Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/W2hpXQ1A0MT3GUjr32Sgc7VVf5A.roa
File:                     W2hpXQ1A0MT3GUjr32Sgc7VVf5A.roa (raw, json)
Hash identifier:          YMsNwrZXXy+QRpYjbyRstuKmR56y1+W4eNOMUM8AcKo=
Subject key identifier:   5B:68:69:5D:0D:40:D0:C4:F7:19:48:EB:DF:64:A0:73:B5:55:7F:90
Certificate issuer:       /CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
Certificate serial:       019D9BD5E9FD857DECF4064F39719D9B08B3
Authority key identifier: E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/W2hpXQ1A0MT3GUjr32Sgc7VVf5A.roa
Signing time:             Fri 17 Apr 2026 14:26:20 +0000
ROA not before:           Fri 17 Apr 2026 14:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        191.44.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:d5:e9:fd:85:7d:ec:f4:06:4f:39:71:9d:9b:08:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d1d7d43366a5b0063c37571319dfa432d1531b
        Validity
            Not Before: Apr 17 14:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b68695d0d40d0c4f71948ebdf64a073b5557f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6b:3a:ca:62:51:fa:05:3e:d0:ac:b9:e1:c5:
                    f5:66:6e:08:a6:0b:bf:29:98:67:f7:19:25:6a:88:
                    2f:f0:69:1e:81:3a:2c:fe:2c:1d:67:ee:38:7a:97:
                    2e:0f:9a:04:90:cb:64:5a:eb:4d:7a:d9:03:ba:88:
                    d6:47:57:5b:33:9e:96:cd:eb:28:25:0d:73:d4:24:
                    e2:24:96:5d:ee:56:81:b2:7b:75:46:bb:6f:0f:f7:
                    28:30:14:7d:16:eb:e4:ca:ce:dc:a0:52:5c:a9:84:
                    fb:d9:ba:a2:a0:0f:ea:15:c3:2f:14:03:2f:37:95:
                    f7:a3:53:7b:2d:6e:f6:f4:c9:40:d1:bb:c0:99:de:
                    c8:65:9a:c4:2c:d5:8c:e3:0b:62:a9:0e:6a:46:8d:
                    32:af:85:58:45:a9:6b:3a:77:f4:19:8d:82:6b:52:
                    c0:21:e3:9a:c8:33:21:ef:fb:e1:08:5c:4b:da:0c:
                    9d:61:51:dd:ca:32:99:9d:4a:e9:60:c3:52:49:9c:
                    18:27:1f:e0:c1:19:4e:d4:71:6a:5f:6d:87:ee:86:
                    56:9e:b6:e3:a8:ff:70:30:47:ec:45:b5:0c:21:d7:
                    a6:03:61:0a:98:a9:8b:5b:dc:4e:b0:1d:5d:e0:96:
                    99:51:50:42:6a:de:5d:b0:c7:33:c8:ef:c5:a5:50:
                    42:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:68:69:5D:0D:40:D0:C4:F7:19:48:EB:DF:64:A0:73:B5:55:7F:90
            X509v3 Authority Key Identifier:
                keyid:E3:D1:D7:D4:33:66:A5:B0:06:3C:37:57:13:19:DF:A4:32:D1:53:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49HX1DNmpbAGPDdXExnfpDLRUxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/W2hpXQ1A0MT3GUjr32Sgc7VVf5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/e91627-843c-49bc-9bea-f72ab03177c1/1/49HX1DNmpbAGPDdXExnfpDLRUxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:4e:f6:fb:48:a6:b8:71:f0:27:01:5d:cc:23:a6:27:4a:bf:
         78:08:1c:13:64:92:b3:22:1a:f0:6e:92:55:ce:99:4d:1a:84:
         7f:57:0d:f3:18:47:9d:52:4d:e6:59:e6:22:0b:39:11:6c:57:
         df:e2:33:b5:0d:f4:d1:33:76:a9:18:bb:1a:48:a3:09:2e:7b:
         1a:7f:7f:6d:02:fe:d4:99:ac:84:65:ff:93:95:c1:4f:fa:90:
         d5:ab:d3:92:43:4d:42:d2:25:06:72:b8:9b:8f:fe:f9:df:2e:
         4a:b1:4d:dd:21:23:d5:83:56:cc:61:ab:d2:66:e2:06:01:54:
         27:f6:65:fc:1e:9d:2f:92:fb:2a:50:a6:08:96:59:97:93:b4:
         f6:1c:26:d2:0c:22:7a:fa:cb:51:13:67:cf:ca:a6:a6:96:a3:
         62:d2:b3:90:50:f4:fb:ce:57:a0:7f:36:46:ef:8b:00:d5:25:
         32:b1:9b:ee:ce:db:80:bd:7d:e7:d4:c7:9b:65:63:f4:84:73:
         4e:4c:e0:94:e5:bc:fb:94:b5:32:c8:76:64:6f:ab:2f:1f:64:
         e3:44:3e:c1:c3:0a:99:7a:1b:f9:5b:14:57:5c:07:11:6d:dd:
         aa:19:ca:0c:3a:26:98:17:56:39:c2:dd:39:e7:de:27:15:80:
         b5:17:8d:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2b1en9hX3s9AZPOXGdmwizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDFkN2Q0MzM2NmE1YjAwNjNjMzc1NzEzMTlkZmE0MzJk
MTUzMWIwHhcNMjYwNDE3MTQyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY4Njk1ZDBkNDBkMGM0ZjcxOTQ4ZWJkZjY0YTA3M2I1NTU3ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2s6ymJR+gU+0Ky54cX1Zm4Ipgu/
KZhn9xklaogv8GkegTos/iwdZ+44epcuD5oEkMtkWutNetkDuojWR1dbM56Wzeso
JQ1z1CTiJJZd7laBsnt1RrtvD/coMBR9Fuvkys7coFJcqYT72bqioA/qFcMvFAMv
N5X3o1N7LW729MlA0bvAmd7IZZrELNWM4wtiqQ5qRo0yr4VYRalrOnf0GY2Ca1LA
IeOayDMh7/vhCFxL2gydYVHdyjKZnUrpYMNSSZwYJx/gwRlO1HFqX22H7oZWnrbj
qP9wMEfsRbUMIdemA2EKmKmLW9xOsB1d4JaZUVBCat5dsMczyO/FpVBCvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtoaV0NQNDE9xlI699koHO1VX+QMB8GA1UdIwQY
MBaAFOPR19QzZqWwBjw3VxMZ36Qy0VMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEt
ZjcyYWIwMzE3N2MxLzEvVzJocFhRMUEwTVQzR1VqcjMyU2djN1ZWZjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9lOTE2MjctODQzYy00OWJjLTliZWEtZjcyYWIwMzE3N2Mx
LzEvNDlIWDFETm1wYkFHUERkWEV4bmZwRExSVXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvyxEMA0G
CSqGSIb3DQEBCwUAA4IBAQCNTvb7SKa4cfAnAV3MI6YnSr94CBwTZJKzIhrwbpJV
zplNGoR/Vw3zGEedUk3mWeYiCzkRbFff4jO1DfTRM3apGLsaSKMJLnsaf39tAv7U
mayEZf+TlcFP+pDVq9OSQ01C0iUGcribj/753y5KsU3dISPVg1bMYavSZuIGAVQn
9mX8Hp0vkvsqUKYIllmXk7T2HCbSDCJ6+stRE2fPyqamlqNi0rOQUPT7zlegfzZG
74sA1SUysZvuztuAvX3n1MebZWP0hHNOTOCU5bz7lLUyyHZkb6svH2TjRD7BwwqZ
ehv5WxRXXAcRbd2qGcoMOiaYF1Y5wt05594nFYC1F43d
-----END CERTIFICATE-----