Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/rwlvB_VgdIL7xx3fg1zUzG7Lmvk.roa
File:                     rwlvB_VgdIL7xx3fg1zUzG7Lmvk.roa (raw, json)
Hash identifier:          Dzsj11IT+d0KSr0YpBwndQ2B8rxfuaWJQea/BdKgCIM=
Subject key identifier:   AF:09:6F:07:F5:60:74:82:FB:C7:1D:DF:83:5C:D4:CC:6E:CB:9A:F9
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DAA00511AF51EAEE4BED6AC16C43CF914
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/rwlvB_VgdIL7xx3fg1zUzG7Lmvk.roa
Signing time:             Mon 20 Apr 2026 08:27:20 +0000
ROA not before:           Mon 20 Apr 2026 08:27:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216224
IP address blocks:        191.44.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 18:41:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:00:51:1a:f5:1e:ae:e4:be:d6:ac:16:c4:3c:f9:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 20 08:27:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af096f07f5607482fbc71ddf835cd4cc6ecb9af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:17:54:0e:43:7e:9b:82:f3:2c:db:da:8d:e5:
                    82:da:aa:1a:6c:c8:b3:e5:22:39:59:11:a7:e1:df:
                    4f:4e:34:a9:78:a0:d1:8a:19:11:e5:b6:0b:9e:d6:
                    02:7a:45:eb:0c:3c:7d:17:85:14:4e:eb:71:74:e1:
                    68:26:2f:60:d4:b5:8c:d2:47:77:66:7d:8e:76:33:
                    9b:dd:df:1b:6d:8e:9d:eb:f6:64:0a:76:74:ab:7f:
                    88:b8:cf:be:4f:93:fb:fc:48:b5:20:a1:cf:7d:3c:
                    f6:5d:68:ec:3f:2b:68:34:f1:d5:d1:5d:c0:aa:04:
                    b1:2c:cb:06:c3:f9:d1:c6:d2:c5:59:a9:73:bd:60:
                    35:6f:47:e7:6e:67:d5:d3:26:45:84:52:b2:1d:b7:
                    15:c5:91:7b:aa:1d:8d:b2:71:7d:b6:71:e7:fa:8d:
                    97:26:3e:d3:89:8e:a5:09:64:15:c8:74:a3:e1:a0:
                    55:cb:2c:26:1e:d9:2e:b3:c7:42:e8:5f:15:ef:0b:
                    6e:f2:73:e9:ab:f0:86:6e:8b:99:e9:5c:60:c9:d7:
                    d6:3d:19:cb:36:fe:f2:79:a2:c3:ec:73:8d:e3:ef:
                    96:f8:38:eb:07:6d:34:1b:47:61:4e:a9:4d:c6:a5:
                    db:02:42:8d:6e:83:c9:44:da:03:66:ad:59:7b:be:
                    ef:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:09:6F:07:F5:60:74:82:FB:C7:1D:DF:83:5C:D4:CC:6E:CB:9A:F9
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/rwlvB_VgdIL7xx3fg1zUzG7Lmvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:02:0f:92:02:c0:08:0c:32:29:3a:85:35:69:81:f6:6a:cf:
         83:bd:17:7c:3f:a2:12:91:3b:77:2c:73:db:e8:4f:f1:6a:3b:
         ad:bf:70:76:b1:34:31:5b:54:13:f8:c5:0a:d4:3a:f7:05:c5:
         38:fa:08:c4:ae:b4:48:a9:22:b9:05:db:14:8e:34:11:3d:b7:
         e7:04:bb:8c:27:2d:c8:fe:87:ed:8b:df:be:a9:36:17:c5:06:
         8c:62:29:3f:6b:ff:32:c6:e3:61:7f:a3:cd:ff:dd:0e:ab:6b:
         08:2e:35:a2:08:7a:92:1c:94:f6:e2:df:46:1a:56:16:63:79:
         e8:14:6c:67:77:b1:2b:dd:07:15:79:11:60:ea:71:4b:49:3b:
         6a:de:60:2e:6d:2c:83:96:49:f0:c9:29:5b:1f:9b:c1:02:95:
         2e:3a:34:83:ff:1f:e6:96:39:20:80:07:04:21:a9:58:c2:c7:
         39:88:0e:09:ac:ad:05:cf:4e:62:ce:8b:6f:71:e3:9c:f7:c1:
         c1:c7:f2:8e:f6:a3:32:36:07:af:01:5a:b3:9a:e4:77:39:9e:
         3b:63:51:66:ad:4e:89:f2:a0:4f:db:3c:f5:bd:3b:cb:89:f7:
         04:7d:4d:d6:4c:a5:f9:66:a0:72:39:0f:cd:3f:06:84:9a:2e:
         f2:65:e4:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2qAFEa9R6u5L7WrBbEPPkUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDIwMDgyNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjA5NmYwN2Y1NjA3NDgyZmJjNzFkZGY4MzVjZDRjYzZlY2I5YWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhdUDkN+m4LzLNvajeWC2qoabMiz
5SI5WRGn4d9PTjSpeKDRihkR5bYLntYCekXrDDx9F4UUTutxdOFoJi9g1LWM0kd3
Zn2OdjOb3d8bbY6d6/ZkCnZ0q3+IuM++T5P7/Ei1IKHPfTz2XWjsPytoNPHV0V3A
qgSxLMsGw/nRxtLFWalzvWA1b0fnbmfV0yZFhFKyHbcVxZF7qh2NsnF9tnHn+o2X
Jj7TiY6lCWQVyHSj4aBVyywmHtkus8dC6F8V7wtu8nPpq/CGbouZ6VxgydfWPRnL
Nv7yeaLD7HON4++W+DjrB200G0dhTqlNxqXbAkKNboPJRNoDZq1Ze77vlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8Jbwf1YHSC+8cd34Nc1Mxuy5r5MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvcndsdkJfVmdkSUw3eHgzZmcxelV6RzdMbXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxLMA0G
CSqGSIb3DQEBCwUAA4IBAQC3Ag+SAsAIDDIpOoU1aYH2as+DvRd8P6ISkTt3LHPb
6E/xajutv3B2sTQxW1QT+MUK1Dr3BcU4+gjErrRIqSK5BdsUjjQRPbfnBLuMJy3I
/ofti9++qTYXxQaMYik/a/8yxuNhf6PN/90Oq2sILjWiCHqSHJT24t9GGlYWY3no
FGxnd7Er3QcVeRFg6nFLSTtq3mAubSyDlknwySlbH5vBApUuOjSD/x/mljkggAcE
IalYwsc5iA4JrK0Fz05izotvceOc98HBx/KO9qMyNgevAVqzmuR3OZ47Y1FmrU6J
8qBP2zz1vTvLifcEfU3WTKX5ZqByOQ/NPwaEmi7yZeSP
-----END CERTIFICATE-----