Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Yilq6L2JSVB_aP3zw9bjxVMyQ7U.roa
File:                     Yilq6L2JSVB_aP3zw9bjxVMyQ7U.roa (raw, json)
Hash identifier:          byQd/qKDCoW1VBU1M3vH2KWJA7Fqjy/hZVlxeqO/1cE=
Subject key identifier:   62:29:6A:E8:BD:89:49:50:7F:68:FD:F3:C3:D6:E3:C5:53:32:43:B5
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E929EA3B845D06ED5ACD5C42C144DD187
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Yilq6L2JSVB_aP3zw9bjxVMyQ7U.roa
Signing time:             Thu 04 Jun 2026 12:32:10 +0000
ROA not before:           Thu 04 Jun 2026 12:32:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        147.90.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:9e:a3:b8:45:d0:6e:d5:ac:d5:c4:2c:14:4d:d1:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  4 12:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62296ae8bd8949507f68fdf3c3d6e3c5533243b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:4c:95:88:63:7d:29:bc:29:9e:9f:da:13:6a:
                    96:32:ca:8b:86:cf:76:3f:8e:1d:d6:36:21:42:4a:
                    4e:57:f8:df:0d:3f:9b:32:bb:76:b9:88:7c:ec:d1:
                    49:e8:2e:14:12:5f:a1:4b:24:71:07:10:e6:f0:49:
                    1c:ba:24:3d:ab:35:91:c9:d5:10:a2:26:68:17:53:
                    68:1f:3a:c0:53:3f:07:97:f8:3f:8d:a7:6b:74:e9:
                    49:97:6c:d6:6b:41:78:4d:a5:50:8e:4f:ad:5c:0d:
                    43:2b:f0:70:60:6f:79:26:36:79:b5:32:f6:d3:f4:
                    5f:f7:9c:0d:a8:dc:13:9a:1f:bf:4a:2b:25:7b:23:
                    23:ff:51:a7:ad:92:b7:88:cc:47:99:dc:6c:a8:fd:
                    1a:48:fc:6e:d4:8a:19:ea:47:9c:da:47:a4:69:f5:
                    ba:54:22:96:11:57:27:6e:b7:c6:8a:2a:0e:94:79:
                    83:6c:c4:e4:8a:00:f5:25:f8:ba:f5:9c:77:ac:9a:
                    fb:92:5c:8f:c4:c5:b5:97:b8:c3:f2:cc:c0:28:17:
                    b1:d4:54:59:94:61:0d:ec:7e:a2:03:85:3a:a1:8a:
                    75:63:0a:a9:f7:88:72:3f:73:98:b5:03:f1:15:ed:
                    60:61:ab:41:9f:ea:9b:76:f6:54:5a:33:df:6d:04:
                    bb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:29:6A:E8:BD:89:49:50:7F:68:FD:F3:C3:D6:E3:C5:53:32:43:B5
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Yilq6L2JSVB_aP3zw9bjxVMyQ7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:62:80:95:de:45:23:cc:b2:bf:70:b0:cb:18:db:ee:42:db:
         e1:d2:a7:29:03:e5:8c:cd:f4:ab:34:37:02:8d:d0:20:18:54:
         42:28:92:91:69:c1:7e:62:5b:e5:98:ea:52:b2:d9:12:3c:b3:
         4d:2a:3c:f9:56:53:e7:fe:91:99:33:23:2c:64:81:d6:c8:1b:
         df:28:8e:d0:e8:19:a3:a7:04:72:dc:e7:87:58:86:e1:71:21:
         f5:ac:4e:09:1b:af:49:70:3a:15:d9:2e:cb:c0:b6:7e:0f:0a:
         4b:e8:d5:f9:b7:0c:4a:9c:99:be:23:3c:22:0c:2e:48:ff:df:
         4d:c9:39:12:cd:5b:b4:15:e2:45:73:ed:00:a5:fc:62:c8:ac:
         67:e6:7f:7c:17:40:b7:4f:2c:56:a7:c3:95:6f:42:72:c0:78:
         b8:c2:bc:05:c9:e2:2e:c4:7f:34:00:da:38:eb:34:29:76:a2:
         85:5d:d7:3d:75:f6:91:6a:38:5c:b5:33:7c:bd:d2:08:8d:7c:
         e3:66:05:24:5c:34:25:bf:ef:15:bb:75:a0:d4:95:13:6e:89:
         a2:7b:95:ee:ec:7e:31:ef:5d:0e:37:0d:af:90:c1:22:fc:4f:
         5a:af:b6:f2:c5:18:40:30:95:2e:58:e2:0d:50:79:9f:2a:e6:
         80:dc:2b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SnqO4RdBu1azVxCwUTdGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA0MTIzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjI5NmFlOGJkODk0OTUwN2Y2OGZkZjNjM2Q2ZTNjNTUzMzI0M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60yViGN9Kbwpnp/aE2qWMsqLhs92
P44d1jYhQkpOV/jfDT+bMrt2uYh87NFJ6C4UEl+hSyRxBxDm8EkcuiQ9qzWRydUQ
oiZoF1NoHzrAUz8Hl/g/jadrdOlJl2zWa0F4TaVQjk+tXA1DK/BwYG95JjZ5tTL2
0/Rf95wNqNwTmh+/SisleyMj/1GnrZK3iMxHmdxsqP0aSPxu1IoZ6kec2kekafW6
VCKWEVcnbrfGiioOlHmDbMTkigD1Jfi69Zx3rJr7klyPxMW1l7jD8szAKBex1FRZ
lGEN7H6iA4U6oYp1Ywqp94hyP3OYtQPxFe1gYatBn+qbdvZUWjPfbQS7KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIpaui9iUlQf2j988PW48VTMkO1MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWWlscTZMMkpTVkJfYVAzenc5Ymp4Vk15UTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oXMA0G
CSqGSIb3DQEBCwUAA4IBAQATYoCV3kUjzLK/cLDLGNvuQtvh0qcpA+WMzfSrNDcC
jdAgGFRCKJKRacF+YlvlmOpSstkSPLNNKjz5VlPn/pGZMyMsZIHWyBvfKI7Q6Bmj
pwRy3OeHWIbhcSH1rE4JG69JcDoV2S7LwLZ+DwpL6NX5twxKnJm+IzwiDC5I/99N
yTkSzVu0FeJFc+0ApfxiyKxn5n98F0C3TyxWp8OVb0JywHi4wrwFyeIuxH80ANo4
6zQpdqKFXdc9dfaRajhctTN8vdIIjXzjZgUkXDQlv+8Vu3Wg1JUTbomie5Xu7H4x
710ONw2vkMEi/E9ar7byxRhAMJUuWOINUHmfKuaA3Ct9
-----END CERTIFICATE-----