Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IwtQx6oFlRNo-3alo1jOZanjnW4.roa
File:                     IwtQx6oFlRNo-3alo1jOZanjnW4.roa (raw, json)
Hash identifier:          JzPNRHFpFrDNzA2kwkl527pUT+J4p+omOEUd1ZuqlyQ=
Subject key identifier:   23:0B:50:C7:AA:05:95:13:68:FB:76:A5:A3:58:CE:65:A9:E3:9D:6E
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019DD4891E5DA53FD831119C9A657E365F6A
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IwtQx6oFlRNo-3alo1jOZanjnW4.roa
Signing time:             Tue 28 Apr 2026 14:40:49 +0000
ROA not before:           Tue 28 Apr 2026 14:40:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     11161
IP address blocks:        64.178.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:89:1e:5d:a5:3f:d8:31:11:9c:9a:65:7e:36:5f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Apr 28 14:40:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=230b50c7aa05951368fb76a5a358ce65a9e39d6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2c:73:2f:72:3b:45:f7:24:41:65:9c:05:55:
                    c5:47:90:3d:00:62:28:40:97:e7:22:8d:8d:ea:6b:
                    a9:e4:d9:74:a5:ac:b1:fb:dc:6f:34:d5:9a:7d:b4:
                    28:f3:ab:14:d6:90:0c:bd:b6:20:b0:69:c9:7c:a4:
                    35:98:1d:57:0a:4c:be:3a:c6:e2:e2:b0:24:01:a9:
                    f3:29:e0:7b:f8:43:1e:ab:bb:77:0e:7e:eb:16:d6:
                    92:5e:e5:df:ab:d6:1e:8c:1b:07:18:4d:52:45:b2:
                    1b:d9:27:81:6f:78:2b:a0:bf:02:c4:4f:70:f0:09:
                    a6:a1:a0:08:2a:d7:a5:a0:53:5d:6f:50:af:62:83:
                    ab:1f:4a:d4:22:d8:46:fd:15:00:3e:b4:c2:4e:82:
                    67:45:ca:c4:71:52:a5:de:f0:f0:3e:9b:af:9a:35:
                    60:4f:28:79:69:f3:cc:01:1e:fa:0a:b2:a3:c2:63:
                    73:64:73:8c:3f:a7:5b:c5:0f:83:84:ca:56:eb:f5:
                    71:18:6d:62:db:50:11:78:35:8f:ea:f1:ec:12:a1:
                    4a:56:09:e9:13:36:48:19:0a:26:89:e2:a9:ff:85:
                    ca:57:bf:a3:c8:5d:af:d6:4c:cb:db:9d:46:bf:36:
                    eb:1d:e3:a7:3c:e5:a2:8b:5d:2f:f2:15:49:af:0b:
                    3f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0B:50:C7:AA:05:95:13:68:FB:76:A5:A3:58:CE:65:A9:E3:9D:6E
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/IwtQx6oFlRNo-3alo1jOZanjnW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.178.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         15:a6:e0:07:d3:b4:3a:22:a7:c5:0e:de:a7:01:d1:43:08:4a:
         b0:ef:9a:34:a2:f6:cd:49:fa:69:d1:de:42:8f:8b:50:56:01:
         8e:35:af:07:9f:b4:3b:5b:c9:36:29:59:e7:e1:a8:55:45:4d:
         0b:40:1c:c5:cd:b8:c2:af:f2:e1:04:1e:5e:08:36:a5:73:11:
         56:2b:9f:47:b2:c9:7a:13:e1:da:06:c6:3a:69:1b:ee:ac:6c:
         2e:c8:70:91:4a:09:81:26:90:1c:9f:70:54:19:74:a3:7a:4c:
         68:59:6d:4c:a6:c7:9f:8c:f9:60:53:c5:16:de:05:2f:86:0a:
         fe:cb:24:75:51:b6:b8:45:ed:a2:7d:20:9a:d3:3d:0e:2d:39:
         f9:dc:23:7c:12:b2:0c:d8:4f:92:b9:71:7c:5c:77:25:64:2b:
         89:eb:e8:5a:2e:66:8f:4f:c3:cb:db:ea:e2:2b:07:19:30:66:
         c3:07:b8:3d:61:86:ae:f2:5d:cd:8a:8f:bc:f7:e2:1b:4e:b5:
         f5:58:38:8a:d0:b6:a9:a7:02:51:d6:d9:53:9d:8d:a9:1e:51:
         42:f4:7e:7f:1f:b4:ca:fd:92:c4:f7:21:5f:75:02:e8:a0:a2:
         a2:00:d7:51:54:18:9d:fd:9e:09:ae:08:8d:f9:4b:7f:4f:ac:
         94:4d:0a:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UiR5dpT/YMRGcmmV+Nl9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwNDI4MTQ0MDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBiNTBjN2FhMDU5NTEzNjhmYjc2YTVhMzU4Y2U2NWE5ZTM5ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryxzL3I7RfckQWWcBVXFR5A9AGIo
QJfnIo2N6mup5Nl0payx+9xvNNWafbQo86sU1pAMvbYgsGnJfKQ1mB1XCky+Osbi
4rAkAanzKeB7+EMeq7t3Dn7rFtaSXuXfq9YejBsHGE1SRbIb2SeBb3groL8CxE9w
8AmmoaAIKteloFNdb1CvYoOrH0rUIthG/RUAPrTCToJnRcrEcVKl3vDwPpuvmjVg
Tyh5afPMAR76CrKjwmNzZHOMP6dbxQ+DhMpW6/VxGG1i21AReDWP6vHsEqFKVgnp
EzZIGQomieKp/4XKV7+jyF2v1kzL251GvzbrHeOnPOWii10v8hVJrws/JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMLUMeqBZUTaPt2paNYzmWp451uMB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvSXd0UXg2b0ZsUk5vLTNhbG8xak9aYW5qblc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEQLJwMA0G
CSqGSIb3DQEBCwUAA4IBAQAVpuAH07Q6IqfFDt6nAdFDCEqw75o0ovbNSfpp0d5C
j4tQVgGONa8Hn7Q7W8k2KVnn4ahVRU0LQBzFzbjCr/LhBB5eCDalcxFWK59Hssl6
E+HaBsY6aRvurGwuyHCRSgmBJpAcn3BUGXSjekxoWW1MpsefjPlgU8UW3gUvhgr+
yyR1Uba4Re2ifSCa0z0OLTn53CN8ErIM2E+SuXF8XHclZCuJ6+haLmaPT8PL2+ri
KwcZMGbDB7g9YYau8l3Nio+89+IbTrX1WDiK0LappwJR1tlTnY2pHlFC9H5/H7TK
/ZLE9yFfdQLooKKiANdRVBid/Z4JrgiN+Ut/T6yUTQoV
-----END CERTIFICATE-----