Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7ZZKE7um-gnvNd7iebfONlLlfKQ.roa
File:                     7ZZKE7um-gnvNd7iebfONlLlfKQ.roa (raw, json)
Hash identifier:          grMsLcNDKT277ue//my1GNG58rbSs8aNjWxu/7KUW6s=
Subject key identifier:   ED:96:4A:13:BB:A6:FA:09:EF:35:DE:E2:79:B7:CE:36:52:E5:7C:A4
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DB3C3CE6C41D5DAF6630524036369BAA7
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7ZZKE7um-gnvNd7iebfONlLlfKQ.roa
Signing time:             Wed 22 Apr 2026 05:57:27 +0000
ROA not before:           Wed 22 Apr 2026 05:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142146
IP address blocks:        147.90.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:c3:ce:6c:41:d5:da:f6:63:05:24:03:63:69:ba:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 22 05:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed964a13bba6fa09ef35dee279b7ce3652e57ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:b7:0c:23:81:a6:3f:d6:53:80:54:6a:65:
                    37:76:1f:e5:0f:d9:e3:c6:ce:00:e3:62:e8:cd:06:
                    23:63:be:b9:52:29:6e:d2:e0:bc:2a:d0:4e:08:ee:
                    cf:f6:e1:e4:5d:2d:07:19:41:b8:28:f4:fd:9e:a7:
                    6d:f5:51:8a:00:a3:f9:59:10:c0:44:56:4a:5e:34:
                    6a:be:c1:fb:f7:13:f8:57:fc:35:8e:73:19:ea:fe:
                    48:34:f3:3d:18:93:36:a9:fe:b8:7f:9c:d8:8c:37:
                    d3:4b:4d:d4:5e:a0:9c:a0:29:12:fc:d4:f3:f8:98:
                    ba:55:3d:16:9e:e8:30:a7:54:f9:2a:06:0e:38:f1:
                    38:be:5c:b9:c5:59:21:33:fc:45:b6:9a:67:1b:2e:
                    46:7f:3a:b8:5d:20:ba:dd:02:7b:ba:e9:14:a1:fc:
                    15:2c:7e:a8:5d:b4:8b:ee:53:0a:76:4e:d3:58:f7:
                    ac:69:0b:cc:16:f2:33:7e:5e:dc:cd:9a:5a:0d:b5:
                    0a:7c:8f:6d:7c:ce:95:7d:57:af:c4:68:d3:d7:a7:
                    28:eb:aa:c8:5b:b5:16:1b:86:c3:d1:97:e7:03:14:
                    56:b5:e6:30:01:f3:08:31:ee:a8:3e:cd:65:7a:f4:
                    84:8b:e9:35:0b:57:d8:3c:42:ed:67:aa:f8:21:79:
                    25:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:96:4A:13:BB:A6:FA:09:EF:35:DE:E2:79:B7:CE:36:52:E5:7C:A4
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7ZZKE7um-gnvNd7iebfONlLlfKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:45:94:3a:cf:85:45:7e:f8:65:b3:bf:75:02:f6:b2:41:59:
         f3:8b:18:3f:f4:4a:11:eb:19:01:0e:b0:11:6a:70:76:ab:77:
         87:99:cf:dd:78:db:f4:9e:b3:f5:65:f6:82:d1:f1:29:17:64:
         ef:67:ec:2c:2a:bf:62:6f:11:82:3f:85:22:9c:11:f8:1b:ce:
         8c:ff:92:03:a0:ca:fe:0f:ba:2a:2b:cb:52:4a:fb:d8:50:bf:
         76:6b:ba:4a:41:52:d4:ee:67:6c:dc:1b:26:95:44:a1:20:07:
         17:f5:f7:13:26:02:1f:00:77:70:0a:45:d5:0f:8a:64:a7:33:
         c3:ec:ab:cd:1c:a2:cf:f8:24:b2:98:90:cd:2f:50:cf:78:3a:
         94:79:e0:ef:6f:d6:c4:4e:06:99:25:e4:29:79:34:45:27:2d:
         15:86:bf:cd:f1:2f:95:3a:8b:68:0e:93:09:0e:8f:40:3a:fb:
         2e:4b:36:59:9b:39:2d:7d:ff:03:8e:7d:76:0b:1d:5d:0f:76:
         5a:7e:0f:44:64:5e:ca:ee:e1:e0:95:7d:87:22:bb:7a:34:ce:
         76:03:1f:3c:6b:df:22:d6:cd:00:a3:d2:cc:d4:f0:4b:67:4a:
         a2:15:dd:3e:5b:6d:d8:35:de:2a:c6:71:7a:c9:af:d6:1e:f6:
         ad:a9:e4:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2zw85sQdXa9mMFJANjabqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDIyMDU1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk2NGExM2JiYTZmYTA5ZWYzNWRlZTI3OWI3Y2UzNjUyZTU3Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbW3DCOBpj/WU4BUamU3dh/lD9nj
xs4A42LozQYjY765Uilu0uC8KtBOCO7P9uHkXS0HGUG4KPT9nqdt9VGKAKP5WRDA
RFZKXjRqvsH79xP4V/w1jnMZ6v5INPM9GJM2qf64f5zYjDfTS03UXqCcoCkS/NTz
+Ji6VT0Wnugwp1T5KgYOOPE4vly5xVkhM/xFtppnGy5Gfzq4XSC63QJ7uukUofwV
LH6oXbSL7lMKdk7TWPesaQvMFvIzfl7czZpaDbUKfI9tfM6VfVevxGjT16co66rI
W7UWG4bD0ZfnAxRWteYwAfMIMe6oPs1levSEi+k1C1fYPELtZ6r4IXkltwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2WShO7pvoJ7zXe4nm3zjZS5XykMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvN1paS0U3dW0tZ252TmQ3aWViZk9ObExsZktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhRZQ6z4VFfvhls791AvayQVnzixg/9EoR6xkBDrAR
anB2q3eHmc/deNv0nrP1ZfaC0fEpF2TvZ+wsKr9ibxGCP4UinBH4G86M/5IDoMr+
D7oqK8tSSvvYUL92a7pKQVLU7mds3BsmlUShIAcX9fcTJgIfAHdwCkXVD4pkpzPD
7KvNHKLP+CSymJDNL1DPeDqUeeDvb9bETgaZJeQpeTRFJy0Vhr/N8S+VOotoDpMJ
Do9AOvsuSzZZmzktff8Djn12Cx1dD3Zafg9EZF7K7uHglX2HIrt6NM52Ax88a98i
1s0Ao9LM1PBLZ0qiFd0+W23YNd4qxnF6ya/WHvatqeTL
-----END CERTIFICATE-----