Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/e84C3Z_POn6Dij3xHqkWvlvMlrg.roa
File:                     e84C3Z_POn6Dij3xHqkWvlvMlrg.roa (raw, json)
Hash identifier:          LZb7HGnie/ujIbNTTPMrLlk4OP6qlKKV+DaKDgWeVD4=
Subject key identifier:   7B:CE:02:DD:9F:CF:3A:7E:83:8A:3D:F1:1E:A9:16:BE:5B:CC:96:B8
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E46657D2043B599D139B85560C4607E18
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/e84C3Z_POn6Dij3xHqkWvlvMlrg.roa
Signing time:             Wed 20 May 2026 17:18:36 +0000
ROA not before:           Wed 20 May 2026 17:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197360
IP address blocks:        191.44.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:65:7d:20:43:b5:99:d1:39:b8:55:60:c4:60:7e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 20 17:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bce02dd9fcf3a7e838a3df11ea916be5bcc96b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b1:01:4f:04:ad:68:c0:30:96:c1:4f:93:dd:
                    dd:40:0e:16:b5:a6:fc:df:12:78:b7:08:0e:65:1a:
                    cf:d2:d1:71:2e:22:c0:20:5a:58:67:a5:c4:c4:db:
                    16:ff:af:ad:cc:ba:74:6d:01:8c:10:4a:ec:f1:a7:
                    2f:8a:69:d4:a1:ac:2e:0d:72:04:ea:55:c0:f6:e7:
                    ab:15:19:e9:b9:78:f7:09:17:24:0e:22:dc:7f:68:
                    b1:ce:30:73:d7:3b:ef:42:43:b1:66:72:a1:44:72:
                    16:02:de:6d:d7:81:f7:a4:8e:8d:c7:e8:bd:b5:07:
                    13:be:1e:7d:f3:72:8f:cf:16:98:0b:49:8c:25:a7:
                    13:de:90:1e:c2:d6:8f:e0:60:be:0a:dd:fa:38:d7:
                    20:37:81:07:20:ad:e2:46:20:d8:70:26:ed:cd:10:
                    62:71:37:c6:40:34:60:6f:50:25:c3:d8:89:f5:37:
                    94:a0:d2:d5:2d:25:44:52:3c:85:06:50:b2:8b:11:
                    9b:d5:a6:35:92:ce:b6:7b:bb:32:55:67:cf:d9:dd:
                    aa:d3:82:b6:92:4d:0f:ce:cb:c5:01:8e:98:d5:39:
                    64:87:84:8a:ea:ed:00:5e:ce:ec:14:57:47:4f:27:
                    fb:45:dd:4a:fc:7e:c2:7f:07:07:24:93:33:f7:a6:
                    a9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:CE:02:DD:9F:CF:3A:7E:83:8A:3D:F1:1E:A9:16:BE:5B:CC:96:B8
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/e84C3Z_POn6Dij3xHqkWvlvMlrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:53:a2:29:5b:e8:e5:84:ef:79:33:1e:3c:79:96:b5:27:f8:
         37:c6:77:cd:d4:0b:11:b0:f0:88:a3:af:15:e3:d3:c8:af:7f:
         6d:20:4a:b5:eb:16:65:c4:ff:e6:2b:f9:2f:b1:ef:09:56:c5:
         71:00:92:02:b0:1d:12:04:17:81:02:d6:9f:6c:ae:36:9b:02:
         62:03:64:98:7b:38:07:75:2c:b8:07:6a:fe:cc:db:d0:ca:c2:
         89:62:81:1a:8c:f1:c6:ae:d0:73:47:3a:e7:a4:b1:ec:05:a0:
         1f:ce:b5:45:75:e3:8c:48:2c:05:f1:46:e7:ae:12:48:b6:bf:
         2c:4a:4c:8b:79:18:05:5f:56:2c:16:3c:2f:ed:b4:22:e9:85:
         d4:e5:d5:27:5d:ae:67:10:4d:87:f6:4e:b5:00:b0:2b:bd:63:
         f3:b5:36:cf:84:3c:c0:7e:e1:b3:2f:41:58:9f:3f:66:df:bd:
         5b:01:b5:85:c1:cc:9a:0d:c5:92:14:29:9d:cc:f8:b4:4c:6f:
         26:79:cb:f2:95:da:86:70:da:81:9d:9a:60:15:a0:10:96:9f:
         db:37:89:63:5a:06:b7:4f:c5:33:88:86:4b:47:32:64:34:fc:
         35:1c:7c:36:8f:71:67:43:64:78:5c:3a:cb:f4:de:6a:0c:ba:
         42:d2:4f:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5GZX0gQ7WZ0Tm4VWDEYH4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTIwMTcxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmNlMDJkZDlmY2YzYTdlODM4YTNkZjExZWE5MTZiZTViY2M5NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7EBTwStaMAwlsFPk93dQA4Wtab8
3xJ4twgOZRrP0tFxLiLAIFpYZ6XExNsW/6+tzLp0bQGMEErs8acvimnUoawuDXIE
6lXA9uerFRnpuXj3CRckDiLcf2ixzjBz1zvvQkOxZnKhRHIWAt5t14H3pI6Nx+i9
tQcTvh5983KPzxaYC0mMJacT3pAewtaP4GC+Ct36ONcgN4EHIK3iRiDYcCbtzRBi
cTfGQDRgb1Alw9iJ9TeUoNLVLSVEUjyFBlCyixGb1aY1ks62e7syVWfP2d2q04K2
kk0PzsvFAY6Y1Tlkh4SK6u0AXs7sFFdHTyf7Rd1K/H7CfwcHJJMz96ap2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvOAt2fzzp+g4o98R6pFr5bzJa4MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvZTg0QzNaX1BPbjZEaWozeEhxa1d2bHZNbHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxqMA0G
CSqGSIb3DQEBCwUAA4IBAQAEU6IpW+jlhO95Mx48eZa1J/g3xnfN1AsRsPCIo68V
49PIr39tIEq16xZlxP/mK/kvse8JVsVxAJICsB0SBBeBAtafbK42mwJiA2SYezgH
dSy4B2r+zNvQysKJYoEajPHGrtBzRzrnpLHsBaAfzrVFdeOMSCwF8UbnrhJItr8s
SkyLeRgFX1YsFjwv7bQi6YXU5dUnXa5nEE2H9k61ALArvWPztTbPhDzAfuGzL0FY
nz9m371bAbWFwcyaDcWSFCmdzPi0TG8mecvyldqGcNqBnZpgFaAQlp/bN4ljWga3
T8UziIZLRzJkNPw1HHw2j3FnQ2R4XDrL9N5qDLpC0k9U
-----END CERTIFICATE-----