Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/mui-sKtnNSWRSnaMqkLa51rt19o.roa
File:                     mui-sKtnNSWRSnaMqkLa51rt19o.roa (raw, json)
Hash identifier:          BS+qRZKXjkKi+axAKoghb2DmzEDHB1JdOOcYm5gKVHU=
Subject key identifier:   9A:E8:BE:B0:AB:67:35:25:91:4A:76:8C:AA:42:DA:E7:5A:ED:D7:DA
Certificate issuer:       /CN=2575b848f90c834c706b11830a6ffe924b52e2fb
Certificate serial:       019D8564F848E1B686A4F2E74D8D82507A8C
Authority key identifier: 25:75:B8:48:F9:0C:83:4C:70:6B:11:83:0A:6F:FE:92:4B:52:E2:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXW4SPkMg0xwaxGDCm_-kktS4vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/mui-sKtnNSWRSnaMqkLa51rt19o.roa
Signing time:             Mon 13 Apr 2026 05:51:19 +0000
ROA not before:           Mon 13 Apr 2026 05:51:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34214
IP address blocks:        194.88.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/JXW4SPkMg0xwaxGDCm_-kktS4vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/JXW4SPkMg0xwaxGDCm_-kktS4vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXW4SPkMg0xwaxGDCm_-kktS4vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:64:f8:48:e1:b6:86:a4:f2:e7:4d:8d:82:50:7a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2575b848f90c834c706b11830a6ffe924b52e2fb
        Validity
            Not Before: Apr 13 05:51:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ae8beb0ab673525914a768caa42dae75aedd7da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f7:18:83:ce:71:16:53:d7:2e:ae:a1:4a:3a:
                    9a:23:a7:f6:f8:80:49:aa:5b:f7:a1:64:ad:2b:a0:
                    63:f2:b6:49:8f:d2:8b:bd:89:5c:b5:5f:e4:62:b9:
                    65:dd:5c:96:22:07:93:b5:af:1c:0d:a3:2f:a0:7b:
                    af:61:6d:ba:3f:40:95:68:31:08:75:8c:ba:8f:0e:
                    02:5d:1f:ae:3d:0f:2f:3a:cb:6d:bd:ad:7a:5e:38:
                    a2:23:93:d6:f5:1b:f9:1a:8a:7b:7c:cc:82:78:a2:
                    20:6b:24:94:3c:5c:79:14:3d:2f:b3:d6:45:b6:27:
                    0c:e5:2b:9f:0b:0e:49:c1:c2:d5:64:6f:bf:e1:07:
                    c4:bb:bc:5d:3a:f7:4a:95:2c:a5:76:7f:41:2c:93:
                    2a:1c:8e:ab:31:5f:b9:4e:17:d6:28:7d:8e:ad:20:
                    d5:19:4c:93:2e:38:34:33:aa:c1:48:8a:29:39:0f:
                    23:60:2c:b3:b5:48:51:97:60:75:fd:83:c5:47:a0:
                    c3:75:f0:19:dc:7a:41:33:64:e8:1b:75:8f:7c:f0:
                    f8:5d:45:d0:c7:35:78:79:a0:40:8c:70:c1:32:cc:
                    f7:d4:a3:e7:1d:70:00:45:2d:22:bf:ff:a5:57:86:
                    ed:e0:a7:f7:35:6b:bc:70:a3:54:a2:76:b8:70:9a:
                    bf:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:E8:BE:B0:AB:67:35:25:91:4A:76:8C:AA:42:DA:E7:5A:ED:D7:DA
            X509v3 Authority Key Identifier:
                keyid:25:75:B8:48:F9:0C:83:4C:70:6B:11:83:0A:6F:FE:92:4B:52:E2:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXW4SPkMg0xwaxGDCm_-kktS4vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/mui-sKtnNSWRSnaMqkLa51rt19o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/eb3e78-5fa6-4c01-9bcd-560488c8054c/1/JXW4SPkMg0xwaxGDCm_-kktS4vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:fd:15:c8:b7:34:66:48:e2:75:94:6b:36:8b:4f:a2:54:e3:
         97:43:b3:ed:38:37:63:3e:b4:fd:f0:d3:2b:ce:7a:78:c2:b3:
         11:05:38:0e:d1:30:ae:55:ba:e2:56:46:78:25:33:aa:19:75:
         9a:13:dd:31:3e:08:3e:9d:c0:be:25:77:13:ec:86:74:3f:57:
         4d:f2:07:d0:41:a1:30:46:9a:70:0b:4a:6e:f8:be:e4:a7:27:
         c4:0c:3a:e8:47:fe:e2:13:2d:16:85:d3:83:58:8b:75:dd:f2:
         93:b5:08:1e:0b:92:6e:62:0c:5f:d2:55:71:03:0f:da:52:c0:
         e9:01:73:26:cb:8c:1d:03:b0:ba:12:fc:dd:a1:86:f1:3f:08:
         c7:db:72:34:a6:1a:8e:4a:af:c0:0d:fc:ff:8f:be:de:82:6f:
         36:95:7f:4f:0f:98:58:60:89:a5:69:1d:88:76:b0:ca:d0:0b:
         29:e8:53:55:91:97:9d:ac:c1:75:ac:0d:8e:95:0c:0a:09:a8:
         6c:be:83:cf:eb:5e:9c:2d:e7:75:bb:e4:85:81:06:5b:b9:7a:
         5f:aa:a4:d5:b1:1c:68:55:3c:f6:c7:a1:73:bf:6c:dc:35:5f:
         7a:6b:ea:10:4b:a0:56:f1:51:e7:4d:15:42:50:b9:f4:4b:30:
         3c:f1:36:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2FZPhI4baGpPLnTY2CUHqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NzViODQ4ZjkwYzgzNGM3MDZiMTE4MzBhNmZmZTkyNGI1
MmUyZmIwHhcNMjYwNDEzMDU1MTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWU4YmViMGFiNjczNTI1OTE0YTc2OGNhYTQyZGFlNzVhZWRkN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfcYg85xFlPXLq6hSjqaI6f2+IBJ
qlv3oWStK6Bj8rZJj9KLvYlctV/kYrll3VyWIgeTta8cDaMvoHuvYW26P0CVaDEI
dYy6jw4CXR+uPQ8vOsttva16XjiiI5PW9Rv5Gop7fMyCeKIgaySUPFx5FD0vs9ZF
ticM5SufCw5JwcLVZG+/4QfEu7xdOvdKlSyldn9BLJMqHI6rMV+5ThfWKH2OrSDV
GUyTLjg0M6rBSIopOQ8jYCyztUhRl2B1/YPFR6DDdfAZ3HpBM2ToG3WPfPD4XUXQ
xzV4eaBAjHDBMsz31KPnHXAARS0iv/+lV4bt4Kf3NWu8cKNUona4cJq/tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrovrCrZzUlkUp2jKpC2uda7dfaMB8GA1UdIwQY
MBaAFCV1uEj5DINMcGsRgwpv/pJLUuL7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhXNFNQa01nMHh3YXhHRENtXy1ra3RTNHZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lYjNlNzgtNWZhNi00YzAxLTliY2Qt
NTYwNDg4YzgwNTRjLzEvbXVpLXNLdG5OU1dSU25hTXFrTGE1MXJ0MTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lYjNlNzgtNWZhNi00YzAxLTliY2QtNTYwNDg4YzgwNTRj
LzEvSlhXNFNQa01nMHh3YXhHRENtXy1ra3RTNHZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlgBMA0G
CSqGSIb3DQEBCwUAA4IBAQAo/RXItzRmSOJ1lGs2i0+iVOOXQ7PtODdjPrT98NMr
znp4wrMRBTgO0TCuVbriVkZ4JTOqGXWaE90xPgg+ncC+JXcT7IZ0P1dN8gfQQaEw
RppwC0pu+L7kpyfEDDroR/7iEy0WhdODWIt13fKTtQgeC5JuYgxf0lVxAw/aUsDp
AXMmy4wdA7C6EvzdoYbxPwjH23I0phqOSq/ADfz/j77egm82lX9PD5hYYImlaR2I
drDK0Asp6FNVkZedrMF1rA2OlQwKCahsvoPP616cLed1u+SFgQZbuXpfqqTVsRxo
VTz2x6Fzv2zcNV96a+oQS6BW8VHnTRVCULn0SzA88TYM
-----END CERTIFICATE-----