Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/c9rAo0EmNEjHl-r5VQD1G12O7fE.roa
File:                     c9rAo0EmNEjHl-r5VQD1G12O7fE.roa (raw, json)
Hash identifier:          MhVSyyrZG4aTJFZKHlSu1nxe0q5tXAhm/l6ss8T1Dlc=
Subject key identifier:   73:DA:C0:A3:41:26:34:48:C7:97:EA:F9:55:00:F5:1B:5D:8E:ED:F1
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DBFDDF1ADCA96D7160A9B3BF150CF30FC
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/c9rAo0EmNEjHl-r5VQD1G12O7fE.roa
Signing time:             Fri 24 Apr 2026 14:21:26 +0000
ROA not before:           Fri 24 Apr 2026 14:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214578
IP address blocks:        191.44.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 12:59:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:dd:f1:ad:ca:96:d7:16:0a:9b:3b:f1:50:cf:30:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 24 14:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73dac0a341263448c797eaf95500f51b5d8eedf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:32:3e:79:6a:3d:03:61:bf:07:bd:f1:b0:
                    24:c6:92:f5:b9:99:78:2a:cf:1e:d2:c3:e2:51:1b:
                    80:af:f0:c1:97:40:53:e6:cf:de:02:74:a2:e6:a6:
                    3f:df:89:9b:40:11:3c:0a:6b:fc:77:6f:e1:29:e0:
                    44:8b:c1:7d:51:eb:5a:18:68:57:f9:10:71:50:65:
                    cf:a4:af:4a:b4:7e:d2:9f:e2:bd:a7:0d:54:89:12:
                    2f:5b:9d:51:d0:23:85:a4:49:fd:6d:6a:51:4e:8e:
                    c2:7c:eb:f2:88:80:54:07:ef:6f:ac:fe:1d:5f:28:
                    14:ed:52:d9:97:50:9b:84:1e:8c:a6:4d:bf:af:25:
                    ad:a6:4b:b7:29:43:e5:42:aa:e3:52:e0:e1:c6:6e:
                    c6:83:4c:61:20:28:60:b3:8d:13:6c:7c:2a:d2:66:
                    07:74:ba:fb:7b:49:08:c0:93:f7:a7:4b:05:b1:5a:
                    09:b2:fe:26:ee:05:38:a2:7b:5d:4b:e0:1f:43:1f:
                    b4:52:8b:9a:db:0d:84:0b:aa:1d:0f:53:8c:99:5b:
                    cc:f4:20:60:a0:1f:bb:88:83:8b:6b:3d:36:2d:3d:
                    5f:ed:99:a4:82:50:39:6d:36:8f:ae:48:e0:27:f9:
                    2a:8a:fd:5b:7d:50:4c:b5:80:58:bb:67:5f:c7:52:
                    d3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DA:C0:A3:41:26:34:48:C7:97:EA:F9:55:00:F5:1B:5D:8E:ED:F1
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/c9rAo0EmNEjHl-r5VQD1G12O7fE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:42:7c:bc:02:e0:45:97:17:94:a5:40:73:ea:5a:82:6b:24:
         43:2b:3c:ba:c1:97:c9:38:57:f3:17:c6:71:7f:31:08:4e:b5:
         68:30:70:01:b6:eb:a5:40:8c:5a:ec:55:64:9c:d5:77:8c:3d:
         5e:df:ad:6b:79:d7:64:b3:f8:26:1c:37:d5:2c:f7:f6:7e:60:
         5f:6e:19:e6:25:a4:19:d9:cb:27:ba:ba:e0:28:d2:3e:2b:c4:
         ab:fd:2f:ce:90:15:42:d0:2b:03:6f:6f:ec:fa:b5:3d:c0:3c:
         12:3b:1d:66:b0:e3:ce:8c:6c:ca:03:88:f9:76:0e:82:cc:84:
         17:3e:03:5d:2e:0f:24:bc:41:47:2f:d2:29:85:2d:34:6f:64:
         a3:d4:24:35:61:c8:14:a8:e1:66:04:b5:bf:6f:86:84:15:41:
         2c:ff:96:63:e5:f2:1f:a7:ce:6d:d0:84:e9:4d:fe:a4:a1:b7:
         68:5a:01:97:0f:23:83:a7:8f:00:5f:e2:6f:0c:c2:df:ac:91:
         f2:ff:70:cb:bd:29:e2:4f:88:48:9c:af:1d:1a:c7:93:8e:e0:
         00:6f:b0:08:b5:3a:6b:5d:75:34:56:cf:39:83:b5:14:84:59:
         ff:7b:3c:22:e6:0b:d0:aa:26:7c:f6:e9:60:63:c8:c6:17:77:
         66:23:c6:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/3fGtypbXFgqbO/FQzzD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDI0MTQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2RhYzBhMzQxMjYzNDQ4Yzc5N2VhZjk1NTAwZjUxYjVkOGVlZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudAyPnlqPQNhvwe98bAkxpL1uZl4
Ks8e0sPiURuAr/DBl0BT5s/eAnSi5qY/34mbQBE8Cmv8d2/hKeBEi8F9UetaGGhX
+RBxUGXPpK9KtH7Sn+K9pw1UiRIvW51R0COFpEn9bWpRTo7CfOvyiIBUB+9vrP4d
XygU7VLZl1CbhB6Mpk2/ryWtpku3KUPlQqrjUuDhxm7Gg0xhIChgs40TbHwq0mYH
dLr7e0kIwJP3p0sFsVoJsv4m7gU4ontdS+AfQx+0Uoua2w2EC6odD1OMmVvM9CBg
oB+7iIOLaz02LT1f7ZmkglA5bTaPrkjgJ/kqiv1bfVBMtYBYu2dfx1LTQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPawKNBJjRIx5fq+VUA9Rtdju3xMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvYzlyQW8wRW1ORWpIbC1yNVZRRDFHMTJPN2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxUMA0G
CSqGSIb3DQEBCwUAA4IBAQBoQny8AuBFlxeUpUBz6lqCayRDKzy6wZfJOFfzF8Zx
fzEITrVoMHABtuulQIxa7FVknNV3jD1e361reddks/gmHDfVLPf2fmBfbhnmJaQZ
2csnurrgKNI+K8Sr/S/OkBVC0CsDb2/s+rU9wDwSOx1msOPOjGzKA4j5dg6CzIQX
PgNdLg8kvEFHL9IphS00b2Sj1CQ1YcgUqOFmBLW/b4aEFUEs/5Zj5fIfp85t0ITp
Tf6kobdoWgGXDyODp48AX+JvDMLfrJHy/3DLvSniT4hInK8dGseTjuAAb7AItTpr
XXU0Vs85g7UUhFn/ezwi5gvQqiZ89ulgY8jGF3dmI8aA
-----END CERTIFICATE-----