Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/H6PRq_fWKySIA3PnsiFO1R9VcnM.roa
File:                     H6PRq_fWKySIA3PnsiFO1R9VcnM.roa (raw, json)
Hash identifier:          JEelMxV1oi4ZcNKQJN1jmtmMirabHX8j97/kK2mjD/g=
Subject key identifier:   1F:A3:D1:AB:F7:D6:2B:24:88:03:73:E7:B2:21:4E:D5:1F:55:72:73
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E5DF6D2855A6419C01004668231316784
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/H6PRq_fWKySIA3PnsiFO1R9VcnM.roa
Signing time:             Mon 25 May 2026 07:08:37 +0000
ROA not before:           Mon 25 May 2026 07:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22427
IP address blocks:        147.90.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5d:f6:d2:85:5a:64:19:c0:10:04:66:82:31:31:67:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 25 07:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fa3d1abf7d62b24880373e7b2214ed51f557273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4d:ee:ac:21:04:88:9a:b0:41:27:d7:b5:12:
                    57:61:08:41:14:ec:80:0c:3d:37:2d:4d:7c:cf:29:
                    bd:ac:31:04:6c:46:b7:1c:b5:c6:b3:00:29:02:89:
                    0a:07:9e:a1:f2:79:2f:6c:57:12:c7:fc:8e:3f:37:
                    7e:42:0c:ca:fa:c3:79:8b:84:c3:89:65:e7:f8:dc:
                    ee:90:7c:88:1b:2f:1b:e0:58:a3:be:13:35:49:e6:
                    0e:12:59:49:62:a0:f9:80:cd:e8:a9:1f:3e:de:3d:
                    f9:c3:2c:dd:8b:1b:3e:72:31:4c:2a:07:1d:5c:17:
                    44:c3:10:df:4f:d5:45:26:34:1c:20:ee:f3:4d:91:
                    81:1b:c2:e5:88:90:e0:6a:a9:aa:fb:d7:75:a1:83:
                    a5:1f:38:fb:41:b3:48:2c:8e:b9:52:64:7f:b4:e5:
                    e9:6c:33:ec:12:96:e1:83:64:00:c4:76:fb:ee:c5:
                    62:c2:13:e8:b9:81:bf:ac:2c:e5:9d:c7:51:2b:4e:
                    39:3a:f0:d5:ea:76:ac:27:d5:8d:45:a4:4e:ef:e7:
                    26:f1:56:58:b5:db:5d:af:14:36:f4:c3:41:47:f8:
                    3d:f7:89:5d:87:79:b2:15:b6:71:6c:ac:16:c1:2b:
                    7c:e0:43:81:eb:ac:ef:c1:f9:db:86:01:6f:ab:25:
                    36:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A3:D1:AB:F7:D6:2B:24:88:03:73:E7:B2:21:4E:D5:1F:55:72:73
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/H6PRq_fWKySIA3PnsiFO1R9VcnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:cc:f2:ed:49:f6:78:c2:df:39:a9:54:0a:c4:d7:24:41:2e:
         e6:e9:71:4b:7e:66:d3:48:b0:18:a7:b2:e6:c4:7d:b1:97:bd:
         68:19:70:1f:ee:e6:31:1d:a4:ed:d5:64:86:6f:20:48:11:79:
         0b:46:65:dd:93:59:19:c9:ca:6d:e2:81:77:a7:aa:87:c3:af:
         3f:c3:aa:71:a4:d2:7e:5b:43:78:92:f4:07:c1:9d:0c:b1:2f:
         eb:69:1b:89:f9:44:56:35:97:c9:e6:10:d9:9d:c5:ea:0e:2e:
         e2:61:94:1e:4a:66:a9:33:e0:e0:60:24:4c:5c:79:ef:6e:e7:
         5b:c9:39:bb:81:39:ff:62:3a:69:c5:db:8c:0d:5d:86:f8:d1:
         45:d3:1d:8a:00:4e:85:54:b9:9b:23:a6:01:a1:26:b2:6a:66:
         2a:b4:d3:cc:e5:05:aa:4b:a3:32:ca:3b:e4:04:bd:d5:3e:0b:
         3d:0f:03:93:dc:57:53:68:fb:1d:79:7f:40:60:68:47:b3:56:
         04:91:b2:d3:de:d2:46:5a:b9:d8:1a:8d:3d:62:39:58:63:7d:
         af:88:1b:b2:96:75:e6:2d:0f:10:49:d1:f3:5b:bf:9b:37:90:
         aa:32:03:37:2c:ef:c0:92:05:3d:28:4a:f5:d4:d8:72:72:e5:
         8b:df:02:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5d9tKFWmQZwBAEZoIxMWeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTI1MDcwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmEzZDFhYmY3ZDYyYjI0ODgwMzczZTdiMjIxNGVkNTFmNTU3MjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE3urCEEiJqwQSfXtRJXYQhBFOyA
DD03LU18zym9rDEEbEa3HLXGswApAokKB56h8nkvbFcSx/yOPzd+QgzK+sN5i4TD
iWXn+NzukHyIGy8b4FijvhM1SeYOEllJYqD5gM3oqR8+3j35wyzdixs+cjFMKgcd
XBdEwxDfT9VFJjQcIO7zTZGBG8LliJDgaqmq+9d1oYOlHzj7QbNILI65UmR/tOXp
bDPsEpbhg2QAxHb77sViwhPouYG/rCzlncdRK045OvDV6nasJ9WNRaRO7+cm8VZY
tdtdrxQ29MNBR/g994ldh3myFbZxbKwWwSt84EOB66zvwfnbhgFvqyU2jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+j0av31iskiANz57IhTtUfVXJzMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvSDZQUnFfZldLeVNJQTNQbnNpRk8xUjlWY25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1owMA0G
CSqGSIb3DQEBCwUAA4IBAQByzPLtSfZ4wt85qVQKxNckQS7m6XFLfmbTSLAYp7Lm
xH2xl71oGXAf7uYxHaTt1WSGbyBIEXkLRmXdk1kZycpt4oF3p6qHw68/w6pxpNJ+
W0N4kvQHwZ0MsS/raRuJ+URWNZfJ5hDZncXqDi7iYZQeSmapM+DgYCRMXHnvbudb
yTm7gTn/YjppxduMDV2G+NFF0x2KAE6FVLmbI6YBoSayamYqtNPM5QWqS6Myyjvk
BL3VPgs9DwOT3FdTaPsdeX9AYGhHs1YEkbLT3tJGWrnYGo09YjlYY32viBuylnXm
LQ8QSdHzW7+bN5CqMgM3LO/AkgU9KEr11NhycuWL3wI6
-----END CERTIFICATE-----