Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NXdkH0-ZewnnW5s6QPxHHGlN4tE.roa
File:                     NXdkH0-ZewnnW5s6QPxHHGlN4tE.roa (raw, json)
Hash identifier:          nHd5uvu8YbcxcZPsr87PWoPf6JBLLUIokdRZ+HvEr5c=
Subject key identifier:   35:77:64:1F:4F:99:7B:09:E7:5B:9B:3A:40:FC:47:1C:69:4D:E2:D1
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E3C2EC0A6415828A21F166CF8965696E8
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NXdkH0-ZewnnW5s6QPxHHGlN4tE.roa
Signing time:             Mon 18 May 2026 17:42:37 +0000
ROA not before:           Mon 18 May 2026 17:42:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53808
IP address blocks:        147.90.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 13:19:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:2e:c0:a6:41:58:28:a2:1f:16:6c:f8:96:56:96:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 18 17:42:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3577641f4f997b09e75b9b3a40fc471c694de2d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ce:fe:8f:54:43:3b:25:fe:c1:26:8f:60:bf:
                    91:e2:fa:6c:8d:0c:07:a5:e1:2d:d2:98:48:b5:7b:
                    b9:36:91:a0:e0:2e:b4:8c:79:db:25:27:dd:18:5d:
                    d3:a0:d6:9c:3e:96:c0:c7:e0:a5:7f:6d:97:dc:95:
                    f2:7a:01:0a:29:38:0e:24:c8:75:e4:c7:9c:9f:38:
                    cc:8d:2e:c8:62:cd:c8:eb:7c:ce:55:bb:86:6c:bf:
                    04:c0:f3:2c:a3:87:c6:de:7d:1c:ad:99:46:72:ff:
                    90:ac:1f:44:5c:24:fd:05:4b:bc:d4:dd:83:c8:70:
                    b1:7f:9b:6c:6b:6a:3d:39:ae:6b:dc:8d:c8:b3:35:
                    eb:fe:49:e2:11:aa:18:21:49:28:40:69:38:20:7f:
                    6b:4e:a9:d4:f1:c0:9d:8d:09:e3:31:ee:6d:4d:e1:
                    36:56:96:42:3b:f2:cb:fe:de:8f:b5:34:54:bf:35:
                    06:ae:6b:87:71:c0:93:b9:33:e6:08:2a:fc:cc:b9:
                    70:e4:09:3c:a3:7a:8d:68:6c:13:15:4a:3a:2a:75:
                    7d:c9:8a:99:1e:2e:1f:7a:ce:7c:02:e7:5d:a6:ba:
                    09:85:9b:43:a2:23:37:c8:06:28:d8:64:6b:ea:bc:
                    eb:1d:12:99:d8:29:6c:6c:75:2f:09:95:a2:78:00:
                    d9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:77:64:1F:4F:99:7B:09:E7:5B:9B:3A:40:FC:47:1C:69:4D:E2:D1
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/NXdkH0-ZewnnW5s6QPxHHGlN4tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7c:9a:d8:6b:84:14:8d:8c:6c:cb:49:06:2a:77:fb:24:55:
         5c:b1:33:f6:fb:a1:c1:56:e2:50:36:dd:cf:2f:67:31:65:4a:
         0d:a2:86:fd:b8:f4:98:b5:36:6b:eb:18:78:7b:67:05:e6:70:
         63:44:51:4b:41:aa:6d:05:be:1f:4e:24:f5:b6:c5:84:50:48:
         c6:ff:f2:c4:7d:69:c9:e9:15:9f:f7:53:db:3f:9c:3b:33:19:
         4e:ef:06:0b:59:37:2f:80:5b:b3:85:e3:c7:a3:3f:70:bf:21:
         69:02:5f:bf:93:0c:1e:55:9c:fe:08:73:d6:89:c5:f5:09:00:
         d5:ea:65:b2:71:16:e1:68:b8:28:89:77:35:b9:27:4c:5a:f5:
         21:a1:d3:ee:5b:90:f6:17:ca:c6:4e:fa:b0:9b:14:63:ad:d4:
         f9:4e:6a:9b:30:ad:8e:08:5b:87:a7:1f:65:3e:39:13:fc:d5:
         60:e9:1b:b0:21:d0:27:99:87:de:a2:9c:64:73:6d:7e:4d:59:
         9b:2d:3b:2b:e0:22:0f:2a:03:e4:be:b7:b6:3c:6e:72:f3:d5:
         66:5f:b5:a6:25:6d:93:d5:4e:01:b7:3e:f7:e1:9d:74:d4:99:
         79:9e:b6:81:92:16:74:a1:3f:f1:e6:0d:a8:7c:e0:1e:19:56:
         2a:1c:7a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ48LsCmQVgooh8WbPiWVpboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTE4MTc0MjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc3NjQxZjRmOTk3YjA5ZTc1YjliM2E0MGZjNDcxYzY5NGRlMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp87+j1RDOyX+wSaPYL+R4vpsjQwH
peEt0phItXu5NpGg4C60jHnbJSfdGF3ToNacPpbAx+Clf22X3JXyegEKKTgOJMh1
5MecnzjMjS7IYs3I63zOVbuGbL8EwPMso4fG3n0crZlGcv+QrB9EXCT9BUu81N2D
yHCxf5tsa2o9Oa5r3I3IszXr/kniEaoYIUkoQGk4IH9rTqnU8cCdjQnjMe5tTeE2
VpZCO/LL/t6PtTRUvzUGrmuHccCTuTPmCCr8zLlw5Ak8o3qNaGwTFUo6KnV9yYqZ
Hi4fes58AuddproJhZtDoiM3yAYo2GRr6rzrHRKZ2ClsbHUvCZWieADZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDV3ZB9PmXsJ51ubOkD8RxxpTeLRMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvTlhka0gwLVpld25uVzVzNlFQeEhIR2xONHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1ohMA0G
CSqGSIb3DQEBCwUAA4IBAQCSfJrYa4QUjYxsy0kGKnf7JFVcsTP2+6HBVuJQNt3P
L2cxZUoNoob9uPSYtTZr6xh4e2cF5nBjRFFLQaptBb4fTiT1tsWEUEjG//LEfWnJ
6RWf91PbP5w7MxlO7wYLWTcvgFuzhePHoz9wvyFpAl+/kwweVZz+CHPWicX1CQDV
6mWycRbhaLgoiXc1uSdMWvUhodPuW5D2F8rGTvqwmxRjrdT5TmqbMK2OCFuHpx9l
PjkT/NVg6RuwIdAnmYfeopxkc21+TVmbLTsr4CIPKgPkvre2PG5y89VmX7WmJW2T
1U4Btz734Z101Jl5nraBkhZ0oT/x5g2ofOAeGVYqHHp8
-----END CERTIFICATE-----