Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pAsKvPuORsZKCevCTbS1CjWZF3w.roa
File:                     pAsKvPuORsZKCevCTbS1CjWZF3w.roa (raw, json)
Hash identifier:          taF3uPpvQQqinvc1nmhBfaKAOo85dutBVmam/L0fc30=
Subject key identifier:   A4:0B:0A:BC:FB:8E:46:C6:4A:09:EB:C2:4D:B4:B5:0A:35:99:17:7C
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E41BD78E0548F3FE4CD3F4CCAF5ACCCCC
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pAsKvPuORsZKCevCTbS1CjWZF3w.roa
Signing time:             Tue 19 May 2026 19:36:36 +0000
ROA not before:           Tue 19 May 2026 19:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212112
IP address blocks:        191.44.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:bd:78:e0:54:8f:3f:e4:cd:3f:4c:ca:f5:ac:cc:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May 19 19:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a40b0abcfb8e46c64a09ebc24db4b50a3599177c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5d:7e:16:a3:2f:18:82:27:a6:3c:ff:14:35:
                    dd:09:a4:e8:35:af:80:84:19:f3:6f:ae:ff:e8:6b:
                    f0:7d:0c:4c:4f:6c:d6:fe:e1:da:79:e0:99:08:5a:
                    75:6f:76:ac:47:66:4f:9a:03:3a:2b:2e:de:05:f9:
                    4e:91:22:1c:2b:ff:8a:65:63:b3:ac:69:3c:5f:c3:
                    ac:f5:d1:05:3b:a6:be:0f:09:8f:d4:67:25:7d:01:
                    0e:7b:9c:9a:3a:da:c2:0e:a5:4c:c2:85:f9:53:de:
                    cd:ff:e7:9e:4b:e6:07:3c:bf:4f:8d:00:02:93:43:
                    7e:78:76:a3:ae:f4:d0:40:b3:e9:3d:00:91:db:cd:
                    61:95:92:a6:63:1c:98:7f:4d:c2:10:a3:75:b4:ce:
                    0c:86:a9:be:d1:36:c8:86:dc:44:1a:41:5d:01:7d:
                    be:84:6e:2e:1c:97:04:d0:af:57:d6:da:4c:57:3a:
                    0c:f7:c4:08:b2:90:ba:2d:74:45:8f:41:4c:32:e9:
                    c2:e8:41:7e:3a:5a:cd:78:c9:9a:1a:ae:c5:6a:0f:
                    48:de:1f:76:8a:dd:ac:84:63:68:c1:66:9f:8e:40:
                    54:ae:3d:e0:75:32:a9:b0:ad:c6:56:1d:55:68:db:
                    43:c9:6e:54:45:85:fc:32:76:b3:d4:fc:ec:ad:4a:
                    25:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:0B:0A:BC:FB:8E:46:C6:4A:09:EB:C2:4D:B4:B5:0A:35:99:17:7C
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pAsKvPuORsZKCevCTbS1CjWZF3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:5e:80:08:ad:17:3e:8f:f7:fe:14:19:6c:99:31:58:d9:88:
         69:f3:cb:80:d2:45:30:3d:00:02:6f:df:69:0b:09:a5:a4:25:
         79:9b:a3:34:9d:ad:17:a4:06:97:b5:23:f2:51:01:d2:44:a1:
         23:2e:cf:d7:92:e0:ee:ba:ab:cc:4d:7f:97:c5:68:ed:47:de:
         d7:cc:57:00:09:27:94:c5:09:2b:24:7a:1d:a0:8c:60:31:e0:
         b6:ab:e7:ea:3a:22:4b:88:10:a3:9e:21:0e:5a:23:e0:aa:5a:
         99:a9:43:99:fe:c3:0b:74:c3:09:f8:ea:c8:75:de:c0:b5:2c:
         5f:45:53:c4:13:12:7a:23:a2:ec:fe:83:7b:e1:8d:a8:3f:c9:
         b8:cb:b9:4e:09:a4:6f:f6:46:35:9f:c0:fc:0f:59:0c:44:3d:
         5b:82:7f:75:73:21:e3:cb:cf:13:be:aa:e3:a1:26:31:80:0a:
         37:c7:70:b7:b6:e5:11:3d:df:b7:c4:04:69:88:fc:58:0e:9b:
         b1:6a:85:0c:0c:20:f0:82:5e:6d:7e:7d:f6:6d:96:c4:8c:47:
         47:4d:91:1b:7b:d2:43:44:55:57:d2:3c:20:00:d6:25:59:c7:
         69:31:f2:ba:ed:29:3f:49:09:bc:ea:66:e2:17:4c:4d:ed:6a:
         83:79:86:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5BvXjgVI8/5M0/TMr1rMzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTE5MTkzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDBiMGFiY2ZiOGU0NmM2NGEwOWViYzI0ZGI0YjUwYTM1OTkxNzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV1+FqMvGIInpjz/FDXdCaToNa+A
hBnzb67/6GvwfQxMT2zW/uHaeeCZCFp1b3asR2ZPmgM6Ky7eBflOkSIcK/+KZWOz
rGk8X8Os9dEFO6a+DwmP1GclfQEOe5yaOtrCDqVMwoX5U97N/+eeS+YHPL9PjQAC
k0N+eHajrvTQQLPpPQCR281hlZKmYxyYf03CEKN1tM4Mhqm+0TbIhtxEGkFdAX2+
hG4uHJcE0K9X1tpMVzoM98QIspC6LXRFj0FMMunC6EF+OlrNeMmaGq7Fag9I3h92
it2shGNowWafjkBUrj3gdTKpsK3GVh1VaNtDyW5URYX8Mnaz1PzsrUolewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQLCrz7jkbGSgnrwk20tQo1mRd8MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvcEFzS3ZQdU9Sc1pLQ2V2Q1RiUzFDaldaRjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx2MA0G
CSqGSIb3DQEBCwUAA4IBAQCVXoAIrRc+j/f+FBlsmTFY2Yhp88uA0kUwPQACb99p
CwmlpCV5m6M0na0XpAaXtSPyUQHSRKEjLs/XkuDuuqvMTX+XxWjtR97XzFcACSeU
xQkrJHodoIxgMeC2q+fqOiJLiBCjniEOWiPgqlqZqUOZ/sMLdMMJ+OrIdd7AtSxf
RVPEExJ6I6Ls/oN74Y2oP8m4y7lOCaRv9kY1n8D8D1kMRD1bgn91cyHjy88Tvqrj
oSYxgAo3x3C3tuURPd+3xARpiPxYDpuxaoUMDCDwgl5tfn32bZbEjEdHTZEbe9JD
RFVX0jwgANYlWcdpMfK67Sk/SQm86mbiF0xN7WqDeYbv
-----END CERTIFICATE-----