Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/smqVB5iS3-xOH6UZ-ZLNxj1FoPo.roa
File:                     smqVB5iS3-xOH6UZ-ZLNxj1FoPo.roa (raw, json)
Hash identifier:          G6TiKgRiRPDB2QgBjo0dGN+Wg+jI7u9eXM++c3IF/Fk=
Subject key identifier:   B2:6A:95:07:98:92:DF:EC:4E:1F:A5:19:F9:92:CD:C6:3D:45:A0:FA
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DB081C068410A9C8C71ADB9D6452CE8FD
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/smqVB5iS3-xOH6UZ-ZLNxj1FoPo.roa
Signing time:             Tue 21 Apr 2026 14:46:26 +0000
ROA not before:           Tue 21 Apr 2026 14:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215620
IP address blocks:        191.44.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 18:41:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:81:c0:68:41:0a:9c:8c:71:ad:b9:d6:45:2c:e8:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 21 14:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b26a95079892dfec4e1fa519f992cdc63d45a0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a3:5a:db:43:d6:00:a9:d0:1e:ff:bd:a1:36:
                    b7:d2:a2:88:67:fb:17:1a:51:57:8e:a8:0e:6f:b5:
                    50:2b:40:8f:81:ac:7f:18:7b:1b:9a:19:95:1e:13:
                    ae:90:a2:f4:e1:76:bf:ce:f4:99:1e:c8:6c:8b:db:
                    70:43:dc:06:79:5e:57:8d:03:44:80:c3:f4:25:14:
                    03:bb:35:29:0d:10:8d:18:dc:cd:3a:21:c1:3a:e1:
                    59:84:5d:58:6f:0b:42:9c:9d:80:e5:3e:11:b4:f3:
                    05:e8:1e:00:cd:51:b7:7f:f0:cd:33:dd:92:b2:4f:
                    04:3b:88:fb:30:2c:06:53:a2:0c:24:19:2b:9b:6e:
                    e9:20:d9:0c:3f:50:5f:ad:fc:cc:83:df:01:d0:dd:
                    b0:a7:ac:d4:6b:a3:50:6f:4c:44:f7:f4:69:0d:b0:
                    c3:40:01:a4:20:f0:65:37:4b:d6:10:cf:38:75:a2:
                    be:5c:8c:71:f4:ac:27:2a:b8:7d:20:f3:0a:d0:58:
                    92:ef:4f:ab:20:0f:43:a2:7e:d8:dd:8d:99:ef:78:
                    49:c8:fc:e7:99:76:4f:50:c5:e7:e9:d1:21:79:77:
                    c1:97:28:22:26:70:01:82:3b:ea:c7:9e:a4:9d:f2:
                    37:22:7e:ab:b2:4d:65:ae:62:66:0b:b0:c7:ac:f5:
                    03:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:6A:95:07:98:92:DF:EC:4E:1F:A5:19:F9:92:CD:C6:3D:45:A0:FA
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/smqVB5iS3-xOH6UZ-ZLNxj1FoPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d0:d8:3c:e5:bd:64:1c:6e:71:7d:0f:9d:ff:96:b0:3f:1f:
         22:79:c4:20:02:c8:db:cf:98:2d:b5:37:2b:d7:48:b8:90:b5:
         63:1f:58:03:40:f1:c1:65:6b:24:c7:4d:81:cd:a4:1e:87:e4:
         4a:30:0d:97:76:93:3e:f5:aa:36:b1:87:ac:ed:db:39:a8:de:
         42:c4:c6:57:3e:25:45:94:ed:81:18:ed:cc:4c:9e:47:31:45:
         ab:97:79:57:7d:ab:32:ed:21:4c:39:ed:f9:0e:f6:c3:18:0f:
         e6:16:35:21:18:0e:67:20:4c:30:a5:94:57:3c:4e:57:9c:86:
         75:42:f4:42:f9:b9:1f:bb:7d:80:63:0e:6b:1b:3f:ff:c3:3b:
         7a:fa:17:c3:8f:32:b2:d1:ce:5c:6f:d0:54:ab:48:53:ea:1d:
         a2:70:c7:d8:e4:ea:16:3f:bf:09:85:78:34:fa:94:f6:61:a2:
         6f:3d:04:5a:64:82:4f:a8:3b:fe:74:d1:e0:df:05:b0:30:20:
         fb:3f:7e:6c:bf:5d:65:6c:5b:9c:f5:eb:03:fb:60:6e:05:c4:
         f2:c3:75:4c:ac:9a:46:fd:bd:9a:66:df:e7:c5:f6:43:1e:a0:
         25:45:31:63:3b:7e:ca:66:38:05:41:52:00:35:04:14:2b:86:
         6e:52:fb:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2wgcBoQQqcjHGtudZFLOj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDIxMTQ0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjZhOTUwNzk4OTJkZmVjNGUxZmE1MTlmOTkyY2RjNjNkNDVhMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26Na20PWAKnQHv+9oTa30qKIZ/sX
GlFXjqgOb7VQK0CPgax/GHsbmhmVHhOukKL04Xa/zvSZHshsi9twQ9wGeV5XjQNE
gMP0JRQDuzUpDRCNGNzNOiHBOuFZhF1YbwtCnJ2A5T4RtPMF6B4AzVG3f/DNM92S
sk8EO4j7MCwGU6IMJBkrm27pINkMP1BfrfzMg98B0N2wp6zUa6NQb0xE9/RpDbDD
QAGkIPBlN0vWEM84daK+XIxx9KwnKrh9IPMK0FiS70+rIA9Don7Y3Y2Z73hJyPzn
mXZPUMXn6dEheXfBlygiJnABgjvqx56knfI3In6rsk1lrmJmC7DHrPUD9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJqlQeYkt/sTh+lGfmSzcY9RaD6MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvc21xVkI1aVMzLXhPSDZVWi1aTE54ajFGb1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxGMA0G
CSqGSIb3DQEBCwUAA4IBAQBC0Ng85b1kHG5xfQ+d/5awPx8iecQgAsjbz5gttTcr
10i4kLVjH1gDQPHBZWskx02BzaQeh+RKMA2XdpM+9ao2sYes7ds5qN5CxMZXPiVF
lO2BGO3MTJ5HMUWrl3lXfasy7SFMOe35DvbDGA/mFjUhGA5nIEwwpZRXPE5XnIZ1
QvRC+bkfu32AYw5rGz//wzt6+hfDjzKy0c5cb9BUq0hT6h2icMfY5OoWP78JhXg0
+pT2YaJvPQRaZIJPqDv+dNHg3wWwMCD7P35sv11lbFuc9esD+2BuBcTyw3VMrJpG
/b2aZt/nxfZDHqAlRTFjO37KZjgFQVIANQQUK4ZuUvur
-----END CERTIFICATE-----