Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/FYpDvMC0vlc3nOn8uOL2anYnONU.roa
File:                     FYpDvMC0vlc3nOn8uOL2anYnONU.roa (raw, json)
Hash identifier:          asU940t2tv5WJ5CYiEqIunGgcIfVBTrsflvpDJW6SPs=
Subject key identifier:   15:8A:43:BC:C0:B4:BE:57:37:9C:E9:FC:B8:E2:F6:6A:76:27:38:D5
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DB6B5490C91D9430EB4A256827BB7DCB2
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/FYpDvMC0vlc3nOn8uOL2anYnONU.roa
Signing time:             Wed 22 Apr 2026 19:40:27 +0000
ROA not before:           Wed 22 Apr 2026 19:40:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402267
IP address blocks:        147.90.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 12:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:b5:49:0c:91:d9:43:0e:b4:a2:56:82:7b:b7:dc:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 22 19:40:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=158a43bcc0b4be57379ce9fcb8e2f66a762738d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0a:e6:1f:79:78:09:db:89:6d:ab:ac:ba:cd:
                    71:19:07:61:6c:f6:69:78:d8:cf:16:3a:c1:57:ea:
                    b9:6b:74:c3:18:35:71:3c:05:1d:fe:6b:65:6e:73:
                    28:5d:9b:9b:e7:02:15:e5:21:04:ca:9c:21:9d:6c:
                    c1:0e:a5:cd:66:c8:14:88:56:21:9b:d0:96:95:13:
                    3c:5e:d1:39:a2:b7:41:b9:a2:e1:81:54:25:63:13:
                    d4:9e:af:3a:c5:93:33:2d:f0:c8:4f:1a:e5:db:b1:
                    db:47:a8:03:ea:f7:22:eb:2f:cc:24:ec:e4:ca:f9:
                    d5:03:49:6d:8b:41:36:88:a1:a0:08:3d:fa:e4:b4:
                    88:c2:9e:ec:4a:67:c4:9e:e6:8b:e0:95:3f:25:5a:
                    8a:a5:87:eb:67:ff:94:1b:1b:30:41:53:d1:31:06:
                    8f:07:13:3c:89:a5:79:a9:4d:4d:bd:b9:8c:bc:3a:
                    2b:64:c6:e7:8b:8a:59:71:77:77:74:db:16:06:6d:
                    20:93:44:58:02:02:50:e5:b5:45:99:8e:f5:e3:24:
                    eb:6c:a9:3c:da:6e:db:e2:4e:07:03:e4:d8:6e:31:
                    7d:e8:06:e7:fe:47:60:1a:d3:e5:f5:ac:79:d3:c8:
                    54:93:0d:95:f2:98:fa:5f:93:8a:74:09:5d:c0:07:
                    06:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:8A:43:BC:C0:B4:BE:57:37:9C:E9:FC:B8:E2:F6:6A:76:27:38:D5
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/FYpDvMC0vlc3nOn8uOL2anYnONU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:24:12:8b:32:a1:06:87:41:b7:52:af:77:4b:84:a8:ed:06:
         b3:49:92:fa:c9:fa:50:ed:86:4d:98:fa:1b:3d:02:0c:61:f0:
         28:03:aa:14:d8:2d:7c:59:c4:60:d7:eb:b8:86:f0:f0:26:9f:
         ea:cb:bf:c2:41:28:c9:87:cc:6e:f8:92:79:46:1d:7f:50:d4:
         a0:b5:4c:d6:7e:7f:c6:8a:bf:f5:0c:12:88:a0:b0:6c:f9:0d:
         b6:bd:b0:45:2e:7d:cd:df:dc:63:dc:ce:fa:40:77:5c:a0:65:
         7d:5a:24:eb:53:db:66:a6:b8:36:bb:33:33:79:ec:39:c2:3c:
         7c:06:4e:69:75:cf:a9:15:35:bb:b7:0d:09:a6:cc:10:bc:b5:
         da:af:25:e8:92:2d:93:3c:00:df:a6:57:a7:10:a5:74:cd:5c:
         af:03:8c:c5:da:1b:aa:2b:ac:b6:f0:84:1d:8c:48:06:e0:93:
         05:4c:c2:84:1f:74:08:88:17:11:53:13:1f:27:88:ef:ea:a3:
         64:70:66:57:94:90:d9:ab:33:d3:c3:dd:9b:0a:d2:0a:15:48:
         1a:a3:5f:ce:43:9d:89:06:46:49:66:7b:96:f2:7a:13:5e:80:
         a1:76:2e:d0:3b:41:98:4e:74:8a:c4:c8:dd:43:db:06:be:f3:
         69:80:b9:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22tUkMkdlDDrSiVoJ7t9yyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDIyMTk0MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNThhNDNiY2MwYjRiZTU3Mzc5Y2U5ZmNiOGUyZjY2YTc2MjczOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwrmH3l4CduJbausus1xGQdhbPZp
eNjPFjrBV+q5a3TDGDVxPAUd/mtlbnMoXZub5wIV5SEEypwhnWzBDqXNZsgUiFYh
m9CWlRM8XtE5ordBuaLhgVQlYxPUnq86xZMzLfDITxrl27HbR6gD6vci6y/MJOzk
yvnVA0lti0E2iKGgCD365LSIwp7sSmfEnuaL4JU/JVqKpYfrZ/+UGxswQVPRMQaP
BxM8iaV5qU1NvbmMvDorZMbni4pZcXd3dNsWBm0gk0RYAgJQ5bVFmY714yTrbKk8
2m7b4k4HA+TYbjF96Abn/kdgGtPl9ax508hUkw2V8pj6X5OKdAldwAcGMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWKQ7zAtL5XN5zp/Lji9mp2JzjVMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvRllwRHZNQzB2bGMzbk9uOHVPTDJhblluT05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rPMA0G
CSqGSIb3DQEBCwUAA4IBAQArJBKLMqEGh0G3Uq93S4So7QazSZL6yfpQ7YZNmPob
PQIMYfAoA6oU2C18WcRg1+u4hvDwJp/qy7/CQSjJh8xu+JJ5Rh1/UNSgtUzWfn/G
ir/1DBKIoLBs+Q22vbBFLn3N39xj3M76QHdcoGV9WiTrU9tmprg2uzMzeew5wjx8
Bk5pdc+pFTW7tw0JpswQvLXaryXoki2TPADfplenEKV0zVyvA4zF2huqK6y28IQd
jEgG4JMFTMKEH3QIiBcRUxMfJ4jv6qNkcGZXlJDZqzPTw92bCtIKFUgao1/OQ52J
BkZJZnuW8noTXoChdi7QO0GYTnSKxMjdQ9sGvvNpgLnh
-----END CERTIFICATE-----