Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/aHdJjEV_MZGQhS1-oSIoUxNhu0w.roa
File:                     aHdJjEV_MZGQhS1-oSIoUxNhu0w.roa (raw, json)
Hash identifier:          V1XVv/qtFeaO0uUYLoorR9Olh/izTLbjNE3cg3DaNhc=
Subject key identifier:   68:77:49:8C:45:7F:31:91:90:85:2D:7E:A1:22:28:53:13:61:BB:4C
Certificate issuer:       /CN=aae8e9b4d8db946bb20ccf512797075c8afd83cd
Certificate serial:       019D6770F8BCA232E40BBE9B6FC36AD50D01
Authority key identifier: AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qujptNjblGuyDM9RJ5cHXIr9g80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/aHdJjEV_MZGQhS1-oSIoUxNhu0w.roa
Signing time:             Tue 07 Apr 2026 10:15:50 +0000
ROA not before:           Tue 07 Apr 2026 10:15:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        91.244.200.0/22 maxlen: 24
                          91.244.200.0/24 maxlen: 24
                          91.244.201.0/24 maxlen: 24
                          91.244.202.0/24 maxlen: 24
                          91.244.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qujptNjblGuyDM9RJ5cHXIr9g80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:70:f8:bc:a2:32:e4:0b:be:9b:6f:c3:6a:d5:0d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae8e9b4d8db946bb20ccf512797075c8afd83cd
        Validity
            Not Before: Apr  7 10:15:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6877498c457f319190852d7ea12228531361bb4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:56:33:fc:81:7d:3c:8c:a1:17:82:4e:40:bd:
                    ed:86:33:ba:c6:0e:fa:51:f4:ba:bb:e0:f4:27:cd:
                    da:da:8f:27:bc:0c:ac:d8:c4:4a:95:f6:37:f6:c9:
                    9a:73:e1:25:44:80:5b:28:13:fb:2e:ae:64:70:36:
                    82:d6:d0:d0:68:b3:5b:f4:ba:e8:79:11:31:b9:ba:
                    b3:fe:24:fb:3b:b3:8c:6e:50:5d:da:8f:1e:5e:1b:
                    54:fd:e5:f3:af:c1:39:e3:90:45:d5:d3:8f:4a:fd:
                    94:99:90:d3:03:82:0e:0e:9a:56:80:91:10:ce:22:
                    aa:01:cb:2a:e5:a3:cc:86:37:07:35:05:33:93:05:
                    8c:97:a2:a6:4d:6a:cc:a4:ed:b0:0b:fd:df:22:ca:
                    8a:eb:91:e1:70:44:40:bc:8b:01:f5:26:80:97:2d:
                    38:62:ea:d9:64:47:ba:06:61:a6:c2:19:be:f0:a5:
                    57:62:2e:3b:a3:ff:82:d6:c0:1d:ae:b0:ca:b7:b9:
                    b0:da:dc:6f:1d:d3:36:f1:8f:7c:db:01:3c:19:24:
                    27:1b:82:18:9a:ed:09:d5:ec:ad:87:ca:d2:fd:e0:
                    33:40:62:2e:89:b7:3d:6d:63:70:f0:18:b5:d6:d0:
                    1d:64:b9:d1:9f:b9:9a:e5:25:ff:49:e8:eb:dd:44:
                    2b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:77:49:8C:45:7F:31:91:90:85:2D:7E:A1:22:28:53:13:61:BB:4C
            X509v3 Authority Key Identifier:
                keyid:AA:E8:E9:B4:D8:DB:94:6B:B2:0C:CF:51:27:97:07:5C:8A:FD:83:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qujptNjblGuyDM9RJ5cHXIr9g80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/aHdJjEV_MZGQhS1-oSIoUxNhu0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/1e872f-8851-4d17-9148-f8905672e59d/1/qujptNjblGuyDM9RJ5cHXIr9g80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:b3:14:ea:07:6e:24:68:61:87:be:5a:58:f4:47:c5:7b:90:
         4f:53:04:44:3c:49:d2:49:53:a5:b3:d8:5f:9f:5f:a3:a5:79:
         9b:f8:fd:76:a0:44:6d:ad:14:26:b4:35:95:94:f8:e9:5f:3d:
         bf:d0:80:1a:8e:27:4a:84:d0:0f:97:60:ef:b4:7f:71:f5:6e:
         b3:30:75:1a:e5:f2:d2:b8:ac:38:e7:b5:ff:de:c9:56:11:7e:
         5f:fe:e6:07:22:b4:df:8d:06:4b:78:e8:88:5d:09:30:5a:dc:
         57:13:3f:50:c1:cd:0c:0f:de:f7:2c:7b:6b:48:53:47:a1:d3:
         f1:d7:e3:50:31:16:b4:8d:27:59:67:8a:c1:28:09:67:32:68:
         a5:ac:28:6c:33:55:04:ec:eb:58:9d:9a:f4:92:2b:be:4b:24:
         2b:14:7b:23:65:4d:61:30:6a:8e:6a:b9:36:de:50:27:b4:77:
         37:c1:94:01:2b:cb:aa:d7:30:5d:b2:62:17:6a:a5:b9:67:fc:
         4b:1a:ec:ef:ee:ff:00:26:89:f8:55:86:e4:54:90:46:b8:e3:
         55:ba:ef:0c:1f:70:04:ad:e0:07:47:3d:e5:e5:ad:37:e2:5d:
         b0:71:b5:5c:ca:c9:c5:2a:83:c7:89:09:ba:04:84:2a:fd:f4:
         5e:fb:32:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ncPi8ojLkC76bb8Nq1Q0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZThlOWI0ZDhkYjk0NmJiMjBjY2Y1MTI3OTcwNzVjOGFm
ZDgzY2QwHhcNMjYwNDA3MTAxNTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc3NDk4YzQ1N2YzMTkxOTA4NTJkN2VhMTIyMjg1MzEzNjFiYjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1Yz/IF9PIyhF4JOQL3thjO6xg76
UfS6u+D0J83a2o8nvAys2MRKlfY39smac+ElRIBbKBP7Lq5kcDaC1tDQaLNb9Lro
eRExubqz/iT7O7OMblBd2o8eXhtU/eXzr8E545BF1dOPSv2UmZDTA4IODppWgJEQ
ziKqAcsq5aPMhjcHNQUzkwWMl6KmTWrMpO2wC/3fIsqK65HhcERAvIsB9SaAly04
YurZZEe6BmGmwhm+8KVXYi47o/+C1sAdrrDKt7mw2txvHdM28Y982wE8GSQnG4IY
mu0J1eyth8rS/eAzQGIuibc9bWNw8Bi11tAdZLnRn7ma5SX/Sejr3UQr0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh3SYxFfzGRkIUtfqEiKFMTYbtMMB8GA1UdIwQY
MBaAFKro6bTY25RrsgzPUSeXB1yK/YPNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXVqcHROamJsR3V5RE05Uko1Y0hYSXI5ZzgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xZTg3MmYtODg1MS00ZDE3LTkxNDgt
Zjg5MDU2NzJlNTlkLzEvYUhkSmpFVl9NWkdRaFMxLW9TSW9VeE5odTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xZTg3MmYtODg1MS00ZDE3LTkxNDgtZjg5MDU2NzJlNTlk
LzEvcXVqcHROamJsR3V5RE05Uko1Y0hYSXI5ZzgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/TIMA0G
CSqGSIb3DQEBCwUAA4IBAQBasxTqB24kaGGHvlpY9EfFe5BPUwREPEnSSVOls9hf
n1+jpXmb+P12oERtrRQmtDWVlPjpXz2/0IAajidKhNAPl2DvtH9x9W6zMHUa5fLS
uKw457X/3slWEX5f/uYHIrTfjQZLeOiIXQkwWtxXEz9Qwc0MD973LHtrSFNHodPx
1+NQMRa0jSdZZ4rBKAlnMmilrChsM1UE7OtYnZr0kiu+SyQrFHsjZU1hMGqOark2
3lAntHc3wZQBK8uq1zBdsmIXaqW5Z/xLGuzv7v8AJon4VYbkVJBGuONVuu8MH3AE
reAHRz3l5a034l2wcbVcysnFKoPHiQm6BIQq/fRe+zK8
-----END CERTIFICATE-----