Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/mUoDBRXkgTNzdjas0Ha_cdFwJ-0.roa
File:                     mUoDBRXkgTNzdjas0Ha_cdFwJ-0.roa (raw, json)
Hash identifier:          PfPSIrSAOylS94Xd2snc5lAmLj9DBBVThou8n98ALEY=
Subject key identifier:   99:4A:03:05:15:E4:81:33:73:76:36:AC:D0:76:BF:71:D1:70:27:ED
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019D34BD0BB05F8F13669CDEDABD70798E09
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/mUoDBRXkgTNzdjas0Ha_cdFwJ-0.roa
Signing time:             Sat 28 Mar 2026 13:58:17 +0000
ROA not before:           Sat 28 Mar 2026 13:58:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     979
IP address blocks:        64.83.0.0/19 maxlen: 24
                          64.83.32.0/20 maxlen: 24
                          64.90.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:34:bd:0b:b0:5f:8f:13:66:9c:de:da:bd:70:79:8e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Mar 28 13:58:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=994a030515e48133737636acd076bf71d17027ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:68:be:90:8a:56:af:c6:6e:1e:9e:53:3c:b6:
                    82:dd:89:95:7a:c0:47:7f:67:64:d5:d8:2a:de:00:
                    33:4e:79:e8:e6:bf:de:51:72:85:31:c8:2b:cb:7c:
                    75:3b:d1:b2:8c:f1:4b:d4:ad:e0:95:3f:5c:02:c9:
                    50:61:91:09:e0:86:c6:1c:d2:1c:24:7c:34:a2:80:
                    2e:5b:69:b1:c3:a7:09:e7:da:31:b0:ff:95:29:4a:
                    06:16:be:5d:d3:f2:1d:0e:24:93:ab:25:d6:53:44:
                    87:b5:5c:9f:39:a3:87:cb:04:b8:5c:02:aa:c9:d3:
                    57:f8:56:71:f5:9f:1a:72:86:ae:52:70:58:cf:d1:
                    b8:34:7e:52:b9:22:8e:2c:09:86:b2:70:b9:34:a9:
                    76:86:1f:32:6e:57:63:2f:e0:fe:f2:a7:d2:61:e6:
                    b4:e7:15:ee:a6:54:ec:9a:b3:c6:69:f7:d6:6b:29:
                    04:18:96:53:b5:ba:d1:37:10:66:a9:c0:80:f6:e5:
                    99:65:d2:b8:9d:0c:bd:3a:07:a3:ae:84:27:48:66:
                    53:3a:d9:e4:c0:2e:b9:f8:68:c4:79:41:f2:b8:97:
                    3a:49:fb:81:a8:f8:6a:58:a0:94:93:3d:8e:cf:06:
                    88:5e:09:9d:e3:be:00:66:f7:4b:ee:e8:64:cc:61:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4A:03:05:15:E4:81:33:73:76:36:AC:D0:76:BF:71:D1:70:27:ED
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/mUoDBRXkgTNzdjas0Ha_cdFwJ-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.83.0.0-64.83.47.255
                  64.90.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         51:2b:b2:d7:f3:78:8b:e0:0c:06:2a:bb:24:f5:30:f9:a5:5e:
         63:04:f3:6a:02:9e:81:29:0e:0f:90:09:d2:aa:4b:b9:5c:59:
         33:50:65:c7:48:7a:8a:85:49:d2:a0:28:7a:a4:79:9c:e2:1f:
         eb:40:2f:48:5e:64:2f:a6:5a:ec:d7:91:5c:0c:b6:43:31:8c:
         72:dc:2c:d8:e2:f1:69:88:28:8b:f2:53:f2:4e:18:92:5e:1d:
         d4:9a:02:62:39:3e:7f:8e:d5:79:cb:ec:0b:44:95:86:c5:c2:
         02:d4:dd:33:a9:02:f0:ed:c1:77:f4:72:57:84:6a:e4:93:12:
         08:41:73:08:a5:ac:3b:61:56:4d:4b:9d:fb:b9:0c:a5:72:33:
         0e:92:53:c9:0f:aa:ab:86:10:0c:66:f6:2d:f7:cd:b2:53:f4:
         b5:d9:5e:57:d0:0f:59:dd:46:b2:6e:bc:3f:26:0a:4d:4e:22:
         a9:9b:e1:e9:20:c9:aa:32:54:ea:ae:b0:44:d3:56:f0:9a:ad:
         70:ad:8f:b2:1b:e2:0b:96:81:a8:07:1f:ea:00:59:03:c5:2b:
         2b:42:1b:65:88:be:f2:99:cc:60:fa:a1:5f:c5:f7:1d:f3:6b:
         cc:4c:2c:34:7b:9b:2e:de:59:77:a7:e5:02:cd:b8:58:5c:85:
         73:93:f5:b3
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZ00vQuwX48TZpze2r1weY4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwMzI4MTM1ODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRhMDMwNTE1ZTQ4MTMzNzM3NjM2YWNkMDc2YmY3MWQxNzAyN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mi+kIpWr8ZuHp5TPLaC3YmVesBH
f2dk1dgq3gAzTnno5r/eUXKFMcgry3x1O9GyjPFL1K3glT9cAslQYZEJ4IbGHNIc
JHw0ooAuW2mxw6cJ59oxsP+VKUoGFr5d0/IdDiSTqyXWU0SHtVyfOaOHywS4XAKq
ydNX+FZx9Z8acoauUnBYz9G4NH5SuSKOLAmGsnC5NKl2hh8ybldjL+D+8qfSYea0
5xXuplTsmrPGaffWaykEGJZTtbrRNxBmqcCA9uWZZdK4nQy9OgejroQnSGZTOtnk
wC65+GjEeUHyuJc6SfuBqPhqWKCUkz2OzwaIXgmd474AZvdL7uhkzGG5GQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFJlKAwUV5IEzc3Y2rNB2v3HRcCftMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvbVVvREJSWGtnVE56ZGphczBIYV9jZEZ3Si0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwBAUwME
BEBTIAMEBUBaADANBgkqhkiG9w0BAQsFAAOCAQEAUSuy1/N4i+AMBiq7JPUw+aVe
YwTzagKegSkOD5AJ0qpLuVxZM1Blx0h6ioVJ0qAoeqR5nOIf60AvSF5kL6Za7NeR
XAy2QzGMctws2OLxaYgoi/JT8k4Ykl4d1JoCYjk+f47VecvsC0SVhsXCAtTdM6kC
8O3Bd/RyV4Rq5JMSCEFzCKWsO2FWTUud+7kMpXIzDpJTyQ+qq4YQDGb2LffNslP0
tdleV9APWd1Gsm68PyYKTU4iqZvh6SDJqjJU6q6wRNNW8JqtcK2PshviC5aBqAcf
6gBZA8UrK0IbZYi+8pnMYPqhX8X3HfNrzEwsNHubLt5Zd6flAs24WFyFc5P1sw==
-----END CERTIFICATE-----