Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/MbX8Toqw0r9J8vtm77AKZx_6DsI.roa
File:                     MbX8Toqw0r9J8vtm77AKZx_6DsI.roa (raw, json)
Hash identifier:          3VtGQhyNOfR+9FmN7zOP8ZwidizXpvCOvQGwobiO8IE=
Subject key identifier:   31:B5:FC:4E:8A:B0:D2:BF:49:F2:FB:66:EF:B0:0A:67:1F:FA:0E:C2
Certificate issuer:       /CN=36d3f59b5f8a8fd66f1d13a2d0f91dc22bf8a1ca
Certificate serial:       019DF8BDA894A2E992C411047C4111F01CC9
Authority key identifier: 36:D3:F5:9B:5F:8A:8F:D6:6F:1D:13:A2:D0:F9:1D:C2:2B:F8:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/MbX8Toqw0r9J8vtm77AKZx_6DsI.roa
Signing time:             Tue 05 May 2026 15:24:32 +0000
ROA not before:           Tue 05 May 2026 15:24:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198276
IP address blocks:        2001:67c:16ec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:bd:a8:94:a2:e9:92:c4:11:04:7c:41:11:f0:1c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36d3f59b5f8a8fd66f1d13a2d0f91dc22bf8a1ca
        Validity
            Not Before: May  5 15:24:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31b5fc4e8ab0d2bf49f2fb66efb00a671ffa0ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1f:9b:53:9b:0e:94:30:3e:67:09:c3:c1:62:
                    1a:09:75:20:06:fa:49:37:5f:27:a2:f7:f1:e4:59:
                    bf:bf:4e:9f:f2:76:61:e0:80:f4:d4:ba:21:89:05:
                    a3:1f:00:f4:bc:ce:99:fc:0e:d5:a8:78:2b:40:61:
                    12:25:b4:99:90:35:22:e0:b2:e9:e1:87:49:c1:ef:
                    51:e4:66:06:e9:f4:53:12:21:41:b0:6a:06:08:e5:
                    ea:dc:b1:57:df:34:a9:db:59:1e:4b:ef:01:bd:8c:
                    3b:85:95:25:bc:b3:1d:ab:93:d5:2a:f6:f8:dc:09:
                    72:f9:b1:39:4b:a5:ad:e1:29:84:bd:b9:20:25:3e:
                    69:9c:7d:48:b9:6e:08:10:56:83:95:1a:91:26:a0:
                    d3:5f:f0:90:c2:60:61:e9:b6:f5:32:1d:5c:52:5c:
                    19:a4:a1:f2:e6:f6:58:75:b8:6d:b8:28:0f:24:73:
                    29:96:b2:f9:07:6e:7b:16:9d:ff:e9:8e:3b:70:50:
                    0a:d9:04:aa:e6:d5:d5:69:9f:ae:5d:7d:7f:b0:90:
                    a9:34:67:06:ac:c3:46:af:10:d0:6d:3a:b1:8f:5f:
                    1f:67:43:64:af:b9:d9:09:10:c6:92:c7:99:43:f1:
                    6a:c6:44:26:e8:fc:2f:4a:45:d3:c8:a4:1b:74:ee:
                    27:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B5:FC:4E:8A:B0:D2:BF:49:F2:FB:66:EF:B0:0A:67:1F:FA:0E:C2
            X509v3 Authority Key Identifier:
                keyid:36:D3:F5:9B:5F:8A:8F:D6:6F:1D:13:A2:D0:F9:1D:C2:2B:F8:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/MbX8Toqw0r9J8vtm77AKZx_6DsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:16ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:ae:65:fd:65:60:d6:db:f4:f8:22:6d:43:83:89:ff:bb:5e:
         63:6f:97:9d:26:34:80:9a:e2:5a:ff:e3:42:6e:4f:6b:a5:25:
         01:bb:6c:a5:73:92:3a:17:bc:36:5a:a8:b1:5f:5e:ed:f9:db:
         28:d3:7c:b7:1c:dd:94:03:ae:7b:e5:03:b3:14:30:7f:e5:97:
         48:23:53:06:14:7d:14:82:47:f1:4e:aa:b8:8d:b2:af:be:b1:
         66:2e:45:2b:5c:36:57:6d:5b:2d:e6:06:f6:0b:09:f0:99:e0:
         5b:e1:14:96:21:90:47:45:92:01:f5:d2:c9:09:61:98:39:26:
         96:89:71:09:f6:93:8e:c9:0d:5c:0c:36:f6:65:d1:7f:3e:d5:
         b2:97:f4:c7:e7:a7:1a:76:5f:dc:d6:ca:4e:f9:f0:91:2a:c6:
         d8:e4:c2:6f:71:0d:60:d7:9c:c3:46:20:f3:bc:8d:b7:90:90:
         ff:97:58:f4:36:31:c4:8c:3a:b0:d7:2d:e6:ed:2a:05:4d:54:
         31:c7:df:a2:7a:27:05:64:65:9b:c2:30:46:9f:31:ef:00:05:
         47:89:34:9a:14:7b:b1:16:be:15:c0:a1:a1:25:96:56:4a:77:
         4c:e6:78:d8:81:43:8e:18:ca:ed:38:69:1d:c5:fe:d3:91:7a:
         76:a3:12:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ34vaiUoumSxBEEfEER8BzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZDNmNTliNWY4YThmZDY2ZjFkMTNhMmQwZjkxZGMyMmJm
OGExY2EwHhcNMjYwNTA1MTUyNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI1ZmM0ZThhYjBkMmJmNDlmMmZiNjZlZmIwMGE2NzFmZmEwZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkh+bU5sOlDA+ZwnDwWIaCXUgBvpJ
N18novfx5Fm/v06f8nZh4ID01LohiQWjHwD0vM6Z/A7VqHgrQGESJbSZkDUi4LLp
4YdJwe9R5GYG6fRTEiFBsGoGCOXq3LFX3zSp21keS+8BvYw7hZUlvLMdq5PVKvb4
3Aly+bE5S6Wt4SmEvbkgJT5pnH1IuW4IEFaDlRqRJqDTX/CQwmBh6bb1Mh1cUlwZ
pKHy5vZYdbhtuCgPJHMplrL5B257Fp3/6Y47cFAK2QSq5tXVaZ+uXX1/sJCpNGcG
rMNGrxDQbTqxj18fZ0Nkr7nZCRDGkseZQ/FqxkQm6PwvSkXTyKQbdO4n9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDG1/E6KsNK/SfL7Zu+wCmcf+g7CMB8GA1UdIwQY
MBaAFDbT9Ztfio/Wbx0TotD5HcIr+KHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnRQMW0xLUtqOVp2SFJPaTBQa2R3aXY0b2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9lN2M4ZjMtYzBiYS00MjNlLTk2NjEt
Yzg1ZWZkNTYxZTI1LzEvTWJYOFRvcXcwcjlKOHZ0bTc3QUtaeF82RHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9lN2M4ZjMtYzBiYS00MjNlLTk2NjEtYzg1ZWZkNTYxZTI1
LzEvTnRQMW0xLUtqOVp2SFJPaTBQa2R3aXY0b2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBbs
MA0GCSqGSIb3DQEBCwUAA4IBAQCGrmX9ZWDW2/T4Im1Dg4n/u15jb5edJjSAmuJa
/+NCbk9rpSUBu2ylc5I6F7w2WqixX17t+dso03y3HN2UA6575QOzFDB/5ZdII1MG
FH0UgkfxTqq4jbKvvrFmLkUrXDZXbVst5gb2CwnwmeBb4RSWIZBHRZIB9dLJCWGY
OSaWiXEJ9pOOyQ1cDDb2ZdF/PtWyl/TH56cadl/c1spO+fCRKsbY5MJvcQ1g15zD
RiDzvI23kJD/l1j0NjHEjDqw1y3m7SoFTVQxx9+ieicFZGWbwjBGnzHvAAVHiTSa
FHuxFr4VwKGhJZZWSndM5njYgUOOGMrtOGkdxf7TkXp2oxIM
-----END CERTIFICATE-----