Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/uoAmCYb4JGma3FeQH3_YGCuhsJw.roa
File:                     uoAmCYb4JGma3FeQH3_YGCuhsJw.roa (raw, json)
Hash identifier:          EcH49+F0N5aQG4uqhNbGiVfV1+BO1VpTeFehTTxWi2g=
Subject key identifier:   BA:80:26:09:86:F8:24:69:9A:DC:57:90:1F:7F:D8:18:2B:A1:B0:9C
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019DC431BADEDC7EB8522336AE2302DC762B
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/uoAmCYb4JGma3FeQH3_YGCuhsJw.roa
Signing time:             Sat 25 Apr 2026 10:31:26 +0000
ROA not before:           Sat 25 Apr 2026 10:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153522
IP address blocks:        191.44.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c4:31:ba:de:dc:7e:b8:52:23:36:ae:23:02:dc:76:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 25 10:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba80260986f824699adc57901f7fd8182ba1b09c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:75:22:76:5c:b6:7a:87:6d:ed:e0:a4:e2:0d:
                    ce:85:05:4c:e8:15:61:d8:ea:98:f8:4a:04:a7:42:
                    59:fa:62:92:7f:4c:6d:cd:43:8a:9e:a5:31:e3:36:
                    88:51:0c:1e:0c:58:b9:2f:23:50:b5:87:af:a0:71:
                    92:7f:8f:76:bc:26:02:4c:1b:83:1b:2c:4b:b7:9f:
                    89:be:78:51:45:23:6c:86:87:be:4d:9d:57:d5:98:
                    7d:e5:b7:3a:0a:c1:9b:b1:79:af:df:de:cf:bc:5b:
                    c9:fe:fb:4b:e3:eb:f9:b1:4a:39:69:a9:8a:0c:f0:
                    2c:c2:01:ce:59:ce:f9:37:eb:41:04:c3:24:7c:7d:
                    f1:55:bd:d6:85:52:1f:2c:e1:80:54:03:2f:2e:bf:
                    8d:0f:6e:9e:a1:58:96:58:64:92:34:38:69:bc:9a:
                    f8:aa:57:5b:ef:dc:b0:4c:1b:7e:21:5c:89:25:ae:
                    9d:df:c2:61:44:43:e7:7e:4d:66:02:d3:35:11:f2:
                    11:57:f9:ca:e2:e9:b0:50:23:23:86:b7:16:cc:21:
                    14:2b:de:0b:cd:9f:1f:9b:c5:78:7a:43:a9:55:5b:
                    40:9a:1a:61:b6:3e:c4:90:b1:4e:b4:e4:3c:b5:f2:
                    f1:60:c8:98:62:d8:cb:2b:af:7b:78:ac:3d:e2:29:
                    a2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:80:26:09:86:F8:24:69:9A:DC:57:90:1F:7F:D8:18:2B:A1:B0:9C
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/uoAmCYb4JGma3FeQH3_YGCuhsJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ae:55:1b:47:eb:ab:20:a7:64:5d:d3:88:97:c6:30:0f:05:
         a0:53:fa:8b:17:18:f3:a4:d4:4c:24:86:2a:3b:2f:df:78:01:
         7b:6b:fe:1f:85:da:91:5d:23:a0:54:d6:ae:0b:ef:43:73:3a:
         fd:0e:eb:21:89:0e:2d:0b:e1:10:fa:6e:43:2a:7a:0d:bb:d5:
         32:79:bb:10:63:6c:9e:ff:39:cc:99:e9:33:da:8f:80:a0:b3:
         fc:fe:fd:36:24:27:36:7c:20:08:37:b5:8f:65:19:cb:a2:64:
         3b:c1:e4:7f:49:f3:be:0b:27:8d:58:6b:99:a5:ac:b0:78:dc:
         3c:d5:57:b0:68:55:ab:fd:05:bc:74:11:fd:f5:42:5e:be:ce:
         ae:5b:37:a8:08:28:fa:1b:aa:0f:64:6f:bf:98:21:e0:7a:14:
         f5:37:98:66:d0:76:0b:b7:b1:64:90:09:46:81:3e:0b:6c:c7:
         b0:07:64:2b:9c:39:80:19:ad:d9:25:54:ff:24:45:7f:3e:7b:
         1c:89:6d:04:b7:e5:34:67:7e:ea:fe:03:1a:5b:37:7b:24:c9:
         86:67:28:8b:78:60:de:07:15:11:8d:0a:8a:29:6d:6c:e4:da:
         53:d2:94:f5:94:64:75:44:5e:96:a9:9e:ad:07:e4:30:3d:e6:
         67:d4:f4:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3EMbre3H64UiM2riMC3HYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDI1MTAzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTgwMjYwOTg2ZjgyNDY5OWFkYzU3OTAxZjdmZDgxODJiYTFiMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3Uidly2eodt7eCk4g3OhQVM6BVh
2OqY+EoEp0JZ+mKSf0xtzUOKnqUx4zaIUQweDFi5LyNQtYevoHGSf492vCYCTBuD
GyxLt5+JvnhRRSNshoe+TZ1X1Zh95bc6CsGbsXmv397PvFvJ/vtL4+v5sUo5aamK
DPAswgHOWc75N+tBBMMkfH3xVb3WhVIfLOGAVAMvLr+ND26eoViWWGSSNDhpvJr4
qldb79ywTBt+IVyJJa6d38JhREPnfk1mAtM1EfIRV/nK4umwUCMjhrcWzCEUK94L
zZ8fm8V4ekOpVVtAmhphtj7EkLFOtOQ8tfLxYMiYYtjLK697eKw94imiGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqAJgmG+CRpmtxXkB9/2BgrobCcMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvdW9BbUNZYjRKR21hM0ZlUUgzX1lHQ3Voc0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxXMA0G
CSqGSIb3DQEBCwUAA4IBAQAIrlUbR+urIKdkXdOIl8YwDwWgU/qLFxjzpNRMJIYq
Oy/feAF7a/4fhdqRXSOgVNauC+9Dczr9DushiQ4tC+EQ+m5DKnoNu9UyebsQY2ye
/znMmekz2o+AoLP8/v02JCc2fCAIN7WPZRnLomQ7weR/SfO+CyeNWGuZpayweNw8
1VewaFWr/QW8dBH99UJevs6uWzeoCCj6G6oPZG+/mCHgehT1N5hm0HYLt7FkkAlG
gT4LbMewB2QrnDmAGa3ZJVT/JEV/PnsciW0Et+U0Z37q/gMaWzd7JMmGZyiLeGDe
BxURjQqKKW1s5NpT0pT1lGR1RF6WqZ6tB+QwPeZn1PSY
-----END CERTIFICATE-----