Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/DibWUNZPbHmkkQfm1IIGjLYLHH4.roa
File:                     DibWUNZPbHmkkQfm1IIGjLYLHH4.roa (raw, json)
Hash identifier:          YbZo3EnGmi3iT8A6QPdmBUyWFFJk6EKEuZghl0qcH00=
Subject key identifier:   0E:26:D6:50:D6:4F:6C:79:A4:91:07:E6:D4:82:06:8C:B6:0B:1C:7E
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E5DF6D1EEF9A76E63F15DB894EEA2B84E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/DibWUNZPbHmkkQfm1IIGjLYLHH4.roa
Signing time:             Mon 25 May 2026 07:08:37 +0000
ROA not before:           Mon 25 May 2026 07:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        147.90.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5d:f6:d1:ee:f9:a7:6e:63:f1:5d:b8:94:ee:a2:b8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 25 07:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e26d650d64f6c79a49107e6d482068cb60b1c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:87:f9:eb:78:23:93:35:a1:0b:9b:8c:ec:fc:
                    bf:83:31:08:8c:6e:73:56:27:3d:b4:bc:8f:94:b6:
                    41:99:fc:7c:a1:1c:86:ae:76:07:b8:b8:23:0c:10:
                    f1:cc:29:e1:23:a2:7f:83:13:21:88:bf:64:bf:ec:
                    ed:f9:b9:e2:e7:35:3d:fa:bb:5d:13:f4:42:1d:2b:
                    d6:20:5b:c8:bc:15:5a:f1:e3:77:66:47:99:bf:dc:
                    65:d2:25:e3:11:7a:0a:ac:c4:0d:eb:37:86:b2:3f:
                    a2:36:0f:a8:cf:1b:a0:ba:eb:8c:1a:b7:e6:dd:6d:
                    74:d5:85:1f:f6:5e:c9:7b:63:17:76:35:c6:5d:74:
                    fe:53:88:f5:f6:89:fe:3e:b7:56:0f:5f:64:8c:1c:
                    74:55:f6:92:1e:e9:09:84:bc:b9:17:7c:38:25:79:
                    43:65:81:c5:c4:f6:3c:b2:87:d6:88:41:bf:b6:2d:
                    67:fe:79:e8:3f:e6:7f:47:e6:e1:ba:11:f9:6c:70:
                    6b:de:37:ad:0e:72:e0:a9:87:ee:24:31:1c:73:78:
                    2a:ec:d0:75:08:92:6f:fd:cb:25:40:89:7b:80:9d:
                    50:8f:e6:7c:f9:6b:d1:c0:94:dd:67:8f:36:ac:dc:
                    fe:ce:f8:54:b1:c2:7b:ef:4c:fc:4c:24:25:e2:98:
                    e7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:26:D6:50:D6:4F:6C:79:A4:91:07:E6:D4:82:06:8C:B6:0B:1C:7E
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/DibWUNZPbHmkkQfm1IIGjLYLHH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:60:97:b5:9a:e9:4e:01:45:5f:8d:b0:00:26:fc:8e:a0:e1:
         6c:41:77:db:4c:a6:6f:35:62:8c:75:9b:69:4d:4e:eb:b1:aa:
         ba:b7:71:79:a6:ae:e6:47:86:ae:d1:25:c6:a6:18:2d:ca:fc:
         d9:07:dd:74:7f:50:49:64:cb:77:c8:bd:7f:2f:f7:76:ac:ad:
         3b:39:ed:76:45:b7:d4:fe:66:e1:3e:d4:8a:69:7c:6c:9a:4f:
         02:3e:ed:59:8b:02:7e:a9:06:87:a0:85:c2:c8:9e:cf:9d:52:
         ad:64:fb:6a:5c:df:66:eb:e7:73:4e:43:01:e9:b7:7a:66:09:
         1f:e1:86:b3:67:5b:cb:12:39:80:1d:38:fb:63:5f:8e:ed:5b:
         5a:a3:b8:fa:a3:06:66:e7:8d:37:7f:ce:34:a8:89:f5:21:70:
         bf:04:ab:b1:f1:7c:cf:54:e7:c0:fe:ec:58:eb:24:3f:bf:b8:
         6d:b0:af:3f:85:c8:cb:7b:b5:03:7f:b5:91:db:ac:cc:db:06:
         8d:06:51:50:2a:a7:32:45:18:3f:37:1b:f7:ab:73:3d:14:c0:
         86:f3:f3:04:6c:f3:17:02:ea:eb:56:15:41:7c:d3:d9:6d:68:
         22:d0:57:2a:dc:fd:28:7c:ba:a0:b8:31:5a:5f:7d:06:fd:28:
         b1:6f:f3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5d9tHu+aduY/FduJTuorhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTI1MDcwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTI2ZDY1MGQ2NGY2Yzc5YTQ5MTA3ZTZkNDgyMDY4Y2I2MGIxYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4f563gjkzWhC5uM7Py/gzEIjG5z
Vic9tLyPlLZBmfx8oRyGrnYHuLgjDBDxzCnhI6J/gxMhiL9kv+zt+bni5zU9+rtd
E/RCHSvWIFvIvBVa8eN3ZkeZv9xl0iXjEXoKrMQN6zeGsj+iNg+ozxuguuuMGrfm
3W101YUf9l7Je2MXdjXGXXT+U4j19on+PrdWD19kjBx0VfaSHukJhLy5F3w4JXlD
ZYHFxPY8sofWiEG/ti1n/nnoP+Z/R+bhuhH5bHBr3jetDnLgqYfuJDEcc3gq7NB1
CJJv/cslQIl7gJ1Qj+Z8+WvRwJTdZ482rNz+zvhUscJ770z8TCQl4pjnkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4m1lDWT2x5pJEH5tSCBoy2Cxx+MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvRGliV1VOWlBiSG1ra1FmbTFJSUdqTFlMSEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oyMA0G
CSqGSIb3DQEBCwUAA4IBAQAEYJe1mulOAUVfjbAAJvyOoOFsQXfbTKZvNWKMdZtp
TU7rsaq6t3F5pq7mR4au0SXGphgtyvzZB910f1BJZMt3yL1/L/d2rK07Oe12RbfU
/mbhPtSKaXxsmk8CPu1ZiwJ+qQaHoIXCyJ7PnVKtZPtqXN9m6+dzTkMB6bd6Zgkf
4YazZ1vLEjmAHTj7Y1+O7Vtao7j6owZm5403f840qIn1IXC/BKux8XzPVOfA/uxY
6yQ/v7htsK8/hcjLe7UDf7WR26zM2waNBlFQKqcyRRg/Nxv3q3M9FMCG8/MEbPMX
AurrVhVBfNPZbWgi0Fcq3P0ofLqguDFaX30G/Sixb/Ob
-----END CERTIFICATE-----