Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/4pZXrEj9yLrK_myw2vkLuHMRP3o.roa
File:                     4pZXrEj9yLrK_myw2vkLuHMRP3o.roa (raw, json)
Hash identifier:          DJQK03t5tLBFY9ixKqxEvu00yd9H1jFx8XFi86QNB2Q=
Subject key identifier:   E2:96:57:AC:48:FD:C8:BA:CA:FE:6C:B0:DA:F9:0B:B8:73:11:3F:7A
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019D8181CAA5A2024BC87BF7B92698BC8BD4
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/4pZXrEj9yLrK_myw2vkLuHMRP3o.roa
Signing time:             Sun 12 Apr 2026 11:44:20 +0000
ROA not before:           Sun 12 Apr 2026 11:44:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        91.225.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:81:ca:a5:a2:02:4b:c8:7b:f7:b9:26:98:bc:8b:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Apr 12 11:44:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e29657ac48fdc8bacafe6cb0daf90bb873113f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:25:36:cc:5f:5d:81:99:ae:13:1c:d7:45:ae:
                    44:1c:a9:4d:e3:27:00:7b:b6:93:d7:f4:8a:02:d4:
                    06:09:51:6e:29:71:0e:9b:f3:22:de:1b:45:f9:43:
                    c9:c7:5f:8b:bd:7f:1e:fd:3c:43:ee:46:09:63:56:
                    ab:ee:cc:9d:de:7d:f7:06:91:93:3c:11:23:2a:76:
                    8a:17:13:4f:c9:65:84:12:37:32:43:ca:d5:49:8f:
                    01:6f:a6:ca:ef:82:47:f5:0f:0a:f2:26:ab:4a:5a:
                    a3:1b:ad:4a:91:f0:2f:96:cb:63:a1:67:1c:98:a0:
                    5b:70:a5:9d:46:ca:b3:ee:a2:67:2d:9c:19:e4:54:
                    5e:5c:95:2c:5b:0d:a8:67:7f:d9:c2:93:e4:44:ca:
                    f9:f8:7a:12:c0:41:0d:1d:09:fe:ef:c2:0d:f0:04:
                    dd:31:7b:cc:d7:fb:21:f4:6c:ac:61:61:3f:bc:9d:
                    ee:11:cf:af:b2:18:94:8e:61:37:b1:ca:24:fb:6e:
                    2f:5e:c7:dd:18:a9:63:fa:8f:85:c4:da:29:3e:e2:
                    04:2a:30:cf:a0:ba:21:61:8c:80:07:45:04:a4:32:
                    9a:e0:72:8c:bc:1d:71:a7:7d:c1:28:7e:bd:0a:5a:
                    83:b5:49:a2:af:fe:30:b9:f0:8d:0a:3a:3f:7e:bb:
                    b3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:96:57:AC:48:FD:C8:BA:CA:FE:6C:B0:DA:F9:0B:B8:73:11:3F:7A
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/4pZXrEj9yLrK_myw2vkLuHMRP3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:8e:5a:a1:d0:19:a1:b6:7e:b0:33:bf:81:60:e0:82:6a:a7:
         d5:6c:bc:4f:70:09:f2:8b:dd:5d:18:9d:a8:2a:f1:62:67:14:
         2e:ab:ce:02:8e:38:12:fe:25:0d:81:d5:49:e4:67:d2:4b:93:
         e4:cb:b5:e1:d8:e7:ce:62:b1:d2:d2:72:a9:57:86:d3:2c:28:
         5a:74:d5:b6:6d:79:ab:d3:d1:f7:f8:1f:39:29:e7:9c:80:9b:
         99:96:91:85:04:53:4c:d4:32:77:77:3b:14:06:b5:c1:6c:ce:
         7d:94:d9:bf:0d:d9:fd:5d:12:ee:94:16:fc:04:07:b1:5a:80:
         8d:7a:63:14:c7:cf:71:95:51:19:f0:8e:02:f1:f5:60:83:4c:
         7a:06:89:2a:21:96:0e:10:44:4b:6d:0f:0e:4f:5a:33:83:4f:
         7c:01:3d:d3:dc:3c:82:c4:4b:a9:4c:9c:10:4d:77:9f:a4:ca:
         3c:e4:e9:b9:9e:2b:f4:ce:88:8b:d5:cd:7d:dc:a6:32:06:21:
         0e:56:a0:53:e9:b6:8f:b5:33:95:c0:79:fb:71:10:3d:42:49:
         e6:97:d8:83:5a:b8:cb:f0:81:2f:6a:09:24:78:7c:ad:ec:30:
         02:44:2d:db:f0:67:1a:c2:55:57:09:b7:ca:15:87:cd:dd:76:
         ba:0e:99:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2BgcqlogJLyHv3uSaYvIvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwNDEyMTE0NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk2NTdhYzQ4ZmRjOGJhY2FmZTZjYjBkYWY5MGJiODczMTEzZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyU2zF9dgZmuExzXRa5EHKlN4ycA
e7aT1/SKAtQGCVFuKXEOm/Mi3htF+UPJx1+LvX8e/TxD7kYJY1ar7syd3n33BpGT
PBEjKnaKFxNPyWWEEjcyQ8rVSY8Bb6bK74JH9Q8K8iarSlqjG61KkfAvlstjoWcc
mKBbcKWdRsqz7qJnLZwZ5FReXJUsWw2oZ3/ZwpPkRMr5+HoSwEENHQn+78IN8ATd
MXvM1/sh9GysYWE/vJ3uEc+vshiUjmE3scok+24vXsfdGKlj+o+FxNopPuIEKjDP
oLohYYyAB0UEpDKa4HKMvB1xp33BKH69ClqDtUmir/4wufCNCjo/fruz1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKWV6xI/ci6yv5ssNr5C7hzET96MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvNHBaWHJFajl5THJLX215dzJ2a0x1SE1SUDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+HhMA0G
CSqGSIb3DQEBCwUAA4IBAQBqjlqh0Bmhtn6wM7+BYOCCaqfVbLxPcAnyi91dGJ2o
KvFiZxQuq84CjjgS/iUNgdVJ5GfSS5Pky7Xh2OfOYrHS0nKpV4bTLChadNW2bXmr
09H3+B85KeecgJuZlpGFBFNM1DJ3dzsUBrXBbM59lNm/Ddn9XRLulBb8BAexWoCN
emMUx89xlVEZ8I4C8fVgg0x6BokqIZYOEERLbQ8OT1ozg098AT3T3DyCxEupTJwQ
TXefpMo85Om5niv0zoiL1c193KYyBiEOVqBT6baPtTOVwHn7cRA9Qknml9iDWrjL
8IEvagkkeHyt7DACRC3b8GcawlVXCbfKFYfN3Xa6DpnG
-----END CERTIFICATE-----