Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/AlQ9s5QZK2NSuAym9BFFOrJaC0g.roa
File:                     AlQ9s5QZK2NSuAym9BFFOrJaC0g.roa (raw, json)
Hash identifier:          QAchfxqcPxu44vFEqxRKf6wyg72hfH4/rebn2BcHbus=
Subject key identifier:   02:54:3D:B3:94:19:2B:63:52:B8:0C:A6:F4:11:45:3A:B2:5A:0B:48
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019A373E07B5186F58342D21AC1AD74020E4
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/AlQ9s5QZK2NSuAym9BFFOrJaC0g.roa
Signing time:             Thu 30 Oct 2025 22:30:03 +0000
ROA not before:           Thu 30 Oct 2025 22:30:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401476
IP address blocks:        45.13.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:37:3e:07:b5:18:6f:58:34:2d:21:ac:1a:d7:40:20:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Oct 30 22:30:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02543db394192b6352b80ca6f411453ab25a0b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ec:b5:1f:eb:95:da:5a:6f:87:19:1b:b0:a3:
                    d4:38:1f:4a:22:1f:5f:bf:de:78:d5:87:18:ad:48:
                    19:20:f3:69:9d:8b:41:fb:78:9a:21:1b:90:41:54:
                    67:3f:ad:5c:3a:f9:29:32:d0:f6:ee:a9:a8:2c:8b:
                    fd:b0:34:c5:43:48:c5:36:88:a7:68:fe:1d:da:fb:
                    35:20:a6:e3:b6:fd:14:d9:65:bf:d6:c1:5c:c0:92:
                    88:26:fe:9a:7b:e7:94:e9:81:fd:65:a4:1d:9e:10:
                    12:96:db:19:47:65:ff:1b:00:d7:d3:2f:d5:b9:76:
                    c1:d7:59:3d:4e:06:44:e4:f5:e9:db:fa:06:92:59:
                    6a:ba:d0:75:06:4e:6d:24:45:46:cc:91:f7:a4:25:
                    7a:14:b4:3e:29:75:e1:50:ac:fb:ee:85:64:fb:7a:
                    5f:ad:74:fb:e7:99:d4:26:fb:d3:65:0e:74:f7:fc:
                    b2:97:07:e2:35:eb:37:69:fd:d5:43:0b:45:31:63:
                    46:a8:87:a7:12:d3:11:f4:de:79:2d:f1:f2:ec:0b:
                    45:b1:81:b3:6c:fe:90:c1:25:c6:c5:7a:49:f6:0e:
                    c3:33:ff:c5:74:81:44:bd:fd:8d:66:73:c9:fe:31:
                    8a:7c:e2:0a:81:08:c9:71:d9:48:8a:70:b4:a9:63:
                    84:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:54:3D:B3:94:19:2B:63:52:B8:0C:A6:F4:11:45:3A:B2:5A:0B:48
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/AlQ9s5QZK2NSuAym9BFFOrJaC0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:cd:79:b1:13:6a:36:a7:ef:75:4f:00:1c:1e:be:21:20:6d:
         db:18:5e:d8:60:fc:39:ef:38:31:a4:b4:2e:ff:94:28:cd:9d:
         c1:a7:b5:8f:a0:5c:99:bc:4b:f7:ce:d5:fd:d3:f8:d2:6a:ec:
         e1:43:c2:b4:29:6b:a1:73:e2:c2:3a:29:0d:ef:39:24:37:0b:
         34:e8:29:41:8b:38:53:6a:d4:b6:f1:fe:b1:6a:fc:3e:a9:96:
         60:a0:e8:82:56:0b:4d:2f:f1:91:ea:0f:14:29:51:5d:83:ef:
         6e:08:b7:9f:b6:49:7f:29:16:60:c9:99:4c:01:35:fb:77:b8:
         72:f2:78:a0:8b:a9:1b:6b:c0:8a:82:a8:23:06:13:5f:71:f1:
         e2:d5:7b:4d:cc:4b:26:3e:96:5f:ba:22:de:bd:40:04:8f:3b:
         fd:d2:9c:66:fc:90:fe:5f:e6:34:67:d7:f8:b8:c4:15:5a:91:
         f5:3a:9f:96:ae:a4:7d:ef:79:b3:54:27:58:4c:03:a6:1a:69:
         f1:b3:d3:a9:26:54:5a:21:db:b6:8a:5a:1e:9a:fd:7f:a1:94:
         9b:e9:33:10:e3:82:03:e6:3e:a4:b3:a9:21:a9:43:0f:ac:8b:
         33:ab:35:d5:6f:5e:9b:00:67:dc:73:ee:60:49:e0:5b:55:e5:
         30:f2:06:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo3Pge1GG9YNC0hrBrXQCDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUxMDMwMjIzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU0M2RiMzk0MTkyYjYzNTJiODBjYTZmNDExNDUzYWIyNWEwYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+y1H+uV2lpvhxkbsKPUOB9KIh9f
v9541YcYrUgZIPNpnYtB+3iaIRuQQVRnP61cOvkpMtD27qmoLIv9sDTFQ0jFNoin
aP4d2vs1IKbjtv0U2WW/1sFcwJKIJv6ae+eU6YH9ZaQdnhASltsZR2X/GwDX0y/V
uXbB11k9TgZE5PXp2/oGkllqutB1Bk5tJEVGzJH3pCV6FLQ+KXXhUKz77oVk+3pf
rXT755nUJvvTZQ509/yylwfiNes3af3VQwtFMWNGqIenEtMR9N55LfHy7AtFsYGz
bP6QwSXGxXpJ9g7DM//FdIFEvf2NZnPJ/jGKfOIKgQjJcdlIinC0qWOEyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJUPbOUGStjUrgMpvQRRTqyWgtIMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvQWxROXM1UVpLMk5TdUF5bTlCRkZPckphQzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ2zMA0G
CSqGSIb3DQEBCwUAA4IBAQAEzXmxE2o2p+91TwAcHr4hIG3bGF7YYPw57zgxpLQu
/5QozZ3Bp7WPoFyZvEv3ztX90/jSauzhQ8K0KWuhc+LCOikN7zkkNws06ClBizhT
atS28f6xavw+qZZgoOiCVgtNL/GR6g8UKVFdg+9uCLeftkl/KRZgyZlMATX7d7hy
8nigi6kba8CKgqgjBhNfcfHi1XtNzEsmPpZfuiLevUAEjzv90pxm/JD+X+Y0Z9f4
uMQVWpH1Op+WrqR973mzVCdYTAOmGmnxs9OpJlRaIdu2iloemv1/oZSb6TMQ44ID
5j6ks6khqUMPrIszqzXVb16bAGfcc+5gSeBbVeUw8gY2
-----END CERTIFICATE-----