Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eC5PQUEgJMz8_HFTsbGucShufDM.roa
File:                     eC5PQUEgJMz8_HFTsbGucShufDM.roa (raw, json)
Hash identifier:          d/dYDAnFhv9FRRPg5Mgp7EQt4pgwr74aRIR67VrsFfU=
Subject key identifier:   78:2E:4F:41:41:20:24:CC:FC:FC:71:53:B1:B1:AE:71:28:6E:7C:33
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CCC7469D9156642FBE53684386AF99036
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eC5PQUEgJMz8_HFTsbGucShufDM.roa
Signing time:             Sun 08 Mar 2026 07:58:27 +0000
ROA not before:           Sun 08 Mar 2026 07:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        147.90.1.0/24 maxlen: 24
                          158.173.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cc:74:69:d9:15:66:42:fb:e5:36:84:38:6a:f9:90:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar  8 07:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=782e4f41412024ccfcfc7153b1b1ae71286e7c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7d:c9:fa:13:5b:aa:23:0f:85:ef:ce:25:1b:
                    28:78:5d:ca:43:a2:6e:35:4d:0d:1c:8c:6d:9c:a3:
                    6f:75:e1:d6:50:79:16:82:fc:07:90:52:56:75:b7:
                    80:d1:25:0d:69:87:d1:1a:9b:80:b8:74:13:fc:2d:
                    9e:72:20:f9:67:25:c7:fc:b8:ec:fb:c5:a6:aa:9b:
                    74:62:5e:ab:d6:29:f9:8a:63:3a:09:f7:24:bc:3d:
                    f7:3c:69:c3:4d:5e:62:19:ac:e7:14:0f:1f:77:17:
                    1b:be:a1:a0:12:68:53:aa:f1:0b:3c:83:1c:c2:29:
                    22:f5:81:34:b6:54:9b:5b:a0:ac:ba:21:12:6c:a6:
                    e6:77:89:4e:d4:9a:59:3d:44:d4:83:26:9a:9a:a2:
                    d9:55:66:d9:35:4f:c8:09:aa:e6:96:55:c7:a7:11:
                    3c:44:83:8c:54:21:ce:ce:cf:92:22:93:b4:3e:2a:
                    d2:13:19:fc:c4:54:19:1f:7d:b4:18:34:74:b7:19:
                    54:26:91:53:fa:de:6b:5e:bb:31:06:67:40:b8:bd:
                    c0:4a:1a:7e:d8:97:96:f1:75:fb:c7:b1:4e:29:e4:
                    6a:42:35:27:72:cd:b0:ab:b8:c2:39:cd:3e:ed:2d:
                    4a:9e:87:45:35:cc:69:20:ca:03:aa:da:e2:e4:b0:
                    a3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2E:4F:41:41:20:24:CC:FC:FC:71:53:B1:B1:AE:71:28:6E:7C:33
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/eC5PQUEgJMz8_HFTsbGucShufDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.1.0/24
                  158.173.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:24:b4:4b:ab:ab:69:47:e7:93:53:07:66:20:c8:2d:d3:34:
         99:c2:4c:e3:80:25:08:6b:8c:de:6e:58:ed:19:2c:9f:71:84:
         96:85:0a:47:20:e2:4f:a4:3f:9d:27:d1:b7:73:a6:be:1f:b0:
         fd:99:20:e2:ef:ea:aa:e1:57:2e:ed:51:ed:6e:3a:0e:88:fb:
         26:7c:a3:c9:e4:1f:dd:88:52:71:af:92:90:dc:b8:ec:e2:34:
         a8:9f:1d:e2:db:01:99:1c:23:d1:2a:21:68:8f:f2:5f:57:11:
         14:73:ba:a7:37:03:fb:d4:b9:0d:dc:64:8e:de:8d:21:6f:92:
         ad:b8:80:2e:0c:b6:1b:91:c5:c7:e3:9a:27:8a:e8:65:d6:cc:
         be:ca:6f:17:5d:40:2e:e6:e2:a2:95:95:39:5f:52:58:84:d3:
         7c:37:66:c2:7e:fb:56:91:b4:5e:ab:26:c7:c2:b8:2e:be:bb:
         c8:0c:b5:76:c7:4b:55:a4:b1:ee:e4:3a:61:05:35:0d:72:e3:
         77:5a:b6:63:c0:a5:d0:c1:88:a5:9c:04:32:c5:c2:2d:95:f4:
         29:a6:b3:d6:11:12:87:04:19:66:37:03:98:9f:47:3d:70:1c:
         3b:a7:ac:60:93:e5:9c:0f:6d:d3:30:38:1c:4f:24:bd:2b:37:
         96:56:7a:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzMdGnZFWZC++U2hDhq+ZA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzA4MDc1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODJlNGY0MTQxMjAyNGNjZmNmYzcxNTNiMWIxYWU3MTI4NmU3YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH3J+hNbqiMPhe/OJRsoeF3KQ6Ju
NU0NHIxtnKNvdeHWUHkWgvwHkFJWdbeA0SUNaYfRGpuAuHQT/C2eciD5ZyXH/Ljs
+8Wmqpt0Yl6r1in5imM6CfckvD33PGnDTV5iGaznFA8fdxcbvqGgEmhTqvELPIMc
wiki9YE0tlSbW6CsuiESbKbmd4lO1JpZPUTUgyaamqLZVWbZNU/ICarmllXHpxE8
RIOMVCHOzs+SIpO0PirSExn8xFQZH320GDR0txlUJpFT+t5rXrsxBmdAuL3AShp+
2JeW8XX7x7FOKeRqQjUncs2wq7jCOc0+7S1KnodFNcxpIMoDqtri5LCjDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHguT0FBICTM/PxxU7GxrnEobnwzMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZUM1UFFVRWdKTXo4X0hGVHNiR3VjU2h1ZkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1oBAwQB
nq3GMA0GCSqGSIb3DQEBCwUAA4IBAQAZJLRLq6tpR+eTUwdmIMgt0zSZwkzjgCUI
a4zebljtGSyfcYSWhQpHIOJPpD+dJ9G3c6a+H7D9mSDi7+qq4Vcu7VHtbjoOiPsm
fKPJ5B/diFJxr5KQ3Ljs4jSonx3i2wGZHCPRKiFoj/JfVxEUc7qnNwP71LkN3GSO
3o0hb5KtuIAuDLYbkcXH45oniuhl1sy+ym8XXUAu5uKilZU5X1JYhNN8N2bCfvtW
kbReqybHwrguvrvIDLV2x0tVpLHu5DphBTUNcuN3WrZjwKXQwYilnAQyxcItlfQp
prPWERKHBBlmNwOYn0c9cBw7p6xgk+WcD23TMDgcTyS9KzeWVnr3
-----END CERTIFICATE-----