Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/PgevlkTAr8jU-YjWzhea_mOXIRs.roa
File:                     PgevlkTAr8jU-YjWzhea_mOXIRs.roa (raw, json)
Hash identifier:          H1qdI38PaorFRf3/HCK0UyxP5GGGKhmK0S8nXeXUz6w=
Subject key identifier:   3E:07:AF:96:44:C0:AF:C8:D4:F9:88:D6:CE:17:9A:FE:63:97:21:1B
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DD96CA549D186BC8FE2857E4FD820F5A1
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/PgevlkTAr8jU-YjWzhea_mOXIRs.roa
Signing time:             Wed 29 Apr 2026 13:27:49 +0000
ROA not before:           Wed 29 Apr 2026 13:27:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        191.44.85.0/24 maxlen: 24
                          191.44.97.0/24 maxlen: 24
                          191.44.98.0/24 maxlen: 24
                          191.44.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 12:59:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:6c:a5:49:d1:86:bc:8f:e2:85:7e:4f:d8:20:f5:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 29 13:27:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e07af9644c0afc8d4f988d6ce179afe6397211b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0f:8e:52:1b:30:20:0f:6f:32:7d:c1:ec:88:
                    29:b3:83:c9:a7:c9:7d:10:c6:a7:34:7a:16:cf:20:
                    e9:7e:b9:c9:4f:47:3e:27:ed:b1:26:ce:e2:7d:a2:
                    c8:2d:02:63:0c:64:a8:9a:ee:13:ca:52:7c:92:00:
                    6d:ac:ee:2b:31:89:cc:e1:5a:15:31:1b:88:ca:d9:
                    b0:84:25:a3:4a:79:70:75:24:68:29:30:6a:ac:73:
                    e0:f1:3d:6a:a4:e4:75:0f:5e:57:a7:4a:7b:96:5a:
                    89:11:b5:8e:22:1d:74:71:8a:85:55:9e:0f:85:20:
                    14:0c:97:8a:9c:da:b7:e2:69:93:26:39:21:b7:88:
                    c0:b2:8a:ab:73:83:5a:8e:cf:a2:c5:85:2e:bb:9d:
                    e9:e7:ff:3f:62:b8:90:d4:90:92:fa:e7:f4:e6:73:
                    9d:d2:61:96:9d:e0:d3:df:73:c2:13:89:63:6d:49:
                    d9:81:7c:19:ba:b1:d7:02:d4:10:ea:19:bf:47:00:
                    c8:21:30:5e:b9:dd:cd:5c:ef:9d:c8:cb:40:2a:ec:
                    67:83:25:7e:22:d3:11:bc:4b:36:0f:9c:20:02:7e:
                    e5:f8:1e:23:32:7f:b7:ed:8c:c7:a8:f7:fe:4d:fe:
                    a4:32:c6:31:1b:54:13:20:69:df:e9:e3:8e:71:3e:
                    d2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:07:AF:96:44:C0:AF:C8:D4:F9:88:D6:CE:17:9A:FE:63:97:21:1B
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/PgevlkTAr8jU-YjWzhea_mOXIRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.85.0/24
                  191.44.97.0-191.44.99.255

    Signature Algorithm: sha256WithRSAEncryption
         b9:70:47:fe:b0:51:57:1c:98:4b:f2:d5:e4:28:5a:c3:0c:6d:
         2b:9b:9f:9f:c3:83:9e:d9:fd:ab:00:52:b1:d1:47:7b:28:54:
         d4:5a:34:24:09:9c:a4:f4:c7:e5:2c:c9:fa:ca:58:e5:d6:f8:
         25:94:0e:79:4d:8c:15:44:75:f7:70:45:77:af:7d:0d:06:b8:
         64:07:e4:77:0c:35:fe:3c:8b:a1:d2:df:b2:81:e6:62:74:0a:
         94:86:5d:1a:58:e8:5b:c6:2a:ca:ca:6d:c3:9a:89:37:98:b8:
         ee:0b:b1:b7:ed:9d:b5:df:34:eb:2b:80:68:9d:a3:b8:e8:92:
         09:0d:4b:a2:e8:0d:28:e9:fe:4e:dc:5b:57:ef:f3:66:cf:54:
         ee:90:d1:07:e0:a3:2e:5f:44:ec:33:ca:10:e6:46:4e:af:e7:
         e7:62:cb:01:18:71:b3:58:33:e3:be:cb:e5:33:39:c0:52:5e:
         cf:b4:c3:35:a4:2e:88:23:0b:9e:7d:66:1e:de:ad:cd:67:7f:
         bc:5e:2e:b6:49:d9:d6:87:02:ff:15:24:4e:e8:c6:da:33:67:
         2a:28:90:4a:b7:f5:64:9e:41:18:78:ec:c3:8c:31:0d:e2:54:
         50:03:e4:c2:87:d0:50:db:83:86:cf:4b:b6:1c:1d:12:4b:cf:
         1b:82:35:b6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3ZbKVJ0Ya8j+KFfk/YIPWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDI5MTMyNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTA3YWY5NjQ0YzBhZmM4ZDRmOTg4ZDZjZTE3OWFmZTYzOTcyMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw+OUhswIA9vMn3B7Igps4PJp8l9
EManNHoWzyDpfrnJT0c+J+2xJs7ifaLILQJjDGSomu4TylJ8kgBtrO4rMYnM4VoV
MRuIytmwhCWjSnlwdSRoKTBqrHPg8T1qpOR1D15Xp0p7llqJEbWOIh10cYqFVZ4P
hSAUDJeKnNq34mmTJjkht4jAsoqrc4Najs+ixYUuu53p5/8/YriQ1JCS+uf05nOd
0mGWneDT33PCE4ljbUnZgXwZurHXAtQQ6hm/RwDIITBeud3NXO+dyMtAKuxngyV+
ItMRvEs2D5wgAn7l+B4jMn+37YzHqPf+Tf6kMsYxG1QTIGnf6eOOcT7StwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD4Hr5ZEwK/I1PmI1s4Xmv5jlyEbMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvUGdldmxrVEFyOGpVLVlqV3poZWFfbU9YSVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAvyxVMAwD
BAC/LGEDBAK/LGAwDQYJKoZIhvcNAQELBQADggEBALlwR/6wUVccmEvy1eQoWsMM
bSubn5/Dg57Z/asAUrHRR3soVNRaNCQJnKT0x+UsyfrKWOXW+CWUDnlNjBVEdfdw
RXevfQ0GuGQH5HcMNf48i6HS37KB5mJ0CpSGXRpY6FvGKsrKbcOaiTeYuO4Lsbft
nbXfNOsrgGido7jokgkNS6LoDSjp/k7cW1fv82bPVO6Q0Qfgoy5fROwzyhDmRk6v
5+diywEYcbNYM+O+y+UzOcBSXs+0wzWkLogjC559Zh7erc1nf7xeLrZJ2daHAv8V
JE7oxtozZyookEq39WSeQRh47MOMMQ3iVFAD5MKH0FDbg4bPS7YcHRJLzxuCNbY=
-----END CERTIFICATE-----