Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/AlEfjoPeXPILa9KKrBERLGvAD6I.roa
File:                     AlEfjoPeXPILa9KKrBERLGvAD6I.roa (raw, json)
Hash identifier:          0eWcjv8mOUVmJJmOXlhrZffzCyIn/A/euxaoQi4JkDQ=
Subject key identifier:   02:51:1F:8E:83:DE:5C:F2:0B:6B:D2:8A:AC:11:11:2C:6B:C0:0F:A2
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019D0B780B5797E72A0CD1A556C8CCA869A7
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/AlEfjoPeXPILa9KKrBERLGvAD6I.roa
Signing time:             Fri 20 Mar 2026 13:38:29 +0000
ROA not before:           Fri 20 Mar 2026 13:38:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        91.225.225.0/24 maxlen: 24
                          91.225.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:78:0b:57:97:e7:2a:0c:d1:a5:56:c8:cc:a8:69:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Mar 20 13:38:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02511f8e83de5cf20b6bd28aac11112c6bc00fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:77:fd:0c:88:be:7c:06:70:ad:08:c2:a0:06:
                    e2:df:bb:50:0b:a9:9d:b6:7c:c9:1e:54:75:f8:b3:
                    71:f7:90:50:5f:ab:12:11:f3:6c:d9:66:8e:6b:cb:
                    e1:9e:55:9f:62:da:b8:e5:e9:16:ec:19:ed:31:18:
                    35:ed:5f:c4:6f:6c:2b:91:f3:fd:72:4b:1e:d7:68:
                    78:69:00:5d:c2:cf:1f:5b:3e:49:38:2e:df:9c:d3:
                    55:06:26:37:9e:44:87:cb:f6:c6:ab:04:8c:72:1f:
                    fd:3a:38:b3:c5:d0:8e:67:d7:0b:3e:6f:b9:e0:a6:
                    8e:cf:11:af:d5:af:2c:97:87:b8:4d:6c:42:eb:8e:
                    fd:7a:c4:72:11:48:ec:e7:64:67:22:03:97:6d:09:
                    d8:64:01:fa:9a:21:28:31:b3:94:0d:7c:89:10:6a:
                    40:b6:26:36:96:c2:74:cb:89:eb:29:22:83:3c:33:
                    fe:2e:70:6f:36:00:24:2f:25:c0:b5:c9:55:45:d6:
                    32:0f:91:29:1e:b7:fb:88:26:1d:62:72:62:99:67:
                    83:0d:b7:bd:b8:46:83:3b:66:56:f5:34:08:73:3a:
                    de:7a:43:68:50:81:21:af:e6:34:64:14:cd:27:28:
                    27:e7:3a:3c:e7:0d:a2:64:7b:ed:44:41:6d:0f:d9:
                    e5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:51:1F:8E:83:DE:5C:F2:0B:6B:D2:8A:AC:11:11:2C:6B:C0:0F:A2
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/AlEfjoPeXPILa9KKrBERLGvAD6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.225.0-91.225.226.255

    Signature Algorithm: sha256WithRSAEncryption
         31:65:7a:34:7b:85:75:8b:c6:c1:dc:ec:4f:3e:4b:da:af:a1:
         8a:be:01:09:14:2e:80:cc:cf:4c:9b:d3:9e:d8:09:63:db:6b:
         4b:1c:00:a1:8d:43:d0:73:13:e5:b7:30:00:be:d0:d2:29:63:
         33:8d:8e:ee:56:c3:d8:d5:7c:d3:7d:11:f8:c4:0e:ef:55:e3:
         dc:46:ff:9a:4d:9f:4c:63:e0:72:a9:aa:c0:db:fc:21:cf:00:
         12:82:5a:bc:5d:3f:63:0d:22:f6:ab:a4:0d:43:0a:b0:ce:c2:
         cd:b9:70:de:62:ac:a3:eb:d3:af:15:4b:d5:8e:29:9e:e1:d7:
         3d:2f:57:1c:2b:6c:dd:81:6f:ef:3c:08:11:a2:35:33:97:91:
         e5:73:ad:50:34:78:c9:45:c0:fb:6f:98:37:92:80:6d:77:58:
         ee:ae:24:50:03:51:5c:8a:40:7f:80:a6:50:19:93:61:5e:98:
         88:d3:7b:01:f5:c7:fc:01:54:23:f8:13:d4:5f:4f:12:81:34:
         8b:17:16:67:4b:06:0d:e9:34:f0:2a:43:b2:5e:27:d4:85:ca:
         64:c8:87:e3:da:43:ff:5f:0c:3f:61:c5:dc:b9:ab:9a:99:b1:
         76:7f:ac:b3:ac:c4:1c:1d:60:49:ab:3d:7e:80:78:b5:38:11:
         39:2b:2c:83
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0LeAtXl+cqDNGlVsjMqGmnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwMzIwMTMzODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjUxMWY4ZTgzZGU1Y2YyMGI2YmQyOGFhYzExMTEyYzZiYzAwZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Hf9DIi+fAZwrQjCoAbi37tQC6md
tnzJHlR1+LNx95BQX6sSEfNs2WaOa8vhnlWfYtq45ekW7BntMRg17V/Eb2wrkfP9
ckse12h4aQBdws8fWz5JOC7fnNNVBiY3nkSHy/bGqwSMch/9OjizxdCOZ9cLPm+5
4KaOzxGv1a8sl4e4TWxC6479esRyEUjs52RnIgOXbQnYZAH6miEoMbOUDXyJEGpA
tiY2lsJ0y4nrKSKDPDP+LnBvNgAkLyXAtclVRdYyD5EpHrf7iCYdYnJimWeDDbe9
uEaDO2ZW9TQIczreekNoUIEhr+Y0ZBTNJygn5zo85w2iZHvtREFtD9nlYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAJRH46D3lzyC2vSiqwRESxrwA+iMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvQWxFZmpvUGVYUElMYTlLS3JCRVJMR3ZBRDZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABb4eED
BABb4eIwDQYJKoZIhvcNAQELBQADggEBADFlejR7hXWLxsHc7E8+S9qvoYq+AQkU
LoDMz0yb057YCWPba0scAKGNQ9BzE+W3MAC+0NIpYzONju5Ww9jVfNN9EfjEDu9V
49xG/5pNn0xj4HKpqsDb/CHPABKCWrxdP2MNIvarpA1DCrDOws25cN5irKPr068V
S9WOKZ7h1z0vVxwrbN2Bb+88CBGiNTOXkeVzrVA0eMlFwPtvmDeSgG13WO6uJFAD
UVyKQH+AplAZk2FemIjTewH1x/wBVCP4E9RfTxKBNIsXFmdLBg3pNPAqQ7JeJ9SF
ymTIh+PaQ/9fDD9hxdy5q5qZsXZ/rLOsxBwdYEmrPX6AeLU4ETkrLIM=
-----END CERTIFICATE-----