Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/MU6XwJ8zNdgVOiv3gsPVSdGEKHs.roa
File:                     MU6XwJ8zNdgVOiv3gsPVSdGEKHs.roa (raw, json)
Hash identifier:          ledvs/HIXDUhppjj7nEAUAQVDEnBPHL/yoHOVv86GLU=
Subject key identifier:   31:4E:97:C0:9F:33:35:D8:15:3A:2B:F7:82:C3:D5:49:D1:84:28:7B
Certificate issuer:       /CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
Certificate serial:       019EB64BF50ECBCEAB0C87FC8CDE26B1D074
Authority key identifier: EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/MU6XwJ8zNdgVOiv3gsPVSdGEKHs.roa
Signing time:             Thu 11 Jun 2026 10:48:11 +0000
ROA not before:           Thu 11 Jun 2026 10:48:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     11161
IP address blocks:        64.83.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:4b:f5:0e:cb:ce:ab:0c:87:fc:8c:de:26:b1:d0:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebaf0d20f98e3a20550c996d74292688f0d2279d
        Validity
            Not Before: Jun 11 10:48:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=314e97c09f3335d8153a2bf782c3d549d184287b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4a:17:8e:d3:d6:7f:e7:83:3f:20:e0:c3:0c:
                    7f:7f:9f:58:d4:ca:37:21:84:01:00:7f:59:27:ec:
                    8c:8d:c2:11:69:cb:a4:a3:79:54:6e:ec:7b:8f:ea:
                    f7:1a:4c:96:2b:aa:9e:c8:1b:f4:07:7f:e7:e4:e4:
                    f0:93:c2:26:da:70:c5:04:cc:cf:90:ef:78:64:dc:
                    32:72:cc:e3:eb:26:3c:2b:a7:47:11:7e:b3:42:0d:
                    bd:92:6d:3a:ea:73:a4:48:da:a0:24:26:19:85:39:
                    69:24:39:01:fa:4e:58:37:78:15:04:46:d3:e4:cd:
                    8f:66:d5:e3:43:59:d5:41:a2:97:22:2e:16:b2:b7:
                    a6:6d:03:53:a9:34:51:5c:55:b6:89:14:6f:29:88:
                    0d:4b:97:7f:14:0d:79:5f:17:a6:17:02:aa:42:57:
                    bd:b9:db:11:7c:c9:ea:36:eb:3c:cb:6f:37:a8:1a:
                    00:3c:49:c8:3d:70:77:86:28:c2:f1:80:68:cf:05:
                    e6:f4:ca:57:7a:4b:c5:8a:b6:2a:89:f1:3f:f5:1a:
                    91:19:fe:5a:5e:16:ac:52:f7:a2:7d:d2:f8:a8:7f:
                    aa:fb:86:37:b4:44:cd:49:2f:69:22:6a:10:a1:a4:
                    93:04:f5:19:16:e5:e0:74:13:d4:8f:18:6d:7f:02:
                    4e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4E:97:C0:9F:33:35:D8:15:3A:2B:F7:82:C3:D5:49:D1:84:28:7B
            X509v3 Authority Key Identifier:
                keyid:EB:AF:0D:20:F9:8E:3A:20:55:0C:99:6D:74:29:26:88:F0:D2:27:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/668NIPmOOiBVDJltdCkmiPDSJ50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/MU6XwJ8zNdgVOiv3gsPVSdGEKHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d0be06-ef5f-4418-af1c-320936288e95/1/668NIPmOOiBVDJltdCkmiPDSJ50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.83.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9a:91:69:ac:03:58:9d:ad:fc:a2:ac:f3:34:ce:aa:82:fe:e6:
         46:69:93:49:cd:9a:82:3d:46:0b:4e:22:53:99:b0:e3:51:f5:
         d2:01:5b:73:f6:b5:e2:a0:20:15:d2:74:12:df:5e:83:c1:66:
         5c:35:5e:71:74:9a:c1:d7:72:05:37:8a:a9:2e:f7:a0:30:3e:
         4f:be:33:10:50:ff:97:ef:7b:ab:1e:d9:4d:ca:98:35:3a:21:
         7a:20:23:fa:18:ec:13:9f:18:69:00:e9:6b:b1:33:70:c6:fb:
         9f:6d:03:d1:71:a6:50:31:57:ec:e1:c0:2e:3a:c3:0d:d5:d5:
         16:3b:e7:a8:1a:35:21:29:43:9d:a1:8e:be:af:ee:fa:f8:c7:
         d2:33:2f:ad:6b:7b:1b:e7:88:f4:2c:8a:1b:f9:a4:55:60:54:
         e1:47:5c:b3:b5:4d:00:53:76:9f:9c:34:f0:4e:bc:cb:80:66:
         0b:60:d1:23:b2:68:a1:83:7b:9a:e8:86:56:04:97:ea:d9:8e:
         32:b3:6a:1d:1a:39:ba:74:d1:df:2f:dd:2f:d6:af:0e:cc:14:
         b0:e2:2b:d6:41:02:d6:40:6e:d4:2b:65:2d:77:03:e5:f1:94:
         9f:c3:f3:a7:a6:64:d1:d3:7c:0f:0d:2d:33:b1:44:6e:dd:18:
         ab:3a:6b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ62S/UOy86rDIf8jN4msdB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYWYwZDIwZjk4ZTNhMjA1NTBjOTk2ZDc0MjkyNjg4ZjBk
MjI3OWQwHhcNMjYwNjExMTA0ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRlOTdjMDlmMzMzNWQ4MTUzYTJiZjc4MmMzZDU0OWQxODQyODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EoXjtPWf+eDPyDgwwx/f59Y1Mo3
IYQBAH9ZJ+yMjcIRacuko3lUbux7j+r3GkyWK6qeyBv0B3/n5OTwk8Im2nDFBMzP
kO94ZNwycszj6yY8K6dHEX6zQg29km066nOkSNqgJCYZhTlpJDkB+k5YN3gVBEbT
5M2PZtXjQ1nVQaKXIi4WsrembQNTqTRRXFW2iRRvKYgNS5d/FA15XxemFwKqQle9
udsRfMnqNus8y283qBoAPEnIPXB3hijC8YBozwXm9MpXekvFirYqifE/9RqRGf5a
XhasUveifdL4qH+q+4Y3tETNSS9pImoQoaSTBPUZFuXgdBPUjxhtfwJOTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFOl8CfMzXYFTor94LD1UnRhCh7MB8GA1UdIwQY
MBaAFOuvDSD5jjogVQyZbXQpJojw0iedMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMt
MzIwOTM2Mjg4ZTk1LzEvTVU2WHdKOHpOZGdWT2l2M2dzUFZTZEdFS0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMGJlMDYtZWY1Zi00NDE4LWFmMWMtMzIwOTM2Mjg4ZTk1
LzEvNjY4TklQbU9PaUJWREpsdGRDa21pUERTSjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFQFMAMA0G
CSqGSIb3DQEBCwUAA4IBAQCakWmsA1idrfyirPM0zqqC/uZGaZNJzZqCPUYLTiJT
mbDjUfXSAVtz9rXioCAV0nQS316DwWZcNV5xdJrB13IFN4qpLvegMD5PvjMQUP+X
73urHtlNypg1OiF6ICP6GOwTnxhpAOlrsTNwxvufbQPRcaZQMVfs4cAuOsMN1dUW
O+eoGjUhKUOdoY6+r+76+MfSMy+ta3sb54j0LIob+aRVYFThR1yztU0AU3afnDTw
TrzLgGYLYNEjsmihg3ua6IZWBJfq2Y4ys2odGjm6dNHfL90v1q8OzBSw4ivWQQLW
QG7UK2UtdwPl8ZSfw/OnpmTR03wPDS0zsURu3RirOmtu
-----END CERTIFICATE-----