Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/aFo7O0fFwgQXegvkfL92mW-s4oQ.roa
File:                     aFo7O0fFwgQXegvkfL92mW-s4oQ.roa (raw, json)
Hash identifier:          JwPvNbbv8zXsoA37xp0t914U5rIu6z8P0o4Ua6HueKM=
Subject key identifier:   68:5A:3B:3B:47:C5:C2:04:17:7A:0B:E4:7C:BF:76:99:6F:AC:E2:84
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DE0414CEA1DB58802E634F38535C54182
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/aFo7O0fFwgQXegvkfL92mW-s4oQ.roa
Signing time:             Thu 30 Apr 2026 21:17:49 +0000
ROA not before:           Thu 30 Apr 2026 21:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34989
IP address blocks:        191.44.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e0:41:4c:ea:1d:b5:88:02:e6:34:f3:85:35:c5:41:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 30 21:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=685a3b3b47c5c204177a0be47cbf76996face284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:27:19:73:0f:5d:13:83:dc:ce:f4:a7:9e:ae:
                    20:82:59:17:7d:78:d3:ac:ca:18:68:52:65:dc:73:
                    db:b1:b1:3f:ed:85:02:fd:7d:62:f3:5d:63:7b:f9:
                    47:48:50:a0:ee:ea:80:6a:cd:de:ee:63:0e:55:82:
                    56:e2:f6:94:26:22:61:46:80:70:69:36:24:51:9f:
                    16:77:12:fc:82:60:32:db:b5:c3:1b:ea:fb:04:8a:
                    51:87:0f:cc:12:5c:67:68:12:b8:50:a7:a7:52:a7:
                    02:65:1b:4e:75:07:ce:dc:e8:a2:55:31:ad:a0:c6:
                    d8:1a:e5:97:e5:0d:ca:75:d5:84:65:74:b3:57:50:
                    17:3b:50:ce:69:19:14:f2:e1:08:d6:28:88:85:2d:
                    cb:d1:1e:66:d7:6e:a8:39:a6:b4:c8:19:9e:f9:c5:
                    84:ee:46:3b:21:d9:6e:39:f4:2d:b2:d9:6e:24:cd:
                    96:90:ad:33:2b:58:5a:e0:c1:c6:f2:52:ad:5d:ab:
                    43:09:d2:cf:77:41:fc:72:f1:79:9b:5b:1a:89:94:
                    e7:b1:bd:48:00:64:20:69:05:ea:41:36:86:9d:ea:
                    2c:a1:8c:4d:59:b2:d2:f6:af:ff:ca:e1:a1:80:e1:
                    1f:b7:04:34:19:94:51:8f:0d:1b:64:66:1f:56:5c:
                    d8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5A:3B:3B:47:C5:C2:04:17:7A:0B:E4:7C:BF:76:99:6F:AC:E2:84
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/aFo7O0fFwgQXegvkfL92mW-s4oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:23:91:e5:e8:8d:9a:92:5d:55:b8:9b:d6:06:6e:76:cf:03:
         02:f9:13:d0:61:2f:72:37:ec:0b:4f:53:61:35:55:b7:c6:9f:
         37:6a:7a:26:fd:a0:b2:a4:74:2a:e4:f5:c3:58:6a:a1:59:83:
         10:0a:71:2a:ee:8f:f0:79:2b:f8:fc:1a:35:b9:1f:53:b4:55:
         8c:a7:5f:3f:ae:4c:cb:57:8f:e5:ac:a3:d9:51:8f:1b:68:f4:
         81:4c:58:49:c9:68:b8:02:d3:f0:00:1c:f9:03:91:eb:d8:ff:
         22:fc:c3:74:1a:e5:e6:42:c9:5e:dd:88:03:0c:41:6f:bd:ad:
         ea:6d:0e:89:da:fc:48:83:6d:f6:6e:3c:15:b3:dd:54:67:07:
         c6:21:c1:28:67:4e:79:0e:d3:15:93:a4:2c:3b:b1:b9:ac:99:
         8a:6b:19:22:c6:74:be:2c:9b:95:9d:2e:e4:66:b3:a9:fa:bd:
         7c:bd:0f:c1:4e:ac:27:12:49:20:2d:ee:85:7a:39:64:9f:a9:
         83:a7:45:f0:94:e2:b9:e2:79:38:45:d9:25:b4:58:9a:80:59:
         07:96:4d:35:7d:d2:c6:64:2c:dc:b4:c3:54:01:c3:fa:51:37:
         b2:4a:6f:59:d3:0a:b1:7f:13:37:27:5e:cf:ca:29:3b:22:1b:
         9a:a4:ff:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3gQUzqHbWIAuY084U1xUGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDMwMjExNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODVhM2IzYjQ3YzVjMjA0MTc3YTBiZTQ3Y2JmNzY5OTZmYWNlMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CcZcw9dE4PczvSnnq4gglkXfXjT
rMoYaFJl3HPbsbE/7YUC/X1i811je/lHSFCg7uqAas3e7mMOVYJW4vaUJiJhRoBw
aTYkUZ8WdxL8gmAy27XDG+r7BIpRhw/MElxnaBK4UKenUqcCZRtOdQfO3OiiVTGt
oMbYGuWX5Q3KddWEZXSzV1AXO1DOaRkU8uEI1iiIhS3L0R5m126oOaa0yBme+cWE
7kY7IdluOfQtstluJM2WkK0zK1ha4MHG8lKtXatDCdLPd0H8cvF5m1saiZTnsb1I
AGQgaQXqQTaGneosoYxNWbLS9q//yuGhgOEftwQ0GZRRjw0bZGYfVlzYvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhaOztHxcIEF3oL5Hy/dplvrOKEMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvYUZvN08wZkZ3Z1FYZWd2a2ZMOTJtVy1zNG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxlMA0G
CSqGSIb3DQEBCwUAA4IBAQArI5Hl6I2akl1VuJvWBm52zwMC+RPQYS9yN+wLT1Nh
NVW3xp83anom/aCypHQq5PXDWGqhWYMQCnEq7o/weSv4/Bo1uR9TtFWMp18/rkzL
V4/lrKPZUY8baPSBTFhJyWi4AtPwABz5A5Hr2P8i/MN0GuXmQsle3YgDDEFvva3q
bQ6J2vxIg232bjwVs91UZwfGIcEoZ055DtMVk6QsO7G5rJmKaxkixnS+LJuVnS7k
ZrOp+r18vQ/BTqwnEkkgLe6Fejlkn6mDp0XwlOK54nk4RdkltFiagFkHlk01fdLG
ZCzctMNUAcP6UTeySm9Z0wqxfxM3J17Pyik7IhuapP/g
-----END CERTIFICATE-----