Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IXndCmeOG5jEOCSeVO4Mi1yUBkk.roa
File:                     IXndCmeOG5jEOCSeVO4Mi1yUBkk.roa (raw, json)
Hash identifier:          Tx3I3nt+DJSgpY9OoztCIY4lbL63mMUtkPKAYTm2Y1w=
Subject key identifier:   21:79:DD:0A:67:8E:1B:98:C4:38:24:9E:54:EE:0C:8B:5C:94:06:49
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019E9E3D2DEA8887065D2DBBEA1679BB1D2B
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IXndCmeOG5jEOCSeVO4Mi1yUBkk.roa
Signing time:             Sat 06 Jun 2026 18:41:10 +0000
ROA not before:           Sat 06 Jun 2026 18:41:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61112
IP address blocks:        64.90.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9e:3d:2d:ea:88:87:06:5d:2d:bb:ea:16:79:bb:1d:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Jun  6 18:41:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2179dd0a678e1b98c438249e54ee0c8b5c940649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:03:17:c3:66:a6:79:54:a8:a1:15:d8:96:f0:
                    11:5e:10:91:96:be:22:73:de:b1:91:78:14:ca:d7:
                    19:13:a4:33:83:a1:fe:a5:88:61:18:07:b2:48:ea:
                    1d:2f:25:74:59:0a:d9:10:5a:f7:29:b0:a2:8e:5c:
                    6a:d0:6c:fe:8b:9a:6d:49:ac:2b:fe:79:29:af:e8:
                    9c:60:09:23:13:85:f8:cd:8c:cc:11:39:bf:fe:a8:
                    09:9e:e8:28:c6:94:37:58:64:ac:52:0c:c7:2f:b9:
                    4a:72:e2:59:aa:3b:19:75:bf:1b:7f:cd:4a:5c:e3:
                    52:0c:92:a7:64:d9:9c:bc:65:07:bb:7a:22:2f:97:
                    d8:43:af:f9:c5:04:e9:6c:52:d1:5f:17:b5:6e:3e:
                    f6:fc:85:18:70:b0:ea:97:44:13:40:c0:74:c7:a8:
                    a1:ba:7a:44:7b:52:04:49:b8:2b:8a:d3:06:88:d6:
                    7d:9f:00:32:a5:36:f0:84:f0:6b:14:b6:69:a2:d9:
                    f6:db:5a:40:68:06:35:26:97:48:8d:25:a6:41:b8:
                    d7:58:1c:d1:90:73:5a:06:fb:16:51:9c:91:f7:e0:
                    98:b4:cb:52:8f:5e:27:c9:82:d7:ca:d6:79:c5:4d:
                    ca:0b:70:bc:43:15:2a:61:56:be:51:93:d5:9a:42:
                    c6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:79:DD:0A:67:8E:1B:98:C4:38:24:9E:54:EE:0C:8B:5C:94:06:49
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IXndCmeOG5jEOCSeVO4Mi1yUBkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.90.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:1c:93:dd:d4:1a:22:04:ec:a6:68:9f:20:01:33:ed:e7:70:
         8d:90:67:d2:1d:71:7a:3e:4b:2b:c7:8c:8a:42:50:14:f5:66:
         0a:87:71:32:95:6b:fe:ff:6c:8d:a3:f8:72:e2:f2:98:51:cc:
         33:e2:c0:b4:ef:4b:77:f8:f8:f1:4e:1b:2a:6d:de:e7:5d:0b:
         4c:c8:1f:4b:31:e7:57:00:3e:8e:5f:05:2e:7f:6a:a4:f5:fa:
         68:69:2b:8e:60:d7:c0:03:bc:fe:da:86:ec:0e:d9:d2:19:44:
         a5:e2:85:56:c1:42:d4:c3:02:41:dd:88:a9:92:22:c5:00:8e:
         e3:dc:6f:6f:7a:40:1b:14:5e:a0:8d:2f:d7:c0:d2:7c:31:5f:
         bd:c4:80:96:59:a1:44:e7:ba:f3:91:dd:a7:8d:38:54:97:08:
         fb:f7:a5:3a:90:75:3a:13:78:90:51:19:c9:8d:c1:6e:2f:87:
         e2:93:68:10:af:f1:c1:17:cc:a7:0a:e4:a2:bf:ef:28:54:99:
         bb:37:37:58:f9:8f:aa:a4:bc:5f:a4:be:28:22:d4:87:51:76:
         6f:fd:ea:28:2c:0f:93:d9:7b:fa:bc:57:bb:be:d7:fe:0c:cb:
         13:de:05:cc:2a:f9:8d:8c:42:f1:2c:7b:09:e4:8e:dc:96:e1:
         95:f5:61:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ePS3qiIcGXS276hZ5ux0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwNjA2MTg0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTc5ZGQwYTY3OGUxYjk4YzQzODI0OWU1NGVlMGM4YjVjOTQwNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gMXw2ameVSooRXYlvARXhCRlr4i
c96xkXgUytcZE6Qzg6H+pYhhGAeySOodLyV0WQrZEFr3KbCijlxq0Gz+i5ptSawr
/nkpr+icYAkjE4X4zYzMETm//qgJnugoxpQ3WGSsUgzHL7lKcuJZqjsZdb8bf81K
XONSDJKnZNmcvGUHu3oiL5fYQ6/5xQTpbFLRXxe1bj72/IUYcLDql0QTQMB0x6ih
unpEe1IESbgritMGiNZ9nwAypTbwhPBrFLZpotn221pAaAY1JpdIjSWmQbjXWBzR
kHNaBvsWUZyR9+CYtMtSj14nyYLXytZ5xU3KC3C8QxUqYVa+UZPVmkLGkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCF53QpnjhuYxDgknlTuDItclAZJMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvSVhuZENtZU9HNWpFT0NTZVZPNE1pMXlVQmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQFodMA0G
CSqGSIb3DQEBCwUAA4IBAQCEHJPd1BoiBOymaJ8gATPt53CNkGfSHXF6Pksrx4yK
QlAU9WYKh3EylWv+/2yNo/hy4vKYUcwz4sC070t3+PjxThsqbd7nXQtMyB9LMedX
AD6OXwUuf2qk9fpoaSuOYNfAA7z+2obsDtnSGUSl4oVWwULUwwJB3YipkiLFAI7j
3G9vekAbFF6gjS/XwNJ8MV+9xICWWaFE57rzkd2njThUlwj796U6kHU6E3iQURnJ
jcFuL4fik2gQr/HBF8ynCuSiv+8oVJm7NzdY+Y+qpLxfpL4oItSHUXZv/eooLA+T
2Xv6vFe7vtf+DMsT3gXMKvmNjELxLHsJ5I7cluGV9WH7
-----END CERTIFICATE-----