Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dQkD5kDwuUzpL4lXlcE1kq12Mns.roa
File:                     dQkD5kDwuUzpL4lXlcE1kq12Mns.roa (raw, json)
Hash identifier:          RtHACmADgtNtjwU4k/GOX2SAE0Zh8YM86uSI6DPlBXc=
Subject key identifier:   75:09:03:E6:40:F0:B9:4C:E9:2F:89:57:95:C1:35:92:AD:76:32:7B
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CD676BA6E8C5EED46ADA4FB85BB389ABE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dQkD5kDwuUzpL4lXlcE1kq12Mns.roa
Signing time:             Tue 10 Mar 2026 06:37:11 +0000
ROA not before:           Tue 10 Mar 2026 06:37:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214159
IP address blocks:        147.90.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d6:76:ba:6e:8c:5e:ed:46:ad:a4:fb:85:bb:38:9a:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 10 06:37:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=750903e640f0b94ce92f895795c13592ad76327b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d9:ab:b6:63:23:65:5a:01:5d:de:37:87:aa:
                    5f:43:43:90:71:e3:d8:f8:48:dd:5b:9c:fc:49:09:
                    fd:d2:f0:13:6f:94:3a:7e:28:d0:bb:ac:e5:d7:29:
                    6c:a0:a9:d4:39:c3:78:1e:ca:30:4b:e7:1f:3a:c9:
                    85:2f:2c:f1:56:31:d5:bf:7d:51:42:3f:ed:3b:42:
                    1d:00:9f:67:25:8b:5d:70:d2:f6:67:4f:6d:2d:8c:
                    f4:44:21:d8:5c:40:c1:f3:22:69:72:82:13:5d:5a:
                    52:fa:21:89:7a:58:46:e8:de:e1:31:73:6d:2e:2c:
                    ba:25:62:1a:6b:1d:e3:b4:d9:5f:72:94:2b:6f:45:
                    84:1f:62:81:1c:6e:86:e1:40:08:eb:c6:ce:b1:3e:
                    5e:05:68:d7:c8:06:bf:ca:d2:31:9e:ab:5b:73:08:
                    08:e2:30:04:7a:74:3f:6e:be:3b:41:5c:9d:7d:11:
                    e3:54:e1:c4:04:8c:b8:93:7f:8e:08:68:49:2c:b5:
                    72:19:fd:4e:38:15:f1:0a:a7:9b:55:d3:63:0d:ea:
                    b7:29:71:d8:59:d4:1e:c8:13:c5:ca:41:6e:39:66:
                    47:d9:01:36:23:fa:31:60:36:ef:59:ac:61:e7:08:
                    9a:d8:50:f5:a3:d9:84:78:19:6d:4a:37:b7:2e:7c:
                    6c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:09:03:E6:40:F0:B9:4C:E9:2F:89:57:95:C1:35:92:AD:76:32:7B
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/dQkD5kDwuUzpL4lXlcE1kq12Mns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c4:66:0b:1a:db:f5:df:2d:f4:c6:81:4d:43:86:43:93:15:
         52:be:12:71:76:1f:42:8a:ba:6e:73:01:f8:17:e5:8a:7c:ba:
         60:97:60:2d:91:8b:aa:19:af:bd:11:04:eb:84:ee:31:c8:a3:
         fa:5d:81:92:ff:5c:23:28:a7:c5:5b:fa:4a:bb:6d:f8:3e:a9:
         a4:ae:68:08:4a:2c:b3:ac:0a:ab:86:0a:da:40:e8:65:0f:fb:
         8b:7b:b8:c7:2a:3f:03:90:a4:f2:53:6e:6d:19:39:c0:09:bd:
         55:b7:eb:cd:ad:f5:2f:81:af:9f:a7:f5:f5:b3:52:e9:11:af:
         b7:b8:d7:5f:42:75:c9:2b:3d:1a:a5:f0:30:b1:3e:76:64:f0:
         ba:3f:ba:90:bc:98:53:6c:da:96:3e:a7:df:ba:d6:fe:b5:a5:
         c3:ff:a6:fa:96:48:84:41:2e:5a:8a:01:52:20:f2:63:31:59:
         82:83:a5:54:6b:62:3e:c5:63:88:eb:8b:69:0b:5d:62:53:f4:
         68:d9:ed:4c:f0:50:8f:93:65:8a:f3:eb:1d:88:44:c1:0b:b2:
         ec:c8:46:76:0a:f0:c2:25:fd:59:0a:30:c6:6d:a0:89:f1:5a:
         cb:cf:13:0f:20:8e:0d:6d:8d:cf:22:bc:42:8f:5a:db:8c:13:
         d7:76:a7:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzWdrpujF7tRq2k+4W7OJq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzEwMDYzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA5MDNlNjQwZjBiOTRjZTkyZjg5NTc5NWMxMzU5MmFkNzYzMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdmrtmMjZVoBXd43h6pfQ0OQcePY
+EjdW5z8SQn90vATb5Q6fijQu6zl1ylsoKnUOcN4HsowS+cfOsmFLyzxVjHVv31R
Qj/tO0IdAJ9nJYtdcNL2Z09tLYz0RCHYXEDB8yJpcoITXVpS+iGJelhG6N7hMXNt
Liy6JWIaax3jtNlfcpQrb0WEH2KBHG6G4UAI68bOsT5eBWjXyAa/ytIxnqtbcwgI
4jAEenQ/br47QVydfRHjVOHEBIy4k3+OCGhJLLVyGf1OOBXxCqebVdNjDeq3KXHY
WdQeyBPFykFuOWZH2QE2I/oxYDbvWaxh5wia2FD1o9mEeBltSje3LnxsywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUJA+ZA8LlM6S+JV5XBNZKtdjJ7MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZFFrRDVrRHd1VXpwTDRsWGxjRTFrcTEyTW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rBMA0G
CSqGSIb3DQEBCwUAA4IBAQBFxGYLGtv13y30xoFNQ4ZDkxVSvhJxdh9CirpucwH4
F+WKfLpgl2AtkYuqGa+9EQTrhO4xyKP6XYGS/1wjKKfFW/pKu234PqmkrmgISiyz
rAqrhgraQOhlD/uLe7jHKj8DkKTyU25tGTnACb1Vt+vNrfUvga+fp/X1s1LpEa+3
uNdfQnXJKz0apfAwsT52ZPC6P7qQvJhTbNqWPqffutb+taXD/6b6lkiEQS5aigFS
IPJjMVmCg6VUa2I+xWOI64tpC11iU/Ro2e1M8FCPk2WK8+sdiETBC7LsyEZ2CvDC
Jf1ZCjDGbaCJ8VrLzxMPII4NbY3PIrxCj1rbjBPXdqdL
-----END CERTIFICATE-----