Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SnRjh7mFY3ZtqKgpRUVND4GTCfQ.roa
File:                     SnRjh7mFY3ZtqKgpRUVND4GTCfQ.roa (raw, json)
Hash identifier:          lEs2Fv20mbhy3waE5I1sqd+O7RdDwyYkt+KG96yZ2vY=
Subject key identifier:   4A:74:63:87:B9:85:63:76:6D:A8:A8:29:45:45:4D:0F:81:93:09:F4
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DE90F54B33F864B157F4A04BB97CF9642
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SnRjh7mFY3ZtqKgpRUVND4GTCfQ.roa
Signing time:             Sat 02 May 2026 14:19:49 +0000
ROA not before:           Sat 02 May 2026 14:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51559
IP address blocks:        191.44.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e9:0f:54:b3:3f:86:4b:15:7f:4a:04:bb:97:cf:96:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: May  2 14:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a746387b98563766da8a82945454d0f819309f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:54:ae:0f:f9:9c:66:b4:4e:f6:90:7a:c0:47:
                    4d:d7:9a:60:b0:44:ac:d8:b2:50:5a:c9:38:14:7d:
                    e9:01:ed:ec:4f:78:5a:36:f2:f7:fd:10:04:27:a6:
                    61:db:22:6e:6c:e8:36:5a:a2:c2:b0:11:03:b3:ce:
                    5a:82:b5:b8:97:56:4b:e4:d1:ab:d0:5b:ae:a3:7f:
                    91:72:4a:9b:10:46:d6:3e:34:7a:e1:02:7d:fd:91:
                    f7:1d:e0:cb:8e:ff:42:55:7f:cf:48:67:97:c5:7c:
                    cc:16:1b:6e:25:05:c3:28:29:7a:1e:0d:2c:8b:d5:
                    84:91:11:0b:d6:1f:f4:68:af:d0:d6:09:cc:7c:f3:
                    ff:ac:14:7c:ec:04:d2:24:b1:0a:ad:d6:51:9d:b2:
                    70:6b:f7:22:28:e8:c6:99:11:ad:64:9c:23:8a:68:
                    e8:ff:af:4f:e4:9f:65:8c:7b:a5:6c:c5:72:53:2d:
                    58:ef:17:64:81:69:65:15:7b:ff:84:c1:4a:f2:ec:
                    e9:33:6a:79:d0:45:86:b7:cc:7f:7a:f9:d0:5b:a8:
                    ea:05:76:3c:f8:1a:d4:46:2a:9f:34:f7:04:fa:5e:
                    ef:89:ba:55:82:72:b9:14:31:7e:76:05:74:43:8d:
                    66:8c:ab:92:11:b7:93:39:78:68:08:fc:78:18:cd:
                    d3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:74:63:87:B9:85:63:76:6D:A8:A8:29:45:45:4D:0F:81:93:09:F4
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/SnRjh7mFY3ZtqKgpRUVND4GTCfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:15:02:2c:9b:97:e4:0e:5e:95:42:06:10:de:ac:6c:ff:b4:
         e9:29:6e:29:64:10:4a:9c:f5:f4:02:37:22:73:35:42:74:90:
         56:42:41:fc:95:fc:57:bf:3f:7d:92:8b:81:e9:a0:5c:18:d1:
         85:e0:af:d9:01:7b:ca:20:91:6d:e6:59:e5:fd:5a:83:6c:92:
         0f:ee:e5:b2:3c:71:6a:c3:80:82:0c:77:26:b3:67:eb:b1:b0:
         af:aa:64:4f:86:95:65:91:6e:21:0e:b6:a7:ca:d3:1f:59:ca:
         20:67:c8:60:21:3b:65:f8:78:d2:b0:9b:c3:63:40:e7:cb:ae:
         8a:c0:af:b9:dd:3b:e2:70:c2:e4:8a:e6:17:88:d6:59:b0:98:
         31:6a:6a:cc:0a:56:7f:a8:8b:f7:bf:ff:c0:cc:f4:26:11:50:
         1a:4d:5e:29:07:53:d3:0f:21:0d:84:1b:fc:05:e2:bd:b0:35:
         4b:9e:55:9a:6e:41:a5:30:70:33:e3:05:c8:48:34:37:a0:98:
         1a:bb:01:5a:89:b6:17:ff:b1:9a:6c:6f:ab:25:7f:5a:46:b6:
         8a:46:54:79:45:d3:1f:68:40:ad:e3:91:13:b4:75:bb:5c:e2:
         4c:03:ab:d1:9d:a2:70:32:2c:71:28:38:ea:8b:b6:a9:0e:d6:
         8f:86:91:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3pD1SzP4ZLFX9KBLuXz5ZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNTAyMTQxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc0NjM4N2I5ODU2Mzc2NmRhOGE4Mjk0NTQ1NGQwZjgxOTMwOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1SuD/mcZrRO9pB6wEdN15pgsESs
2LJQWsk4FH3pAe3sT3haNvL3/RAEJ6Zh2yJubOg2WqLCsBEDs85agrW4l1ZL5NGr
0Fuuo3+RckqbEEbWPjR64QJ9/ZH3HeDLjv9CVX/PSGeXxXzMFhtuJQXDKCl6Hg0s
i9WEkREL1h/0aK/Q1gnMfPP/rBR87ATSJLEKrdZRnbJwa/ciKOjGmRGtZJwjimjo
/69P5J9ljHulbMVyUy1Y7xdkgWllFXv/hMFK8uzpM2p50EWGt8x/evnQW6jqBXY8
+BrURiqfNPcE+l7vibpVgnK5FDF+dgV0Q41mjKuSEbeTOXhoCPx4GM3TCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEp0Y4e5hWN2baioKUVFTQ+Bkwn0MB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvU25Samg3bUZZM1p0cUtncFJVVk5ENEdUQ2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyx4MA0G
CSqGSIb3DQEBCwUAA4IBAQAUFQIsm5fkDl6VQgYQ3qxs/7TpKW4pZBBKnPX0Ajci
czVCdJBWQkH8lfxXvz99kouB6aBcGNGF4K/ZAXvKIJFt5lnl/VqDbJIP7uWyPHFq
w4CCDHcms2frsbCvqmRPhpVlkW4hDranytMfWcogZ8hgITtl+HjSsJvDY0Dny66K
wK+53TvicMLkiuYXiNZZsJgxamrMClZ/qIv3v//AzPQmEVAaTV4pB1PTDyENhBv8
BeK9sDVLnlWabkGlMHAz4wXISDQ3oJgauwFaibYX/7GabG+rJX9aRraKRlR5RdMf
aECt45ETtHW7XOJMA6vRnaJwMixxKDjqi7apDtaPhpHr
-----END CERTIFICATE-----