Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/W8Fgcsts0XTccDFQYdOGqjWsK9E.roa
File:                     W8Fgcsts0XTccDFQYdOGqjWsK9E.roa (raw, json)
Hash identifier:          CgwvXr5912PBhf9H2gjeV+H0+zkSf1sRPCCR7mSIB+Y=
Subject key identifier:   5B:C1:60:72:CB:6C:D1:74:DC:70:31:50:61:D3:86:AA:35:AC:2B:D1
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019EAAD2F493AEA22834024A9606F71ADF59
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/W8Fgcsts0XTccDFQYdOGqjWsK9E.roa
Signing time:             Tue 09 Jun 2026 05:20:12 +0000
ROA not before:           Tue 09 Jun 2026 05:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205987
IP address blocks:        147.90.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:aa:d2:f4:93:ae:a2:28:34:02:4a:96:06:f7:1a:df:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  9 05:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bc16072cb6cd174dc70315061d386aa35ac2bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:64:1e:ef:57:2d:e2:5b:e6:77:30:2d:2f:22:
                    30:91:ba:1c:f9:30:6b:88:07:b2:7b:55:92:35:64:
                    a2:14:0d:a7:41:f6:23:97:4a:e4:90:67:20:8a:f2:
                    1d:a5:2b:f1:42:03:f4:93:37:5f:dd:b8:1c:24:3b:
                    d0:76:c0:d4:b0:f1:d8:5f:bd:a8:45:98:17:37:6a:
                    dd:ca:ff:a7:9e:39:6d:3b:e6:d1:94:d5:4d:a1:88:
                    1b:9e:a8:62:57:87:c8:0c:ab:0e:2b:09:65:7c:6a:
                    a1:0c:12:42:6e:5e:c4:ab:9a:09:43:8a:cd:7c:60:
                    65:56:36:c9:8f:4d:49:41:5c:b9:9d:39:0b:ab:80:
                    83:74:ef:16:aa:14:10:35:6a:3d:be:25:af:74:ed:
                    1d:91:21:1d:7e:66:75:e9:b2:6b:88:5e:56:f1:c3:
                    ab:1c:9d:f9:42:74:9c:54:22:36:e5:8e:65:0d:b3:
                    3d:87:cd:88:da:1d:12:61:63:17:8e:b5:e9:c3:f8:
                    52:20:e8:48:b0:7a:bc:b4:b8:52:69:f4:7a:26:07:
                    e0:d8:8c:4a:5b:e4:0e:b6:58:ad:68:53:db:6a:cf:
                    c4:7b:0d:1d:a5:f2:56:e0:71:4e:56:cd:09:3a:b3:
                    f4:85:55:74:e2:bb:78:5b:2e:70:ca:b5:f2:78:c5:
                    88:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C1:60:72:CB:6C:D1:74:DC:70:31:50:61:D3:86:AA:35:AC:2B:D1
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/W8Fgcsts0XTccDFQYdOGqjWsK9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:c5:c2:f6:c3:23:7f:48:80:2f:d1:59:6e:47:ce:de:7d:97:
         71:de:92:ab:f3:5a:7d:2e:9a:83:8a:8c:47:8a:10:b7:c7:68:
         a9:5c:92:cd:95:b8:3a:47:45:40:3a:98:c8:3d:43:ad:53:dc:
         a3:d4:c4:7d:66:4b:e0:48:8e:0d:5d:aa:a6:af:aa:a6:b6:0b:
         08:fb:2f:f5:cc:d9:8a:a3:26:8f:40:d4:7e:77:7c:7e:71:83:
         8f:ec:b4:fb:79:b3:2a:b2:cd:08:50:a9:35:c8:06:70:bd:28:
         17:69:ea:3e:c9:5e:67:16:26:9b:5f:57:64:f5:22:08:9b:0c:
         36:6c:41:42:29:1b:ae:ba:52:ea:6a:f1:9a:52:0d:be:55:e6:
         af:f8:56:da:2e:17:ac:02:57:e9:c0:3e:84:a9:56:5a:4f:fb:
         55:b5:f3:e1:d0:03:34:36:2e:f0:0a:5b:54:34:a0:42:e9:5f:
         7a:01:3a:b7:b7:a9:81:9d:bc:de:91:d2:61:5a:66:d2:6b:b1:
         06:7e:cc:26:41:32:37:89:17:a3:f1:c7:29:cc:f2:f3:0b:cf:
         d5:0e:e1:22:a3:bf:33:90:6a:dd:65:c2:8d:43:96:ca:07:08:
         4d:69:4a:67:da:56:21:5c:13:0d:91:f9:10:eb:6c:51:39:c1:
         40:93:b2:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6q0vSTrqIoNAJKlgb3Gt9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA5MDUyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmMxNjA3MmNiNmNkMTc0ZGM3MDMxNTA2MWQzODZhYTM1YWMyYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWQe71ct4lvmdzAtLyIwkboc+TBr
iAeye1WSNWSiFA2nQfYjl0rkkGcgivIdpSvxQgP0kzdf3bgcJDvQdsDUsPHYX72o
RZgXN2rdyv+nnjltO+bRlNVNoYgbnqhiV4fIDKsOKwllfGqhDBJCbl7Eq5oJQ4rN
fGBlVjbJj01JQVy5nTkLq4CDdO8WqhQQNWo9viWvdO0dkSEdfmZ16bJriF5W8cOr
HJ35QnScVCI25Y5lDbM9h82I2h0SYWMXjrXpw/hSIOhIsHq8tLhSafR6Jgfg2IxK
W+QOtlitaFPbas/Eew0dpfJW4HFOVs0JOrP0hVV04rt4Wy5wyrXyeMWIgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvBYHLLbNF03HAxUGHThqo1rCvRMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVzhGZ2NzdHMwWFRjY0RGUVlkT0dxaldzSzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rkMA0G
CSqGSIb3DQEBCwUAA4IBAQCUxcL2wyN/SIAv0VluR87efZdx3pKr81p9LpqDioxH
ihC3x2ipXJLNlbg6R0VAOpjIPUOtU9yj1MR9ZkvgSI4NXaqmr6qmtgsI+y/1zNmK
oyaPQNR+d3x+cYOP7LT7ebMqss0IUKk1yAZwvSgXaeo+yV5nFiabX1dk9SIImww2
bEFCKRuuulLqavGaUg2+Veav+FbaLhesAlfpwD6EqVZaT/tVtfPh0AM0Ni7wCltU
NKBC6V96ATq3t6mBnbzekdJhWmbSa7EGfswmQTI3iRej8ccpzPLzC8/VDuEio78z
kGrdZcKNQ5bKBwhNaUpn2lYhXBMNkfkQ62xROcFAk7LT
-----END CERTIFICATE-----