Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/AIxUVPOlCMOhIinj3W6xOuNk5Ys.roa
File:                     AIxUVPOlCMOhIinj3W6xOuNk5Ys.roa (raw, json)
Hash identifier:          b6Tli69A3o4JyJ91SGKf/paVXqmVercyDJ8DRzna700=
Subject key identifier:   00:8C:54:54:F3:A5:08:C3:A1:22:29:E3:DD:6E:B1:3A:E3:64:E5:8B
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019E8431A6D5908BC9EDF2D1344917604A8E
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/AIxUVPOlCMOhIinj3W6xOuNk5Ys.roa
Signing time:             Mon 01 Jun 2026 17:18:26 +0000
ROA not before:           Mon 01 Jun 2026 17:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     979
IP address blocks:        64.83.0.0/18 maxlen: 24
                          64.90.0.0/19 maxlen: 24
                          64.178.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:31:a6:d5:90:8b:c9:ed:f2:d1:34:49:17:60:4a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Jun  1 17:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=008c5454f3a508c3a12229e3dd6eb13ae364e58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:53:ab:27:c4:4b:46:4f:23:48:10:f3:f8:f4:
                    c3:e4:c8:5d:ba:c6:d2:72:93:d8:67:4a:17:d9:ec:
                    d5:82:2b:12:25:d7:69:6e:b8:e2:a5:8a:ae:87:23:
                    dc:7b:f2:d0:1a:e7:53:cf:38:6f:c8:72:04:6d:92:
                    32:20:37:dd:47:75:74:80:a3:1f:36:b6:8e:f5:85:
                    85:a4:d5:d3:f2:bb:f1:6a:fe:62:94:ea:56:73:27:
                    23:65:00:43:b3:eb:16:93:5d:15:00:54:76:10:ef:
                    c7:8a:6b:38:9f:d0:e8:50:0b:a1:7f:f5:af:77:aa:
                    7e:29:82:b2:2c:cd:85:f1:09:45:18:88:c4:1d:3b:
                    91:ca:7c:82:bd:8f:e1:e4:65:e2:48:87:b6:d1:02:
                    cd:99:6b:d2:83:c0:1b:60:11:6b:ad:55:72:4b:41:
                    0f:ad:f9:5c:31:41:3f:13:5b:53:b2:93:08:d8:77:
                    b7:d8:4f:7f:14:24:43:59:18:06:c4:7a:d1:f5:50:
                    a9:2e:3e:ed:71:7d:d4:4c:48:56:3b:5a:30:2d:0f:
                    79:1c:eb:87:62:2d:d8:8f:60:af:34:d4:b0:90:5e:
                    30:5d:9d:37:9e:b2:ce:3a:22:fa:b2:c3:dc:18:8b:
                    f6:69:1f:bf:27:96:e2:f7:c9:20:84:3f:62:1f:d9:
                    37:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:8C:54:54:F3:A5:08:C3:A1:22:29:E3:DD:6E:B1:3A:E3:64:E5:8B
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/AIxUVPOlCMOhIinj3W6xOuNk5Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.83.0.0/18
                  64.90.0.0/19
                  64.178.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         45:a7:03:34:4e:05:1e:bd:62:67:0c:35:7f:af:b7:e8:b6:f4:
         cc:2b:c6:09:57:b0:f2:4e:f9:36:35:eb:d6:05:64:ed:c4:3b:
         2e:a0:0c:26:f1:bc:48:da:97:9c:94:0e:1e:31:df:97:c9:1d:
         04:12:f8:98:ee:7f:e0:6c:76:d9:6a:54:ca:29:0a:9f:14:49:
         e7:4a:8f:fd:6e:c2:ba:b7:ea:8f:58:c6:87:51:ad:d1:ab:92:
         de:c7:f4:32:96:44:ec:1e:3d:c2:86:98:bb:d2:19:86:6f:ff:
         45:ba:de:07:5c:72:f1:9d:03:24:bc:df:12:ae:bc:05:f2:62:
         52:ee:3f:27:21:1c:a4:47:1b:7d:0f:e6:19:04:bc:c8:f5:86:
         82:94:7d:7e:95:fb:cc:a2:80:45:bb:64:72:62:c8:96:c9:e2:
         42:68:2e:44:f5:b3:5e:eb:22:ac:cf:1e:bf:f3:99:a3:c0:6c:
         f5:f3:3c:72:8f:c2:1b:b9:32:12:d5:8c:b0:cf:42:f8:02:72:
         cf:34:a3:8e:e9:72:af:f3:89:c9:b9:ab:02:f1:6f:4c:16:dc:
         85:b3:b1:84:bc:d4:d5:eb:57:10:f4:df:f3:35:1c:5f:b2:43:
         9d:e0:68:c9:03:f6:ed:b1:cb:0f:31:87:59:83:1b:24:8f:a8:
         21:82:f4:96
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6EMabVkIvJ7fLRNEkXYEqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwNjAxMTcxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDhjNTQ1NGYzYTUwOGMzYTEyMjI5ZTNkZDZlYjEzYWUzNjRlNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFOrJ8RLRk8jSBDz+PTD5MhdusbS
cpPYZ0oX2ezVgisSJddpbrjipYquhyPce/LQGudTzzhvyHIEbZIyIDfdR3V0gKMf
NraO9YWFpNXT8rvxav5ilOpWcycjZQBDs+sWk10VAFR2EO/Hims4n9DoUAuhf/Wv
d6p+KYKyLM2F8QlFGIjEHTuRynyCvY/h5GXiSIe20QLNmWvSg8AbYBFrrVVyS0EP
rflcMUE/E1tTspMI2He32E9/FCRDWRgGxHrR9VCpLj7tcX3UTEhWO1owLQ95HOuH
Yi3Yj2CvNNSwkF4wXZ03nrLOOiL6ssPcGIv2aR+/J5bi98kghD9iH9k3JwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFACMVFTzpQjDoSIp491usTrjZOWLMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvQUl4VVZQT2xDTU9oSWluajNXNnhPdU5rNVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGQFMAAwQF
QFoAAwQEQLJwMA0GCSqGSIb3DQEBCwUAA4IBAQBFpwM0TgUevWJnDDV/r7fotvTM
K8YJV7DyTvk2NevWBWTtxDsuoAwm8bxI2peclA4eMd+XyR0EEviY7n/gbHbZalTK
KQqfFEnnSo/9bsK6t+qPWMaHUa3Rq5Lex/QylkTsHj3Chpi70hmGb/9Fut4HXHLx
nQMkvN8SrrwF8mJS7j8nIRykRxt9D+YZBLzI9YaClH1+lfvMooBFu2RyYsiWyeJC
aC5E9bNe6yKszx6/85mjwGz18zxyj8IbuTIS1Yywz0L4AnLPNKOO6XKv84nJuasC
8W9MFtyFs7GEvNTV61cQ9N/zNRxfskOd4GjJA/btscsPMYdZgxskj6ghgvSW
-----END CERTIFICATE-----