Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/aLvo7jTFSqWbm8QJidyuJFZE-Mo.roa
File:                     aLvo7jTFSqWbm8QJidyuJFZE-Mo.roa (raw, json)
Hash identifier:          5VnvKBLjIbUzjUAD4NNpPyYJkWIiP+uY0rq7wSA5l/o=
Subject key identifier:   68:BB:E8:EE:34:C5:4A:A5:9B:9B:C4:09:89:DC:AE:24:56:44:F8:CA
Certificate issuer:       /CN=d5a3f3d093fa2867200a43aece450d74b39096ff
Certificate serial:       019D299C8EC30777D40E8441FE26A3E7CAE1
Authority key identifier: D5:A3:F3:D0:93:FA:28:67:20:0A:43:AE:CE:45:0D:74:B3:90:96:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aPz0JP6KGcgCkOuzkUNdLOQlv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/aLvo7jTFSqWbm8QJidyuJFZE-Mo.roa
Signing time:             Thu 26 Mar 2026 10:06:59 +0000
ROA not before:           Thu 26 Mar 2026 10:06:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59600
IP address blocks:        91.244.168.0/21 maxlen: 24
                          91.244.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/1aPz0JP6KGcgCkOuzkUNdLOQlv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/1aPz0JP6KGcgCkOuzkUNdLOQlv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aPz0JP6KGcgCkOuzkUNdLOQlv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 08:48:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:9c:8e:c3:07:77:d4:0e:84:41:fe:26:a3:e7:ca:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a3f3d093fa2867200a43aece450d74b39096ff
        Validity
            Not Before: Mar 26 10:06:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68bbe8ee34c54aa59b9bc40989dcae245644f8ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0a:4f:37:28:46:fe:67:e5:1a:a0:a7:36:13:
                    fc:93:cd:17:34:87:7f:86:83:8e:15:94:0b:bb:5f:
                    87:f3:1c:0b:87:57:e0:1e:ed:0c:bc:ab:8e:b1:c0:
                    f2:77:e7:97:52:12:aa:65:74:86:98:09:ff:cf:a9:
                    2e:68:20:1a:4f:c5:06:44:4e:e5:11:45:0d:ba:34:
                    5f:0b:38:b4:be:ab:4f:93:f0:95:da:06:e6:2a:79:
                    90:4c:02:95:5f:ce:30:50:ab:e8:81:32:bf:0e:54:
                    8f:61:99:71:25:fa:d2:2e:8a:f5:ff:bf:20:57:91:
                    3a:9d:46:35:34:8e:f7:9c:d6:6a:1c:b5:7e:0a:65:
                    47:14:7e:be:73:75:09:42:23:63:5f:5b:f8:82:2b:
                    27:77:2f:df:6b:72:e9:43:33:db:1b:b3:d1:0f:62:
                    71:20:dd:54:9a:36:1b:ab:3c:08:17:4b:61:96:d6:
                    81:d9:71:b0:ac:49:77:d2:95:de:c4:9b:98:91:22:
                    5b:96:ca:33:60:df:2a:6f:d1:e0:b4:ab:38:39:86:
                    01:ae:81:f3:ba:1d:1b:5b:06:f8:56:f0:cd:cb:89:
                    19:93:b7:95:0e:22:d1:7d:bf:d0:b7:d9:0a:81:a0:
                    05:ea:9d:ad:91:8d:93:94:9b:b1:95:c1:12:20:67:
                    d0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:BB:E8:EE:34:C5:4A:A5:9B:9B:C4:09:89:DC:AE:24:56:44:F8:CA
            X509v3 Authority Key Identifier:
                keyid:D5:A3:F3:D0:93:FA:28:67:20:0A:43:AE:CE:45:0D:74:B3:90:96:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aPz0JP6KGcgCkOuzkUNdLOQlv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/aLvo7jTFSqWbm8QJidyuJFZE-Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3ad2b1-a4ac-4c00-a279-07b623668f3b/1/1aPz0JP6KGcgCkOuzkUNdLOQlv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.168.0-91.244.179.255

    Signature Algorithm: sha256WithRSAEncryption
         77:c8:aa:87:0b:70:da:54:02:07:9e:ed:41:bf:6e:14:c5:e3:
         8b:ae:5d:b2:3c:40:e1:21:42:a5:5d:8a:0f:b5:ec:75:1d:1a:
         3a:5e:0d:4a:5e:ca:b7:90:30:d6:53:df:df:e7:12:e3:67:38:
         ec:7a:cd:64:23:02:a0:c4:63:06:8a:bc:1b:6c:39:c9:05:47:
         44:64:04:b5:58:63:07:f0:d1:a3:d8:67:c4:49:6a:b3:af:ed:
         bc:08:e5:fd:3d:63:59:32:29:31:e3:ce:5a:43:65:54:3b:26:
         fe:f3:68:14:27:04:26:84:91:c4:bb:52:c9:cc:96:0d:ee:61:
         33:31:81:09:fe:d1:2a:3d:1a:05:d0:3d:cf:2a:45:e5:81:1e:
         a0:d0:4b:e8:79:99:16:d0:fb:63:b9:4a:8d:af:85:88:10:ee:
         4b:0f:73:e8:d4:a0:ed:29:c7:9a:1e:a1:6e:39:86:d2:ab:6e:
         74:37:2f:1f:c9:a3:ce:62:49:41:e0:93:45:c2:61:d7:50:22:
         19:c8:e7:1b:fd:94:c2:81:a5:11:7e:86:08:18:42:71:24:02:
         27:8d:e7:0b:48:35:bc:7f:94:e8:42:63:eb:27:74:f6:33:4b:
         8c:33:e3:92:55:68:f7:59:5c:b9:2d:e9:62:8a:48:20:12:76:
         30:8c:65:2f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0pnI7DB3fUDoRB/iaj58rhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTNmM2QwOTNmYTI4NjcyMDBhNDNhZWNlNDUwZDc0YjM5
MDk2ZmYwHhcNMjYwMzI2MTAwNjU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGJiZThlZTM0YzU0YWE1OWI5YmM0MDk4OWRjYWUyNDU2NDRmOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwpPNyhG/mflGqCnNhP8k80XNId/
hoOOFZQLu1+H8xwLh1fgHu0MvKuOscDyd+eXUhKqZXSGmAn/z6kuaCAaT8UGRE7l
EUUNujRfCzi0vqtPk/CV2gbmKnmQTAKVX84wUKvogTK/DlSPYZlxJfrSLor1/78g
V5E6nUY1NI73nNZqHLV+CmVHFH6+c3UJQiNjX1v4gisndy/fa3LpQzPbG7PRD2Jx
IN1UmjYbqzwIF0thltaB2XGwrEl30pXexJuYkSJblsozYN8qb9HgtKs4OYYBroHz
uh0bWwb4VvDNy4kZk7eVDiLRfb/Qt9kKgaAF6p2tkY2TlJuxlcESIGfQxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGi76O40xUqlm5vECYncriRWRPjKMB8GA1UdIwQY
MBaAFNWj89CT+ihnIApDrs5FDXSzkJb/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFQejBKUDZLR2NnQ2tPdXprVU5kTE9RbHY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zYWQyYjEtYTRhYy00YzAwLWEyNzkt
MDdiNjIzNjY4ZjNiLzEvYUx2bzdqVEZTcVdibThRSmlkeXVKRlpFLU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zYWQyYjEtYTRhYy00YzAwLWEyNzktMDdiNjIzNjY4ZjNi
LzEvMWFQejBKUDZLR2NnQ2tPdXprVU5kTE9RbHY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANb9KgD
BAJb9LAwDQYJKoZIhvcNAQELBQADggEBAHfIqocLcNpUAgee7UG/bhTF44uuXbI8
QOEhQqVdig+17HUdGjpeDUpeyreQMNZT39/nEuNnOOx6zWQjAqDEYwaKvBtsOckF
R0RkBLVYYwfw0aPYZ8RJarOv7bwI5f09Y1kyKTHjzlpDZVQ7Jv7zaBQnBCaEkcS7
UsnMlg3uYTMxgQn+0So9GgXQPc8qReWBHqDQS+h5mRbQ+2O5So2vhYgQ7ksPc+jU
oO0px5oeoW45htKrbnQ3Lx/Jo85iSUHgk0XCYddQIhnI5xv9lMKBpRF+hggYQnEk
AieN5wtINbx/lOhCY+sndPYzS4wz45JVaPdZXLkt6WKKSCASdjCMZS8=
-----END CERTIFICATE-----