:69:3c:8f:ae:e1:47:2a:f6:c8:ed:64:24:59:56:
         67:ab:35:b1:f7:7e:e2:11:94:53:dc:6d:36:59:f0:7c:28:e2:
         61:0d:cc:e5:2f:e1:eb:46:df:66:ec:93:65:44:9f:0d:2a:cd:
         32:fd:d2:05:3a:18:16:c8:e2:f3:a1:d1:38:22:c1:bb:d2:95:
         80:03:ee:8a:26:4b:17:e8:1d:95:0b:b6:c7:27:5a:56:a3:fb:
         e8:d2:68:67:0e:55:32:19:de:4a:ee:7f:7b:f7:f3:71:4f:ec:
         4d:65:c6:eb:15:e1:08:3b:cc:a2:a2:d4:f3:40:7b:06:2f:5d:
         6f:3e:23:97:41:d9:19:16:c8:d7:a5:52:7f:53:be:d7:07:7a:
         b8:47:b3:79:9d:41:38:97:5e:cd:ce:fe:91:5c:99:a2:cc:88:
         65:b0:28:f1:58:e7:2b:ed:c9:36:6a:a5:fb:45:43:19:47:62:
         61:2a:50:3d:c8:8c:42:77:7e:ff:f9:40:5b:ba:41:62:c4:f9:
         c9:b0:3a:47:10:f7:4a:d1:e5:10:7d:23:17:b9:35:64:b3:e5:
         71:62:62:17:d3:53:31:3e:e5:7e:c8:c1:e1:e0:16:a2:6b:d7:
         cb:15:6d:4a:98:e5:4c:35:bd:85:b2:a0:f6:2c:a6:c1:3a:d1:
         a8:0d:87:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30ebFPWipeM3mm3C8JqIYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTA0MTkzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZhYjljMzZhYjZjY2RmZTZhYmUwMTkwZDVkMTNlMzQzOWFmZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhF+0ga6zgNDfBoGCG/Afe57AqD+
L2zU+jf0T5SP5yUBnKTBHZXTdnvUmlWJAyrwVjSOJ3ZpNVwCrZUQpGwsonai+xgy
mXYDZhY0TyhnXlH3d2T6M4+wLjf5u1Uf8JTJjRoLn4L095uRS7qVwxDQEscipnaW
gxTASYyFe2S+eWtCblH3z4BLx0X36BqDBQLXeAXsvsr7XpUJ/4RZaDQHmipFxd/s
iI8hOK1A4Nk5YwdSRgXDw5ZCyFKxddMZOisbiHw20RGXbYAfIF0ccl000uaoFCk4
KFxzpy3FdlBD/pRp3jKWeUctByGD+mipwxiKiEbJQAdqwlyE8vE84aTynQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHb6ucNqtszf5qvgGQ1dE+NDmv3BMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvZHZxNXcycTJ6Tl9tcS1BWkRWMFQ0ME9hX2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxGMA0G
CSqGSIb3DQEBCwUAA4IBAQCjCzkfaTyPruFHKvbI7WQkWVZnqzWx937iEZRT3G02
WfB8KOJhDczlL+HrRt9m7JNlRJ8NKs0y/dIFOhgWyOLzodE4IsG70pWAA+6KJksX
6B2VC7bHJ1pWo/vo0mhnDlUyGd5K7n979/NxT+xNZcbrFeEIO8yiotTzQHsGL11v
PiOXQdkZFsjXpVJ/U77XB3q4R7N5nUE4l17Nzv6RXJmizIhlsCjxWOcr7ck2aqX7
RUMZR2JhKlA9yIxCd37/+UBbukFixPnJsDpHEPdK0eUQfSMXuTVks+VxYmIX01Mx
PuV+yMHh4Baia9fLFW1KmOVMNb2FsqD2LKbBOtGoDYf6
-----END CERTIFICATE-----