Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MUZiDO54e7p2JQtXs0kjkGjrEDA.roa
File:                     MUZiDO54e7p2JQtXs0kjkGjrEDA.roa (raw, json)
Hash identifier:          KBrFrQMDlDHIq1U5Xgsa7VGFPDANxU/GqkcoXM8r8GE=
Subject key identifier:   31:46:62:0C:EE:78:7B:BA:76:25:0B:57:B3:49:23:90:68:EB:10:30
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E9B5FD974101FBB7C50CD0E863BC7FE0E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MUZiDO54e7p2JQtXs0kjkGjrEDA.roa
Signing time:             Sat 06 Jun 2026 05:20:10 +0000
ROA not before:           Sat 06 Jun 2026 05:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        212.192.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:5f:d9:74:10:1f:bb:7c:50:cd:0e:86:3b:c7:fe:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  6 05:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3146620cee787bba76250b57b349239068eb1030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ba:7f:2f:8e:5b:4b:9c:c4:dc:52:52:65:85:
                    0e:ac:50:22:d7:c8:8d:bf:d9:5d:1f:bd:93:76:4a:
                    20:1e:96:40:b2:ca:5a:0d:a4:e3:76:a9:92:57:01:
                    97:c9:27:30:b3:a9:65:04:b9:58:08:f6:33:d5:45:
                    73:44:23:48:c1:43:6a:cc:ef:3e:f4:dc:46:c5:8e:
                    a8:99:15:56:d1:27:86:a6:0f:db:87:8e:2b:00:d0:
                    c1:0a:43:ae:26:70:d0:11:57:51:d6:d1:48:42:d2:
                    33:21:2f:00:d1:3a:4c:63:2b:9d:a3:79:86:48:14:
                    24:00:07:db:91:7a:80:aa:8d:4c:ed:ee:8f:88:9f:
                    b2:c9:3f:ee:f2:0f:a4:c9:1f:37:6e:bc:7e:4a:d7:
                    7e:e1:d6:0f:14:f4:af:54:bb:33:20:48:36:01:1d:
                    a0:04:61:d1:db:b9:35:29:cf:d3:0d:c2:08:e5:b7:
                    03:25:9e:e6:47:0d:4f:69:9f:05:d4:3f:a2:7e:01:
                    33:7e:9f:04:62:5b:9f:dc:b3:0a:9b:c1:9c:67:03:
                    6d:09:f3:f3:7f:07:e3:4f:9e:8b:27:51:f6:ed:1d:
                    00:f0:e3:c7:e6:71:b8:0e:b2:18:e9:b4:af:51:6e:
                    4f:c0:ce:e3:c2:8c:2b:63:e4:66:89:31:49:3d:bb:
                    b4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:46:62:0C:EE:78:7B:BA:76:25:0B:57:B3:49:23:90:68:EB:10:30
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MUZiDO54e7p2JQtXs0kjkGjrEDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:dc:f1:71:eb:13:67:a5:40:0a:07:29:b8:73:9e:a5:59:82:
         7c:ec:01:5c:bc:8c:ca:c7:9c:58:cc:72:07:ef:d8:1a:c6:19:
         f2:2b:4c:6a:f2:da:e8:e5:65:25:dc:bf:a2:16:e3:af:1d:bb:
         99:69:eb:b8:ee:65:76:82:c3:ae:1c:4b:3d:b7:02:5a:42:55:
         64:55:d4:a9:cd:e8:65:fc:37:1b:0e:8b:16:a4:9f:cf:4a:23:
         2b:00:7e:d9:3e:7f:e9:98:4a:4f:5b:bf:00:c6:ce:ee:a5:1a:
         c5:c1:c7:12:e9:53:a7:59:30:b1:8f:19:6e:2c:55:c5:0a:73:
         17:11:f0:2f:16:c3:21:c7:1b:54:97:d3:aa:d5:c1:de:68:18:
         2e:4a:d6:e6:30:fb:fb:4a:1e:e3:4b:fe:eb:41:54:9d:0b:48:
         01:72:c3:6c:9d:26:ba:69:3b:06:ca:d3:f7:a1:b7:7a:69:60:
         fc:00:ac:af:4b:92:88:24:52:c2:d0:0b:d4:41:c7:95:9f:a6:
         77:0a:20:2f:a3:52:57:fc:4e:9b:c2:67:4b:5a:ad:3a:56:14:
         3c:41:f7:ac:4a:f6:2d:3d:e1:bd:4f:6b:58:1e:49:8c:0b:11:
         f8:db:8e:a2:9d:a9:f2:d0:be:e9:52:4d:82:92:61:33:ad:ef:
         6d:87:fc:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6bX9l0EB+7fFDNDoY7x/4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjA2MDUyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQ2NjIwY2VlNzg3YmJhNzYyNTBiNTdiMzQ5MjM5MDY4ZWIxMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrp/L45bS5zE3FJSZYUOrFAi18iN
v9ldH72TdkogHpZAsspaDaTjdqmSVwGXyScws6llBLlYCPYz1UVzRCNIwUNqzO8+
9NxGxY6omRVW0SeGpg/bh44rANDBCkOuJnDQEVdR1tFIQtIzIS8A0TpMYyudo3mG
SBQkAAfbkXqAqo1M7e6PiJ+yyT/u8g+kyR83brx+Std+4dYPFPSvVLszIEg2AR2g
BGHR27k1Kc/TDcII5bcDJZ7mRw1PaZ8F1D+ifgEzfp8EYluf3LMKm8GcZwNtCfPz
fwfjT56LJ1H27R0A8OPH5nG4DrIY6bSvUW5PwM7jwowrY+RmiTFJPbu0gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFGYgzueHu6diULV7NJI5Bo6xAwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTVVaaURPNTRlN3AySlF0WHMwa2prR2pyRURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD7MA0G
CSqGSIb3DQEBCwUAA4IBAQAA3PFx6xNnpUAKBym4c56lWYJ87AFcvIzKx5xYzHIH
79gaxhnyK0xq8tro5WUl3L+iFuOvHbuZaeu47mV2gsOuHEs9twJaQlVkVdSpzehl
/DcbDosWpJ/PSiMrAH7ZPn/pmEpPW78Axs7upRrFwccS6VOnWTCxjxluLFXFCnMX
EfAvFsMhxxtUl9Oq1cHeaBguStbmMPv7Sh7jS/7rQVSdC0gBcsNsnSa6aTsGytP3
obd6aWD8AKyvS5KIJFLC0AvUQceVn6Z3CiAvo1JX/E6bwmdLWq06VhQ8QfesSvYt
PeG9T2tYHkmMCxH4246inany0L7pUk2CkmEzre9th/x1
-----END CERTIFICATE-----