Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_SKdBvjklWIkhVWgQ4ialJT4-GU.roa
File:                     _SKdBvjklWIkhVWgQ4ialJT4-GU.roa (raw, json)
Hash identifier:          HYME1rI5Rfao2tVsSk0Yqm1n11Gdl9SA+0CVgejtX0s=
Subject key identifier:   FD:22:9D:06:F8:E4:95:62:24:85:55:A0:43:88:9A:94:94:F8:F8:65
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E8E08EE691AB0BB7AFB84D06398443E6B
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_SKdBvjklWIkhVWgQ4ialJT4-GU.roa
Signing time:             Wed 03 Jun 2026 15:10:10 +0000
ROA not before:           Wed 03 Jun 2026 15:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197246
IP address blocks:        147.90.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:08:ee:69:1a:b0:bb:7a:fb:84:d0:63:98:44:3e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  3 15:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd229d06f8e49562248555a043889a9494f8f865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a2:9c:58:8e:d0:9f:24:f0:ba:26:4f:05:f4:
                    66:68:ee:fe:6f:e8:61:29:0c:1a:4b:71:d6:55:13:
                    9f:bf:d3:af:a1:4d:e1:be:b4:ea:b7:b2:a1:06:09:
                    b3:6e:56:cb:92:ec:bd:0c:79:60:84:76:61:ce:21:
                    82:45:48:13:95:12:46:94:a8:a0:f7:49:79:8c:f4:
                    dc:87:7d:79:94:8e:28:74:0d:99:41:60:a9:b5:e0:
                    c8:24:43:3c:77:d5:6b:65:1f:f5:ba:57:1b:92:39:
                    86:8a:62:32:90:85:34:ee:3e:58:a0:9f:6e:b0:b8:
                    b9:fc:82:56:cc:f0:72:c5:59:a6:19:b3:53:4a:d6:
                    04:b7:48:41:8d:9a:cd:3d:b7:a5:a0:eb:fc:a9:48:
                    71:1f:88:23:a4:b4:54:89:c5:10:e0:3b:bc:03:91:
                    b6:c0:7c:35:43:a5:28:1c:dd:58:43:f6:42:eb:f9:
                    39:d2:38:9c:af:92:6b:88:ba:71:a8:90:c7:de:0a:
                    51:6f:dc:e3:51:9b:68:2d:4c:5e:01:76:61:3a:9a:
                    40:aa:ee:c1:38:dd:67:dc:55:f7:a2:a4:e5:90:30:
                    ce:01:da:8a:22:c4:53:04:c6:bb:8a:73:d8:fd:01:
                    bd:48:71:07:2c:1e:33:eb:27:a9:68:ee:c0:9b:18:
                    5f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:22:9D:06:F8:E4:95:62:24:85:55:A0:43:88:9A:94:94:F8:F8:65
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_SKdBvjklWIkhVWgQ4ialJT4-GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:99:a9:3c:6c:05:6a:a4:f1:07:00:6d:be:20:3c:7a:e1:52:
         98:c1:f8:ef:40:ba:ec:20:f7:e8:25:11:8b:31:7e:c2:e0:e9:
         10:6b:b8:84:da:64:66:58:f2:c5:8d:a9:1f:d4:07:0f:12:6c:
         9e:51:54:bc:45:c0:17:55:80:22:83:cf:2d:87:ac:79:7f:5d:
         6e:d4:84:b4:5f:48:1e:25:33:d4:b2:12:cc:d6:7d:30:5d:13:
         c7:a4:d1:72:55:47:74:b4:06:b5:69:c6:2a:46:c3:43:da:43:
         b4:8d:2c:ce:e2:49:8d:80:ca:5a:b8:97:b5:80:77:d2:de:26:
         1d:f1:85:cb:e8:c8:ca:25:de:04:28:5f:ba:74:36:b5:47:57:
         c8:d9:c6:53:8e:2d:73:f0:3e:78:e2:fa:31:97:6f:3b:73:1f:
         6e:bf:de:76:36:18:39:61:f6:d3:93:75:2d:bd:14:19:07:be:
         e2:c3:a7:7f:42:14:85:f4:74:8a:f8:af:01:31:6a:40:ed:26:
         77:1e:e7:e8:78:74:40:d0:bf:02:e5:ac:1d:08:72:d4:42:5b:
         8e:01:38:14:9e:ef:23:3a:eb:56:ee:32:86:b2:de:42:f7:26:
         09:fd:b0:07:f5:04:73:1a:3c:30:2e:2b:ed:8b:9a:68:a7:af:
         1d:cc:5c:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6OCO5pGrC7evuE0GOYRD5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjAzMTUxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDIyOWQwNmY4ZTQ5NTYyMjQ4NTU1YTA0Mzg4OWE5NDk0ZjhmODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaKcWI7QnyTwuiZPBfRmaO7+b+hh
KQwaS3HWVROfv9OvoU3hvrTqt7KhBgmzblbLkuy9DHlghHZhziGCRUgTlRJGlKig
90l5jPTch315lI4odA2ZQWCpteDIJEM8d9VrZR/1ulcbkjmGimIykIU07j5YoJ9u
sLi5/IJWzPByxVmmGbNTStYEt0hBjZrNPbeloOv8qUhxH4gjpLRUicUQ4Du8A5G2
wHw1Q6UoHN1YQ/ZC6/k50jicr5JriLpxqJDH3gpRb9zjUZtoLUxeAXZhOppAqu7B
ON1n3FX3oqTlkDDOAdqKIsRTBMa7inPY/QG9SHEHLB4z6yepaO7AmxhfjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0inQb45JViJIVVoEOImpSU+PhlMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvX1NLZEJ2amtsV0lraFZXZ1E0aWFsSlQ0LUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1pMMA0G
CSqGSIb3DQEBCwUAA4IBAQDZmak8bAVqpPEHAG2+IDx64VKYwfjvQLrsIPfoJRGL
MX7C4OkQa7iE2mRmWPLFjakf1AcPEmyeUVS8RcAXVYAig88th6x5f11u1IS0X0ge
JTPUshLM1n0wXRPHpNFyVUd0tAa1acYqRsND2kO0jSzO4kmNgMpauJe1gHfS3iYd
8YXL6MjKJd4EKF+6dDa1R1fI2cZTji1z8D544voxl287cx9uv952Nhg5YfbTk3Ut
vRQZB77iw6d/QhSF9HSK+K8BMWpA7SZ3HufoeHRA0L8C5awdCHLUQluOATgUnu8j
OutW7jKGst5C9yYJ/bAH9QRzGjwwLivti5pop68dzFxg
-----END CERTIFICATE-----