Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RhYPD_MbIPS-bpOdPjdyToedxDM.roa
File:                     RhYPD_MbIPS-bpOdPjdyToedxDM.roa (raw, json)
Hash identifier:          XrmzPVVZvkWxPAoQhmr6yZh3wwNDHojPb2iqyAO6kgE=
Subject key identifier:   46:16:0F:0F:F3:1B:20:F4:BE:6E:93:9D:3E:37:72:4E:87:9D:C4:33
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E403C0A7FDB993D8081B31040ACCC8693
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RhYPD_MbIPS-bpOdPjdyToedxDM.roa
Signing time:             Tue 19 May 2026 12:35:37 +0000
ROA not before:           Tue 19 May 2026 12:35:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402487
IP address blocks:        147.90.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:3c:0a:7f:db:99:3d:80:81:b3:10:40:ac:cc:86:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 19 12:35:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46160f0ff31b20f4be6e939d3e37724e879dc433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:06:c9:e1:e1:61:f8:61:9b:15:e4:9b:56:c0:
                    7a:17:85:92:cb:c9:0a:8a:51:6e:a8:92:45:22:7d:
                    b4:f2:9b:68:50:89:25:f3:e6:5d:ea:87:e5:9a:be:
                    41:a4:b2:08:f3:53:8d:a8:95:57:06:04:82:08:2a:
                    bb:6b:7e:8f:d5:38:f5:b5:f5:0d:96:30:4a:16:4c:
                    bc:7c:d3:cf:3e:a2:94:75:b5:b4:bf:95:1b:01:58:
                    fb:3f:f3:b3:c1:a2:5c:cc:4f:56:05:29:35:bb:4d:
                    5e:98:cc:5d:5b:8d:b8:85:73:e7:ce:aa:2a:3f:57:
                    23:60:04:92:1b:b9:f8:04:e9:be:25:54:36:01:af:
                    a0:2a:a8:6b:c9:d9:bc:ba:1f:51:68:3f:e8:7c:e7:
                    d0:06:7f:d7:a6:40:32:a9:8e:73:04:c7:8b:48:81:
                    aa:87:4e:67:70:12:7a:df:01:d4:33:03:11:55:4c:
                    c0:cc:c8:82:55:c4:f3:8d:77:1f:e4:be:b4:b4:9b:
                    1d:3d:97:6b:35:e3:49:3a:8e:1c:26:29:a5:0f:32:
                    3b:08:98:b6:74:29:5c:be:88:41:fc:1c:da:33:53:
                    41:a7:d0:16:26:5f:7b:41:a0:f8:bc:6f:b7:e3:0b:
                    91:ff:61:5f:be:2c:6f:ea:a3:e7:1b:5c:d8:88:1f:
                    ce:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:16:0F:0F:F3:1B:20:F4:BE:6E:93:9D:3E:37:72:4E:87:9D:C4:33
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RhYPD_MbIPS-bpOdPjdyToedxDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9b:21:ca:2f:7f:89:18:ca:0f:0a:fd:f3:80:9c:df:69:f3:
         4f:6d:36:24:72:fa:32:23:59:70:f6:50:38:5a:28:50:00:93:
         1a:2d:94:8c:84:05:74:fb:6e:08:e8:f1:fd:82:47:19:7b:9e:
         95:f3:2c:e6:ae:60:16:3b:63:6b:c5:1b:40:1e:ba:7c:f6:8b:
         99:7f:5d:0c:54:0d:31:f7:3e:55:48:c9:36:34:d7:a5:e1:f2:
         f7:b7:33:4d:b4:34:72:11:96:59:0b:8e:c5:87:1c:a0:78:d0:
         12:84:4b:19:f4:41:e9:ec:fe:10:05:98:88:d0:19:bc:b7:37:
         f3:32:bf:a0:6e:bd:c3:e4:bd:ad:1e:74:77:a9:7e:17:9a:03:
         25:68:6c:b8:65:d0:55:34:40:9b:ed:ea:06:4e:93:1a:ec:1a:
         1a:31:5c:a1:87:ff:9d:06:a9:19:43:71:ce:aa:6f:27:c3:4b:
         6e:1d:d6:63:4d:6a:27:b8:94:b3:76:bd:d3:bd:74:78:e7:c6:
         b2:9a:f7:ac:32:4e:90:21:17:15:a5:e1:07:ce:c8:64:ec:09:
         bc:d5:67:31:7f:91:01:ff:a8:28:4c:5e:35:5f:d6:29:fc:14:
         99:fa:7e:52:ae:eb:7e:35:95:fa:d0:ca:3c:8f:7a:f6:44:7d:
         86:80:d2:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5APAp/25k9gIGzEECszIaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTE5MTIzNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE2MGYwZmYzMWIyMGY0YmU2ZTkzOWQzZTM3NzI0ZTg3OWRjNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogbJ4eFh+GGbFeSbVsB6F4WSy8kK
ilFuqJJFIn208ptoUIkl8+Zd6oflmr5BpLII81ONqJVXBgSCCCq7a36P1Tj1tfUN
ljBKFky8fNPPPqKUdbW0v5UbAVj7P/OzwaJczE9WBSk1u01emMxdW424hXPnzqoq
P1cjYASSG7n4BOm+JVQ2Aa+gKqhrydm8uh9RaD/ofOfQBn/XpkAyqY5zBMeLSIGq
h05ncBJ63wHUMwMRVUzAzMiCVcTzjXcf5L60tJsdPZdrNeNJOo4cJimlDzI7CJi2
dClcvohB/BzaM1NBp9AWJl97QaD4vG+34wuR/2Ffvixv6qPnG1zYiB/OgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYWDw/zGyD0vm6TnT43ck6HncQzMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUmhZUERfTWJJUFMtYnBPZFBqZHlUb2VkeERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rJMA0G
CSqGSIb3DQEBCwUAA4IBAQBpmyHKL3+JGMoPCv3zgJzfafNPbTYkcvoyI1lw9lA4
WihQAJMaLZSMhAV0+24I6PH9gkcZe56V8yzmrmAWO2NrxRtAHrp89ouZf10MVA0x
9z5VSMk2NNel4fL3tzNNtDRyEZZZC47FhxygeNAShEsZ9EHp7P4QBZiI0Bm8tzfz
Mr+gbr3D5L2tHnR3qX4XmgMlaGy4ZdBVNECb7eoGTpMa7BoaMVyhh/+dBqkZQ3HO
qm8nw0tuHdZjTWonuJSzdr3TvXR458aymvesMk6QIRcVpeEHzshk7Am81Wcxf5EB
/6goTF41X9Yp/BSZ+n5Srut+NZX60Mo8j3r2RH2GgNIz
-----END CERTIFICATE-----