Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YN73zchidYAgY675aE1Mf1OnJC0.roa
File:                     YN73zchidYAgY675aE1Mf1OnJC0.roa (raw, json)
Hash identifier:          ehfO1xbCS5FeE+iW6TTo73N66yhxEAPJeycz7ZWpJ58=
Subject key identifier:   60:DE:F7:CD:C8:62:75:80:20:63:AE:F9:68:4D:4C:7F:53:A7:24:2D
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E0C18918125AE1C76883B15D5DEBB2C15
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YN73zchidYAgY675aE1Mf1OnJC0.roa
Signing time:             Sat 09 May 2026 09:36:37 +0000
ROA not before:           Sat 09 May 2026 09:36:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200105
IP address blocks:        147.90.49.0/24 maxlen: 24
                          147.90.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0c:18:91:81:25:ae:1c:76:88:3b:15:d5:de:bb:2c:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  9 09:36:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60def7cdc86275802063aef9684d4c7f53a7242d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:be:42:cc:31:88:f9:ff:7a:16:f1:49:02:9a:
                    fe:d7:08:c0:71:b9:87:1e:8e:5f:43:79:af:d1:70:
                    1f:92:f4:fa:90:32:a2:3b:7d:57:9b:88:07:83:80:
                    ce:26:4f:c1:c7:46:54:17:26:7a:d0:65:08:54:ac:
                    d8:1a:8a:44:88:fb:e3:5b:df:44:ea:e8:16:b3:63:
                    df:eb:67:ec:dd:f3:11:49:d4:06:30:83:ea:28:de:
                    08:12:b7:cc:b0:b2:2e:dd:32:64:0a:ca:59:0f:06:
                    b4:b0:34:f6:d8:ea:83:28:b8:d9:7d:8e:be:51:5d:
                    4f:20:e6:8f:86:ef:06:fd:e3:c9:7b:9d:7b:d8:91:
                    44:5e:93:de:00:ed:bd:38:50:5d:be:e9:3e:1a:36:
                    4d:57:1e:d3:16:a4:40:b7:2d:4f:6a:ff:69:75:1e:
                    b3:dc:d7:07:14:48:8e:34:ca:71:1e:c4:67:22:51:
                    62:16:1d:2c:69:89:b6:e2:46:55:31:0e:e8:71:21:
                    0b:46:07:75:be:8d:ee:aa:6a:43:48:9f:09:e3:f9:
                    b8:c6:e6:5d:09:ee:d4:bb:30:6a:b0:da:81:cc:e9:
                    59:59:6d:9d:9f:e2:fe:71:27:2f:f9:e4:43:5a:4f:
                    f4:60:74:28:16:27:cf:72:05:b6:d1:74:ad:70:46:
                    cb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DE:F7:CD:C8:62:75:80:20:63:AE:F9:68:4D:4C:7F:53:A7:24:2D
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YN73zchidYAgY675aE1Mf1OnJC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.49.0/24
                  147.90.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7e:ba:3c:8a:d5:22:10:f4:85:b0:9e:ba:79:5e:19:ad:48:
         21:1b:53:1b:62:a1:4f:a8:4e:68:64:6a:de:b4:61:92:ae:76:
         22:7b:06:51:1d:f3:6b:f9:38:68:dc:df:95:e8:98:14:69:02:
         41:7f:30:5d:2a:26:df:8d:de:c5:ff:99:41:ae:37:e1:2f:56:
         3e:f7:b9:55:5d:af:c7:b4:76:e8:83:2b:d9:cf:56:39:92:54:
         2f:5b:55:55:be:bd:7b:e6:7d:56:2a:dd:d1:bd:07:25:f1:58:
         39:97:4b:94:7a:dc:40:a1:51:d4:70:c4:80:93:21:90:7e:92:
         53:8d:06:09:f2:19:77:2d:2d:a5:d7:2b:bf:e3:ee:42:b0:18:
         76:4c:84:d1:48:99:96:7b:e1:6f:1f:76:04:2a:42:69:d6:c7:
         b0:01:cd:00:ce:65:1c:8d:9e:e4:8e:26:a4:4f:66:e6:3c:31:
         97:d0:1f:d8:d6:54:11:d6:b4:b4:69:19:b4:7e:33:01:d0:9e:
         1b:ac:f7:56:93:0d:60:51:2d:7e:08:3c:24:85:ce:08:5e:dd:
         f2:e5:76:21:ee:15:85:0e:26:d0:c6:76:cd:74:5e:45:05:37:
         50:dd:d7:a2:02:11:49:cb:f4:e6:39:07:57:de:25:b4:02:dd:
         fc:d5:67:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4MGJGBJa4cdog7FdXeuywVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTA5MDkzNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRlZjdjZGM4NjI3NTgwMjA2M2FlZjk2ODRkNGM3ZjUzYTcyNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx75CzDGI+f96FvFJApr+1wjAcbmH
Ho5fQ3mv0XAfkvT6kDKiO31Xm4gHg4DOJk/Bx0ZUFyZ60GUIVKzYGopEiPvjW99E
6ugWs2Pf62fs3fMRSdQGMIPqKN4IErfMsLIu3TJkCspZDwa0sDT22OqDKLjZfY6+
UV1PIOaPhu8G/ePJe5172JFEXpPeAO29OFBdvuk+GjZNVx7TFqRAty1Pav9pdR6z
3NcHFEiONMpxHsRnIlFiFh0saYm24kZVMQ7ocSELRgd1vo3uqmpDSJ8J4/m4xuZd
Ce7UuzBqsNqBzOlZWW2dn+L+cScv+eRDWk/0YHQoFifPcgW20XStcEbLgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGDe983IYnWAIGOu+WhNTH9TpyQtMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWU43M3pjaGlkWUFnWTY3NWFFMU1mMU9uSkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1oxAwQA
k1o2MA0GCSqGSIb3DQEBCwUAA4IBAQBrfro8itUiEPSFsJ66eV4ZrUghG1MbYqFP
qE5oZGretGGSrnYiewZRHfNr+Tho3N+V6JgUaQJBfzBdKibfjd7F/5lBrjfhL1Y+
97lVXa/HtHbogyvZz1Y5klQvW1VVvr175n1WKt3RvQcl8Vg5l0uUetxAoVHUcMSA
kyGQfpJTjQYJ8hl3LS2l1yu/4+5CsBh2TITRSJmWe+FvH3YEKkJp1sewAc0AzmUc
jZ7kjiakT2bmPDGX0B/Y1lQR1rS0aRm0fjMB0J4brPdWkw1gUS1+CDwkhc4IXt3y
5XYh7hWFDibQxnbNdF5FBTdQ3deiAhFJy/TmOQdX3iW0At381Wca
-----END CERTIFICATE-----