Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/7nbejW5fYHHE3btqjYskr_48NAY.roa
File:                     7nbejW5fYHHE3btqjYskr_48NAY.roa (raw, json)
Hash identifier:          HlkQWca9DpuryMz27HyPFtCZTaPD1lm9ROsyp1H4SUU=
Subject key identifier:   EE:76:DE:8D:6E:5F:60:71:C4:DD:BB:6A:8D:8B:24:AF:FE:3C:34:06
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019E017E1E53968C11E3036B5A7AB555F5C1
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/7nbejW5fYHHE3btqjYskr_48NAY.roa
Signing time:             Thu 07 May 2026 08:11:42 +0000
ROA not before:           Thu 07 May 2026 08:11:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        191.44.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:7e:1e:53:96:8c:11:e3:03:6b:5a:7a:b5:55:f5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May  7 08:11:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee76de8d6e5f6071c4ddbb6a8d8b24affe3c3406
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:22:3c:52:fe:ea:11:6b:d4:84:29:4a:23:0b:
                    84:86:b0:62:ff:d2:bd:79:cc:b4:0f:ab:44:32:10:
                    9a:1f:5e:f1:ff:2a:9d:99:08:c0:9a:d3:2c:d9:f7:
                    fa:6e:9d:51:78:10:1c:63:c8:a8:7b:8c:91:7d:7c:
                    61:53:ed:5d:8a:7a:e6:36:97:95:3b:50:ac:48:ee:
                    76:4e:a3:55:ca:e7:42:16:56:43:4e:21:e7:c5:7a:
                    34:fa:8a:f6:f7:07:9d:42:e4:e4:06:5f:a7:d3:f0:
                    b3:bb:3d:b5:f3:08:ac:43:a3:55:29:8f:ed:0f:e8:
                    be:f5:3b:9d:8b:22:9d:2b:86:45:2b:ca:67:fe:47:
                    ee:e0:3b:c7:03:1a:e7:08:b2:0e:45:78:a2:53:74:
                    2d:a2:ed:29:d0:81:ff:9c:fe:50:56:6c:49:8a:0f:
                    b5:af:33:f8:a2:ab:0d:a4:e8:01:36:70:6f:9e:c9:
                    a2:13:48:10:f1:b8:f9:47:66:a1:88:4f:8b:9e:d1:
                    6e:95:69:48:b4:5e:6c:ad:b8:43:a4:bd:cc:87:56:
                    ca:7f:d3:65:d5:41:7c:65:f1:1d:bb:23:c7:2b:a2:
                    db:58:5f:c7:4a:22:38:da:74:75:e3:8d:71:5b:4b:
                    ad:6e:cf:d1:85:b3:1f:2a:ea:8e:ac:48:bf:e4:d8:
                    79:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:76:DE:8D:6E:5F:60:71:C4:DD:BB:6A:8D:8B:24:AF:FE:3C:34:06
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/7nbejW5fYHHE3btqjYskr_48NAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:b9:91:3f:f0:45:35:df:18:20:4a:5a:e4:c1:52:d3:ef:d6:
         d6:88:ea:c2:c8:4e:f9:de:b6:d4:e2:7b:4b:1e:41:67:9a:31:
         f4:31:3b:7e:6e:98:3a:d3:a8:24:9e:82:c0:39:fc:eb:58:c5:
         14:93:0f:3a:44:7c:42:22:b0:f9:51:c3:4c:ba:00:47:be:65:
         9c:ee:ef:c0:80:7b:bb:e2:68:6c:4f:97:bc:55:1c:18:12:53:
         91:9c:c3:34:61:48:5b:7c:33:f8:c5:17:0d:5d:91:e3:fb:88:
         d2:8d:45:9e:d3:19:85:4d:51:da:0c:a2:6e:4b:ab:0c:3c:f7:
         be:1f:07:28:e2:aa:51:6b:de:01:cc:6e:36:e7:cf:00:f4:a0:
         c0:35:35:d9:27:8a:93:f3:15:eb:09:59:72:e0:76:72:b4:3d:
         f5:55:b0:e6:35:97:ac:90:4e:c5:af:f3:8f:95:b1:7e:da:0b:
         71:44:4c:db:b8:a5:a5:9c:5d:b2:36:b8:bc:8c:a9:c2:2f:e7:
         9a:6f:8e:9a:f3:b8:b0:05:95:a8:45:d9:5a:a2:fe:fe:13:67:
         1d:0a:91:94:1d:92:76:4e:2c:c6:63:21:e2:2a:ba:23:3b:79:
         34:83:35:b9:33:7a:4d:80:3b:ae:7c:d3:48:99:45:27:ae:04:
         94:e7:77:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Bfh5TlowR4wNrWnq1VfXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTA3MDgxMTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc2ZGU4ZDZlNWY2MDcxYzRkZGJiNmE4ZDhiMjRhZmZlM2MzNDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyI8Uv7qEWvUhClKIwuEhrBi/9K9
ecy0D6tEMhCaH17x/yqdmQjAmtMs2ff6bp1ReBAcY8ioe4yRfXxhU+1dinrmNpeV
O1CsSO52TqNVyudCFlZDTiHnxXo0+or29wedQuTkBl+n0/Czuz218wisQ6NVKY/t
D+i+9TudiyKdK4ZFK8pn/kfu4DvHAxrnCLIORXiiU3Qtou0p0IH/nP5QVmxJig+1
rzP4oqsNpOgBNnBvnsmiE0gQ8bj5R2ahiE+LntFulWlItF5srbhDpL3Mh1bKf9Nl
1UF8ZfEduyPHK6LbWF/HSiI42nR1441xW0utbs/RhbMfKuqOrEi/5Nh5LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO523o1uX2BxxN27ao2LJK/+PDQGMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvN25iZWpXNWZZSEhFM2J0cWpZc2tyXzQ4TkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxQMA0G
CSqGSIb3DQEBCwUAA4IBAQAOuZE/8EU13xggSlrkwVLT79bWiOrCyE753rbU4ntL
HkFnmjH0MTt+bpg606gknoLAOfzrWMUUkw86RHxCIrD5UcNMugBHvmWc7u/AgHu7
4mhsT5e8VRwYElORnMM0YUhbfDP4xRcNXZHj+4jSjUWe0xmFTVHaDKJuS6sMPPe+
Hwco4qpRa94BzG42588A9KDANTXZJ4qT8xXrCVly4HZytD31VbDmNZeskE7Fr/OP
lbF+2gtxREzbuKWlnF2yNri8jKnCL+eab46a87iwBZWoRdlaov7+E2cdCpGUHZJ2
TizGYyHiKrojO3k0gzW5M3pNgDuufNNImUUnrgSU53dA
-----END CERTIFICATE-----