Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Aldb8rVQEYH7AIYKbirLccTqxfk.roa
File:                     Aldb8rVQEYH7AIYKbirLccTqxfk.roa (raw, json)
Hash identifier:          xKeQuE6N5Er4acIg7kKR9Q2RvuXmil18lO24CsbXiP0=
Subject key identifier:   02:57:5B:F2:B5:50:11:81:FB:00:86:0A:6E:2A:CB:71:C4:EA:C5:F9
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       019E5F784076114D3912795A4BA602CDD820
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Aldb8rVQEYH7AIYKbirLccTqxfk.roa
Signing time:             Mon 25 May 2026 14:09:36 +0000
ROA not before:           Mon 25 May 2026 14:09:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44559
IP address blocks:        85.28.61.0/24 maxlen: 24
                          85.28.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:78:40:76:11:4d:39:12:79:5a:4b:a6:02:cd:d8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: May 25 14:09:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02575bf2b5501181fb00860a6e2acb71c4eac5f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:64:7d:ab:95:aa:33:a2:79:0e:1a:3a:34:52:
                    88:15:09:a3:4b:75:94:d9:3b:eb:3b:52:49:15:d1:
                    a7:ef:0a:b4:26:63:6d:3b:9c:e5:ff:5f:1c:b8:a1:
                    59:f4:ed:58:00:0d:23:c0:44:67:09:df:8c:4c:a2:
                    19:c5:09:49:6d:1e:35:57:a0:39:5e:3c:95:98:4f:
                    43:fc:b6:67:6e:78:b0:69:f6:33:09:99:33:07:e0:
                    2d:f5:05:3e:68:25:aa:ba:84:d7:a4:83:12:7a:ef:
                    dc:06:09:bb:27:a1:c4:55:01:ad:f1:2f:38:c6:52:
                    19:aa:45:a7:7d:75:f1:1b:8d:79:de:5b:70:71:5e:
                    74:12:d2:8d:2f:08:4c:d7:71:29:4e:6e:3d:02:7a:
                    3f:ce:64:f2:86:18:7f:ed:5d:08:cb:39:c7:d0:e9:
                    2b:07:6c:52:9b:61:25:55:f7:76:2b:64:4e:4b:fd:
                    fd:43:70:16:2d:1e:7e:a3:53:a1:88:7a:fc:3b:2e:
                    d4:c9:0a:54:fc:19:6c:71:26:14:ca:ae:57:e0:60:
                    f9:99:a0:b9:12:f1:6e:aa:a3:40:77:c9:c7:9b:50:
                    fc:94:b5:d4:62:05:02:d9:cd:08:bc:70:d8:75:80:
                    a7:0b:19:e4:77:cf:c0:54:0c:0d:e6:8c:3d:8d:aa:
                    8c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:57:5B:F2:B5:50:11:81:FB:00:86:0A:6E:2A:CB:71:C4:EA:C5:F9
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Aldb8rVQEYH7AIYKbirLccTqxfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.61.0/24
                  85.28.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:1e:fa:8a:93:e1:44:35:7a:5f:1c:b9:e8:a8:30:ca:7d:58:
         59:fb:5b:66:76:6f:00:8b:55:fa:bb:a3:d5:5b:79:25:a8:b8:
         13:28:98:1b:a1:78:ca:70:1a:0e:83:27:1e:5f:29:1f:a8:b0:
         8f:09:84:70:0d:2e:50:a0:bf:8a:0d:cd:1f:fe:02:d0:be:a2:
         30:7d:3f:45:04:89:58:84:c7:9e:57:f9:50:2d:11:e9:bb:96:
         23:55:a1:b7:23:a7:f8:ca:d3:f9:8c:3f:81:ad:7b:28:4d:ce:
         31:88:5e:c6:f4:f5:7d:72:9f:f6:44:fc:26:6d:91:c7:01:95:
         9e:26:1b:c7:80:16:50:9c:d0:3a:1f:34:ba:1c:08:6c:62:0b:
         ef:92:37:45:9b:85:36:20:46:66:83:1a:f4:0d:fc:71:9b:64:
         20:dd:51:73:e8:bc:e0:f1:70:58:98:a1:7e:e4:f4:e8:d8:73:
         74:e3:40:2d:8d:23:ac:d5:3f:1c:2b:0a:95:55:12:c0:d6:05:
         b7:3d:93:10:dc:21:d4:b7:85:24:45:e6:34:2a:49:a1:1a:a7:
         97:43:31:ce:1d:7a:14:b9:7f:74:aa:b1:23:2f:60:dc:99:64:
         45:ce:0a:c7:61:02:f4:17:eb:48:4b:16:ba:f1:39:3b:26:8b:
         8d:a4:f3:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5feEB2EU05EnlaS6YCzdggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjYwNTI1MTQwOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU3NWJmMmI1NTAxMTgxZmIwMDg2MGE2ZTJhY2I3MWM0ZWFjNWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWR9q5WqM6J5Dho6NFKIFQmjS3WU
2TvrO1JJFdGn7wq0JmNtO5zl/18cuKFZ9O1YAA0jwERnCd+MTKIZxQlJbR41V6A5
XjyVmE9D/LZnbniwafYzCZkzB+At9QU+aCWquoTXpIMSeu/cBgm7J6HEVQGt8S84
xlIZqkWnfXXxG4153ltwcV50EtKNLwhM13EpTm49Ano/zmTyhhh/7V0IyznH0Okr
B2xSm2ElVfd2K2ROS/39Q3AWLR5+o1OhiHr8Oy7UyQpU/BlscSYUyq5X4GD5maC5
EvFuqqNAd8nHm1D8lLXUYgUC2c0IvHDYdYCnCxnkd8/AVAwN5ow9jaqMRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAJXW/K1UBGB+wCGCm4qy3HE6sX5MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvQWxkYjhyVlFFWUg3QUlZS2JpckxjY1RxeGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVRw9AwQA
VRw/MA0GCSqGSIb3DQEBCwUAA4IBAQBnHvqKk+FENXpfHLnoqDDKfVhZ+1tmdm8A
i1X6u6PVW3klqLgTKJgboXjKcBoOgyceXykfqLCPCYRwDS5QoL+KDc0f/gLQvqIw
fT9FBIlYhMeeV/lQLRHpu5YjVaG3I6f4ytP5jD+BrXsoTc4xiF7G9PV9cp/2RPwm
bZHHAZWeJhvHgBZQnNA6HzS6HAhsYgvvkjdFm4U2IEZmgxr0Dfxxm2Qg3VFz6Lzg
8XBYmKF+5PTo2HN040AtjSOs1T8cKwqVVRLA1gW3PZMQ3CHUt4UkReY0KkmhGqeX
QzHOHXoUuX90qrEjL2DcmWRFzgrHYQL0F+tISxa68Tk7JouNpPMa
-----END CERTIFICATE-----