Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pH82n877df1QzqVfRJ4WV5Nbb40.roa
File:                     pH82n877df1QzqVfRJ4WV5Nbb40.roa (raw, json)
Hash identifier:          DMj3my5dZLLROve7XUkC+lZz5qbjerzJZCHCYCSK+HE=
Subject key identifier:   A4:7F:36:9F:CE:FB:75:FD:50:CE:A5:5F:44:9E:16:57:93:5B:6F:8D
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E88ECE5472D3EC3F9A03553B860C225EE
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pH82n877df1QzqVfRJ4WV5Nbb40.roa
Signing time:             Tue 02 Jun 2026 15:21:27 +0000
ROA not before:           Tue 02 Jun 2026 15:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        191.44.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:ec:e5:47:2d:3e:c3:f9:a0:35:53:b8:60:c2:25:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Jun  2 15:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a47f369fcefb75fd50cea55f449e1657935b6f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0a:f5:19:1e:c0:be:da:a3:03:2f:4e:16:71:
                    2d:fc:ac:65:cf:bc:12:43:77:b1:04:5e:05:db:49:
                    4d:b3:1e:9d:af:ea:98:a5:f7:e6:e4:b8:c5:5f:e9:
                    c9:20:c5:ad:a8:21:5f:fb:fa:11:7b:db:fb:73:30:
                    09:29:4e:16:f6:40:d6:03:19:3c:d2:dc:c7:12:c5:
                    eb:e6:9d:82:0e:5f:38:df:cf:a7:be:9c:70:c7:e2:
                    10:e8:ef:57:26:12:9c:55:32:8f:49:fd:a8:6f:0f:
                    f4:ff:03:e1:3d:d3:ae:fc:3f:ac:87:0c:ae:40:01:
                    67:c1:3a:c1:02:ad:bd:e8:62:64:0d:fb:32:81:55:
                    69:8b:a3:38:ae:40:b3:b7:6c:63:3f:2c:76:61:77:
                    18:8e:83:8b:a6:3c:1f:96:52:0e:e3:77:cf:01:67:
                    f1:b2:3e:e1:30:31:b5:33:55:6e:7e:86:f0:4b:52:
                    7d:75:80:a9:14:4d:dc:61:c1:16:fa:da:94:2c:eb:
                    c3:f5:f5:ef:11:ec:17:c7:25:1e:8b:29:ef:04:fd:
                    15:d9:f2:0a:b1:00:9c:e0:2e:27:f5:7b:24:eb:68:
                    dc:2f:af:e1:37:73:5f:2a:f3:24:ac:5b:4d:a6:6f:
                    9f:e2:90:90:0c:3f:50:27:4f:a7:ee:92:58:ef:2f:
                    84:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7F:36:9F:CE:FB:75:FD:50:CE:A5:5F:44:9E:16:57:93:5B:6F:8D
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/pH82n877df1QzqVfRJ4WV5Nbb40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:98:f0:62:7c:e0:50:03:92:02:84:27:b1:ce:fb:f0:bf:e2:
         fc:37:dd:b6:99:c7:2f:7e:b1:10:15:48:30:17:df:80:7c:f0:
         63:71:d6:d8:37:fb:81:60:a1:cf:1d:9f:fa:f3:a1:2c:cf:7c:
         41:82:f7:2c:e6:c4:df:d4:8b:1c:50:b3:35:84:91:1e:d7:46:
         91:7b:ab:28:06:60:a5:79:ca:a4:c4:4a:ef:1a:8c:a2:cb:3e:
         e6:46:ff:6c:54:b2:fb:cf:5f:a6:c2:b5:14:78:2a:75:d1:49:
         4b:1f:20:24:35:25:4b:e5:4f:f3:04:f4:e5:ce:cb:bf:e4:70:
         15:f0:6b:bd:07:34:7d:18:db:b5:58:8b:7a:69:4d:b6:d3:0a:
         55:0a:f2:9d:76:7f:61:42:e7:1d:12:43:f2:0c:c0:53:7c:f1:
         78:1d:9a:49:9d:f9:f6:24:c0:d4:4c:fc:6b:51:9a:65:86:72:
         a0:4f:5e:a6:74:c7:1a:0c:10:f1:25:f7:48:63:61:f0:0c:ad:
         fa:05:df:12:2d:9d:51:b0:f6:2a:4c:5f:52:e7:8e:e4:d1:18:
         8d:a3:a5:4c:6f:45:b8:d8:7b:06:e2:38:13:b8:82:a0:4b:f4:
         6d:67:42:eb:46:7f:ee:2a:3a:f2:f9:b8:be:2a:70:bc:a5:fa:
         d1:dc:32:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6I7OVHLT7D+aA1U7hgwiXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNjAyMTUyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDdmMzY5ZmNlZmI3NWZkNTBjZWE1NWY0NDllMTY1NzkzNWI2ZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwr1GR7AvtqjAy9OFnEt/Kxlz7wS
Q3exBF4F20lNsx6dr+qYpffm5LjFX+nJIMWtqCFf+/oRe9v7czAJKU4W9kDWAxk8
0tzHEsXr5p2CDl8438+nvpxwx+IQ6O9XJhKcVTKPSf2obw/0/wPhPdOu/D+shwyu
QAFnwTrBAq296GJkDfsygVVpi6M4rkCzt2xjPyx2YXcYjoOLpjwfllIO43fPAWfx
sj7hMDG1M1VufobwS1J9dYCpFE3cYcEW+tqULOvD9fXvEewXxyUeiynvBP0V2fIK
sQCc4C4n9Xsk62jcL6/hN3NfKvMkrFtNpm+f4pCQDD9QJ0+n7pJY7y+EnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKR/Np/O+3X9UM6lX0SeFleTW2+NMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvcEg4Mm44NzdkZjFRenFWZlJKNFdWNU5iYjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxfMA0G
CSqGSIb3DQEBCwUAA4IBAQB3mPBifOBQA5IChCexzvvwv+L8N922mccvfrEQFUgw
F9+AfPBjcdbYN/uBYKHPHZ/686Esz3xBgvcs5sTf1IscULM1hJEe10aRe6soBmCl
ecqkxErvGoyiyz7mRv9sVLL7z1+mwrUUeCp10UlLHyAkNSVL5U/zBPTlzsu/5HAV
8Gu9BzR9GNu1WIt6aU220wpVCvKddn9hQucdEkPyDMBTfPF4HZpJnfn2JMDUTPxr
UZplhnKgT16mdMcaDBDxJfdIY2HwDK36Bd8SLZ1RsPYqTF9S547k0RiNo6VMb0W4
2HsG4jgTuIKgS/RtZ0LrRn/uKjry+bi+KnC8pfrR3DI7
-----END CERTIFICATE-----