Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/pKEJ7DFWHbBkVzp3bQLrdzxNPJY.roa
File:                     pKEJ7DFWHbBkVzp3bQLrdzxNPJY.roa (raw, json)
Hash identifier:          TMTD7mh7ooZTdBqCU8hqfvjG3It5Zy3T0eHIJx3jzjI=
Subject key identifier:   A4:A1:09:EC:31:56:1D:B0:64:57:3A:77:6D:02:EB:77:3C:4D:3C:96
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019C957E956BEBAFBB74285174C024AE6D81
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/pKEJ7DFWHbBkVzp3bQLrdzxNPJY.roa
Signing time:             Wed 25 Feb 2026 15:50:26 +0000
ROA not before:           Wed 25 Feb 2026 15:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     979
IP address blocks:        64.83.0.0/18 maxlen: 24
                          64.90.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:7e:95:6b:eb:af:bb:74:28:51:74:c0:24:ae:6d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Feb 25 15:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4a109ec31561db064573a776d02eb773c4d3c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:05:af:3a:bb:01:58:ca:3a:a7:ea:ac:ee:53:
                    d6:b5:56:91:af:90:92:33:90:8a:18:ea:2b:10:a7:
                    30:c0:92:17:58:1d:dd:13:78:e0:61:e3:f2:75:f1:
                    79:bd:d7:7a:0c:dc:5f:ac:08:28:87:03:4a:03:69:
                    be:b6:ce:b0:cf:37:57:88:a9:7c:6e:9d:08:59:4f:
                    d4:3f:4e:9a:74:3c:85:93:02:33:b0:e1:0d:a4:d0:
                    89:3b:5d:94:55:a9:fa:ec:02:04:da:44:54:b4:5c:
                    cc:71:de:2c:b9:8c:b0:b0:46:b8:60:db:e9:b9:52:
                    9a:4a:94:f9:68:76:50:3b:aa:f3:36:04:c9:8c:e1:
                    2f:a9:f6:b6:cf:ab:2a:3e:2e:af:a9:ae:86:56:f7:
                    04:66:04:35:4f:bd:dd:4b:a0:3d:cf:67:da:dd:ac:
                    65:15:4e:78:e1:5a:af:a5:f6:36:18:a1:24:fc:5c:
                    48:70:4d:8e:e7:97:bd:4a:6d:5b:fd:97:cf:e5:39:
                    45:2d:b6:90:9c:24:b8:72:a6:15:51:be:6e:71:0b:
                    8d:b3:92:0d:8e:0a:d7:11:57:ff:a8:71:ba:ef:90:
                    f8:73:36:39:5a:9d:2a:f0:b9:10:fa:e7:91:6e:71:
                    39:e0:14:ce:67:29:56:b2:f7:3e:b9:03:bc:71:8e:
                    b2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A1:09:EC:31:56:1D:B0:64:57:3A:77:6D:02:EB:77:3C:4D:3C:96
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/pKEJ7DFWHbBkVzp3bQLrdzxNPJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.83.0.0/18
                  64.90.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2e:75:76:35:34:2f:b7:5c:06:06:e1:46:66:6d:ba:45:61:a7:
         65:e6:d7:86:dc:a2:4c:21:9f:2b:c0:d8:cd:d7:6a:ed:10:a3:
         21:8d:c2:37:1b:9b:a3:de:27:3b:3e:7d:87:93:f8:52:b5:3d:
         6e:16:e2:8d:96:39:79:31:93:b7:db:41:8a:a9:2a:14:10:da:
         d6:ab:e3:c5:55:c7:07:36:9e:71:0b:8a:16:ee:14:49:9a:53:
         70:e3:ce:5c:df:fe:7b:d5:99:c9:4d:24:4d:4c:9b:2b:fc:82:
         db:06:d4:54:55:91:1e:aa:2a:16:d3:b4:33:3e:3f:99:c9:4d:
         0a:19:af:f5:f4:80:f4:40:0c:a0:3d:e3:f8:37:08:eb:d2:64:
         90:7d:1f:9a:ae:64:d7:1b:6e:c6:42:15:2b:de:64:d3:0f:4e:
         0f:07:c5:e8:d6:96:ea:72:64:35:c2:7d:b2:4a:bb:4b:49:1b:
         8d:82:b9:6d:92:61:5f:40:59:52:5e:44:4e:7f:a5:96:8d:21:
         2d:48:02:a2:1f:e0:8c:e5:38:53:bf:55:46:60:d5:3e:5f:7f:
         4f:21:e4:06:7d:7e:17:93:16:e8:a2:21:11:8d:32:1b:3d:7a:
         ed:6e:f6:f0:5c:2f:e1:be:6a:37:c5:52:a8:2f:11:8b:7c:36:
         f9:1c:64:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyVfpVr66+7dChRdMAkrm2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwMjI1MTU1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGExMDllYzMxNTYxZGIwNjQ1NzNhNzc2ZDAyZWI3NzNjNGQzYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwWvOrsBWMo6p+qs7lPWtVaRr5CS
M5CKGOorEKcwwJIXWB3dE3jgYePydfF5vdd6DNxfrAgohwNKA2m+ts6wzzdXiKl8
bp0IWU/UP06adDyFkwIzsOENpNCJO12UVan67AIE2kRUtFzMcd4suYywsEa4YNvp
uVKaSpT5aHZQO6rzNgTJjOEvqfa2z6sqPi6vqa6GVvcEZgQ1T73dS6A9z2fa3axl
FU544VqvpfY2GKEk/FxIcE2O55e9Sm1b/ZfP5TlFLbaQnCS4cqYVUb5ucQuNs5IN
jgrXEVf/qHG675D4czY5Wp0q8LkQ+ueRbnE54BTOZylWsvc+uQO8cY6ybQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKShCewxVh2wZFc6d20C63c8TTyWMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvcEtFSjdERldIYkJrVnpwM2JRTHJkenhOUEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGQFMAAwQF
QFoAMA0GCSqGSIb3DQEBCwUAA4IBAQAudXY1NC+3XAYG4UZmbbpFYadl5teG3KJM
IZ8rwNjN12rtEKMhjcI3G5uj3ic7Pn2Hk/hStT1uFuKNljl5MZO320GKqSoUENrW
q+PFVccHNp5xC4oW7hRJmlNw485c3/571ZnJTSRNTJsr/ILbBtRUVZEeqioW07Qz
Pj+ZyU0KGa/19ID0QAygPeP4Nwjr0mSQfR+armTXG27GQhUr3mTTD04PB8Xo1pbq
cmQ1wn2ySrtLSRuNgrltkmFfQFlSXkROf6WWjSEtSAKiH+CM5ThTv1VGYNU+X39P
IeQGfX4XkxbooiERjTIbPXrtbvbwXC/hvmo3xVKoLxGLfDb5HGQ1
-----END CERTIFICATE-----