Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/lo6gcXCZ-oTRs4flS46yux-QYHc.roa
File:                     lo6gcXCZ-oTRs4flS46yux-QYHc.roa (raw, json)
Hash identifier:          uIyToLohhYSBBgKxarkpW6veu+4IQ5VvnxUwkPV8ces=
Subject key identifier:   96:8E:A0:71:70:99:FA:84:D1:B3:87:E5:4B:8E:B2:BB:1F:90:60:77
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D76F328D78C3BBCC637A7658C85BF1963
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/lo6gcXCZ-oTRs4flS46yux-QYHc.roa
Signing time:             Fri 10 Apr 2026 10:32:20 +0000
ROA not before:           Fri 10 Apr 2026 10:32:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207550
IP address blocks:        147.90.211.0/24 maxlen: 24
                          158.173.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 21:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:f3:28:d7:8c:3b:bc:c6:37:a7:65:8c:85:bf:19:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 10 10:32:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=968ea0717099fa84d1b387e54b8eb2bb1f906077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8f:72:77:27:19:95:28:69:50:c1:49:4d:7f:
                    6a:c8:d1:03:44:af:c1:84:c0:96:ca:da:4d:a0:04:
                    7a:b0:fa:23:4f:f9:74:1f:ba:35:38:18:df:d2:6b:
                    4c:ec:53:82:d6:85:5e:10:af:e5:48:6a:83:0e:3d:
                    e4:dc:39:6a:3a:9e:78:8a:8d:c7:f9:84:8b:02:b0:
                    ab:6d:a0:d2:fa:e7:59:9e:e2:82:53:c0:05:5c:76:
                    8d:c0:51:dc:c4:70:6a:1f:88:9f:b2:25:97:3c:f5:
                    27:6f:6b:8c:7e:9c:a6:1f:f6:9f:67:c9:fd:59:f8:
                    95:24:82:cc:04:b2:2e:8c:94:7b:80:7a:5a:8b:0d:
                    4e:57:0f:83:32:ea:43:b8:cb:d3:7b:a0:27:e4:92:
                    91:2c:3b:d0:90:69:6e:4a:b1:38:e9:47:3b:60:27:
                    09:cf:3f:c4:b5:57:0f:20:d5:a2:84:87:69:c6:3b:
                    e7:60:ea:e1:97:2c:83:c5:0d:fd:89:37:0c:6f:24:
                    41:9f:d2:37:cf:42:ff:f9:81:60:c4:48:46:cf:bd:
                    4c:5b:a2:44:38:0e:cd:95:6d:7d:00:49:e0:8c:b1:
                    9a:05:27:d8:97:9a:d1:7e:18:2b:b2:f8:ce:f8:63:
                    40:92:55:12:03:50:0f:4e:14:66:ca:33:e7:3e:cf:
                    61:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8E:A0:71:70:99:FA:84:D1:B3:87:E5:4B:8E:B2:BB:1F:90:60:77
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/lo6gcXCZ-oTRs4flS46yux-QYHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.211.0/24
                  158.173.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:eb:fd:e8:6c:23:e2:3b:15:57:cc:a6:7d:e1:60:74:7a:ec:
         d3:38:72:53:ac:6f:37:b0:27:26:ac:ee:4a:03:5c:1d:5d:0f:
         2b:3e:38:4f:d0:ed:94:8a:cb:4b:b1:db:ac:91:43:ab:b8:42:
         16:9a:01:43:4b:5b:ad:cc:fc:1a:9c:39:1d:0d:ce:a1:19:4f:
         67:40:f1:5b:1b:48:d3:81:d5:f2:a4:be:11:f7:45:fc:e8:cc:
         e0:bd:93:34:96:8d:b2:8b:49:37:dc:d0:b0:08:f2:64:e9:a7:
         03:32:0b:b6:62:24:aa:0e:42:02:c1:72:bf:1c:48:30:2e:b0:
         63:c2:d6:eb:1e:90:f8:60:fb:f5:1c:3e:de:95:c3:8c:5f:e0:
         79:23:f0:22:0c:ab:7d:b3:34:fa:02:d2:b5:e0:b9:70:28:25:
         c6:d1:8e:83:49:e1:f7:0b:e3:1b:9e:d4:62:37:db:11:1f:8f:
         ed:e5:92:f6:79:d3:0e:5b:83:54:58:1f:67:a1:41:e2:42:74:
         ba:e8:9c:2f:41:9f:51:16:28:01:88:8c:33:35:0f:b6:62:80:
         2f:46:22:0a:90:fb:7a:df:12:ec:f8:44:4e:c6:ce:d8:f4:c2:
         81:ff:23:e9:49:50:62:8a:76:74:ba:2d:e7:5d:bd:cc:96:50:
         63:ae:f9:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ128yjXjDu8xjenZYyFvxljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDEwMTAzMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhlYTA3MTcwOTlmYTg0ZDFiMzg3ZTU0YjhlYjJiYjFmOTA2MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy49ydycZlShpUMFJTX9qyNEDRK/B
hMCWytpNoAR6sPojT/l0H7o1OBjf0mtM7FOC1oVeEK/lSGqDDj3k3DlqOp54io3H
+YSLArCrbaDS+udZnuKCU8AFXHaNwFHcxHBqH4ifsiWXPPUnb2uMfpymH/afZ8n9
WfiVJILMBLIujJR7gHpaiw1OVw+DMupDuMvTe6An5JKRLDvQkGluSrE46Uc7YCcJ
zz/EtVcPINWihIdpxjvnYOrhlyyDxQ39iTcMbyRBn9I3z0L/+YFgxEhGz71MW6JE
OA7NlW19AEngjLGaBSfYl5rRfhgrsvjO+GNAklUSA1APThRmyjPnPs9hgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJaOoHFwmfqE0bOH5UuOsrsfkGB3MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbG82Z2NYQ1otb1RSczRmbFM0Nnl1eC1RWUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1rTAwQA
nq3QMA0GCSqGSIb3DQEBCwUAA4IBAQA56/3obCPiOxVXzKZ94WB0euzTOHJTrG83
sCcmrO5KA1wdXQ8rPjhP0O2UistLsduskUOruEIWmgFDS1utzPwanDkdDc6hGU9n
QPFbG0jTgdXypL4R90X86MzgvZM0lo2yi0k33NCwCPJk6acDMgu2YiSqDkICwXK/
HEgwLrBjwtbrHpD4YPv1HD7elcOMX+B5I/AiDKt9szT6AtK14LlwKCXG0Y6DSeH3
C+MbntRiN9sRH4/t5ZL2edMOW4NUWB9noUHiQnS66JwvQZ9RFigBiIwzNQ+2YoAv
RiIKkPt63xLs+EROxs7Y9MKB/yPpSVBiinZ0ui3nXb3MllBjrvmD
-----END CERTIFICATE-----