Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_eNNV1OWuCa-Kf_LEWDT10qIKtU.roa
File:                     _eNNV1OWuCa-Kf_LEWDT10qIKtU.roa (raw, json)
Hash identifier:          9tOlH7kMg/pmp7pWBUKuKgbWKMprUgsoM7Ajog3kb1I=
Subject key identifier:   FD:E3:4D:57:53:96:B8:26:BE:29:FF:CB:11:60:D3:D7:4A:88:2A:D5
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E55DC3CD8057DB7596810DBB970B1C4C2
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_eNNV1OWuCa-Kf_LEWDT10qIKtU.roa
Signing time:             Sat 23 May 2026 17:22:37 +0000
ROA not before:           Sat 23 May 2026 17:22:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153169
IP address blocks:        147.90.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:55:dc:3c:d8:05:7d:b7:59:68:10:db:b9:70:b1:c4:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 23 17:22:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fde34d575396b826be29ffcb1160d3d74a882ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:99:e0:60:89:a8:1a:61:3d:ce:85:9e:55:9b:
                    5d:94:5e:56:19:08:2a:82:07:3c:ec:df:a9:bc:df:
                    53:21:65:25:b6:37:cd:ce:b2:e8:18:c7:31:60:9d:
                    fe:ad:a5:bb:22:35:17:a0:2c:6a:f9:ad:a8:d2:30:
                    10:2b:49:09:29:07:4b:48:29:20:de:06:58:5d:2e:
                    c4:68:ad:7f:85:ca:3c:2c:88:f0:99:eb:4a:c3:b0:
                    9a:48:bb:22:25:38:53:7f:62:94:50:a3:c0:56:34:
                    5f:af:c6:fa:5f:b7:94:c6:06:09:30:3e:66:94:9a:
                    22:6b:df:a1:83:f1:a1:14:10:cf:56:ff:e8:ed:c2:
                    37:2a:fe:0a:74:1b:2f:66:1a:1d:a4:de:13:54:73:
                    5c:a9:b4:44:12:e1:33:fe:7d:ca:9d:dc:3f:e4:2e:
                    2d:d4:ab:ad:b4:e4:d6:95:60:ba:d5:ea:cf:f9:e2:
                    24:a5:45:fd:55:4f:97:8f:92:ab:29:44:09:4a:74:
                    67:92:bb:ed:a6:ee:5d:cc:ac:71:bc:23:b1:81:60:
                    28:b3:4e:d3:e0:ee:ad:24:ac:55:9e:9d:a9:a5:81:
                    14:0b:79:df:fc:83:ec:6e:45:c4:00:d6:f3:65:93:
                    f0:70:2f:45:bf:79:0d:ad:97:f8:ed:17:8d:76:bd:
                    27:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E3:4D:57:53:96:B8:26:BE:29:FF:CB:11:60:D3:D7:4A:88:2A:D5
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_eNNV1OWuCa-Kf_LEWDT10qIKtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d0:63:f7:1a:11:51:b6:41:74:56:4c:a2:a7:1c:18:c2:e5:
         0d:fa:f8:6e:af:1f:40:0e:24:47:26:3b:34:e7:1e:ce:16:c7:
         39:a2:00:52:72:dd:6b:3d:d5:0c:04:c7:4b:99:17:59:f6:ce:
         0c:51:33:0c:85:b4:82:49:03:2b:26:2e:fd:f1:a2:97:ef:a0:
         9a:77:4d:29:f9:7c:ec:21:16:d6:d8:39:fc:7c:52:50:9b:1f:
         b3:82:cb:37:a8:40:bf:88:0e:43:d8:22:20:2c:6e:62:5c:20:
         ec:d2:30:cb:52:5c:3b:82:52:50:28:0c:59:9c:61:18:05:44:
         b9:43:05:33:4f:d0:9d:ae:00:5c:43:b8:12:f3:0e:0e:62:c3:
         1d:83:e3:db:9e:1b:c6:65:a9:56:bb:9b:f5:33:0e:a9:d2:19:
         1f:df:ec:03:d7:c8:90:88:30:7c:ad:81:7d:dc:3f:24:d3:c3:
         65:3f:6c:a6:9a:54:c7:d5:6b:c6:d8:61:f4:72:a0:8a:1b:e8:
         0b:24:94:da:50:f3:e5:b0:59:20:00:0b:07:d6:12:08:f4:2e:
         87:0a:7a:f0:23:da:93:cf:f8:35:45:3d:c7:15:b6:d9:ee:7f:
         14:34:6c:8b:ef:d2:69:24:e3:43:24:47:00:ea:c1:69:a8:8b:
         69:8a:ec:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5V3DzYBX23WWgQ27lwscTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTIzMTcyMjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGUzNGQ1NzUzOTZiODI2YmUyOWZmY2IxMTYwZDNkNzRhODgyYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5ngYImoGmE9zoWeVZtdlF5WGQgq
ggc87N+pvN9TIWUltjfNzrLoGMcxYJ3+raW7IjUXoCxq+a2o0jAQK0kJKQdLSCkg
3gZYXS7EaK1/hco8LIjwmetKw7CaSLsiJThTf2KUUKPAVjRfr8b6X7eUxgYJMD5m
lJoia9+hg/GhFBDPVv/o7cI3Kv4KdBsvZhodpN4TVHNcqbREEuEz/n3Kndw/5C4t
1KuttOTWlWC61erP+eIkpUX9VU+Xj5KrKUQJSnRnkrvtpu5dzKxxvCOxgWAos07T
4O6tJKxVnp2ppYEUC3nf/IPsbkXEANbzZZPwcC9Fv3kNrZf47ReNdr0nnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3jTVdTlrgmvin/yxFg09dKiCrVMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvX2VOTlYxT1d1Q2EtS2ZfTEVXRFQxMHFJS3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rMMA0G
CSqGSIb3DQEBCwUAA4IBAQAH0GP3GhFRtkF0VkyipxwYwuUN+vhurx9ADiRHJjs0
5x7OFsc5ogBSct1rPdUMBMdLmRdZ9s4MUTMMhbSCSQMrJi798aKX76Cad00p+Xzs
IRbW2Dn8fFJQmx+zgss3qEC/iA5D2CIgLG5iXCDs0jDLUlw7glJQKAxZnGEYBUS5
QwUzT9CdrgBcQ7gS8w4OYsMdg+PbnhvGZalWu5v1Mw6p0hkf3+wD18iQiDB8rYF9
3D8k08NlP2ymmlTH1WvG2GH0cqCKG+gLJJTaUPPlsFkgAAsH1hII9C6HCnrwI9qT
z/g1RT3HFbbZ7n8UNGyL79JpJONDJEcA6sFpqItpiuwH
-----END CERTIFICATE-----