Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mwPb-QhzkFmeM-w_Ehm_dCix2NU.roa
File:                     mwPb-QhzkFmeM-w_Ehm_dCix2NU.roa (raw, json)
Hash identifier:          VTosrq+PEjc7jhGnfZWEGFkXhbniq8STcTTgnHzYNRc=
Subject key identifier:   9B:03:DB:F9:08:73:90:59:9E:33:EC:3F:12:19:BF:74:28:B1:D8:D5
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DBF72D48F53AC9A3900FF91062C180FB6
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mwPb-QhzkFmeM-w_Ehm_dCix2NU.roa
Signing time:             Fri 24 Apr 2026 12:24:26 +0000
ROA not before:           Fri 24 Apr 2026 12:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205987
IP address blocks:        147.90.45.0/24 maxlen: 24
                          147.90.228.0/24 maxlen: 24
                          147.90.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 12:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:72:d4:8f:53:ac:9a:39:00:ff:91:06:2c:18:0f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 24 12:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b03dbf9087390599e33ec3f1219bf7428b1d8d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e2:23:c6:7d:c0:11:11:3c:cf:4d:4b:ea:1d:
                    96:23:ae:8e:34:b3:13:1f:66:35:34:55:08:94:e0:
                    be:b6:cc:f6:9c:34:d2:d3:06:86:ac:91:28:a5:5a:
                    89:1b:34:1e:b6:b9:2a:95:88:73:64:36:8a:d2:17:
                    f9:94:2e:e0:d7:85:b2:99:73:bb:a6:6f:36:70:92:
                    c2:7b:87:e5:d7:a6:de:08:62:a7:f7:88:2c:6f:ff:
                    ed:62:91:17:02:f7:a5:6c:6f:8e:ec:80:1c:1e:47:
                    f0:16:c0:31:38:b3:ec:40:62:98:64:f4:f0:bf:81:
                    d4:ad:35:22:21:5c:1b:2a:bb:2a:c7:63:f3:48:28:
                    9c:8e:ab:1b:07:47:2b:c3:5f:66:f3:5d:01:bb:f7:
                    e7:73:42:2d:d0:4c:76:cb:7f:cf:a9:30:5a:57:42:
                    57:e1:1f:05:d7:f0:67:d6:3f:c1:3f:07:76:15:67:
                    91:3a:ea:2e:df:c0:72:8f:69:07:e3:df:d9:96:96:
                    7f:0d:ed:7f:ce:22:a7:c1:b0:0b:d4:72:68:f8:2c:
                    4a:aa:f6:02:b4:b2:f8:38:ad:4f:ea:15:b1:78:32:
                    7e:7e:6a:2b:8f:76:e5:d2:ef:10:a0:96:d2:5c:9b:
                    cc:47:23:01:32:05:80:7e:04:2f:0a:ba:62:8f:47:
                    f2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:03:DB:F9:08:73:90:59:9E:33:EC:3F:12:19:BF:74:28:B1:D8:D5
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mwPb-QhzkFmeM-w_Ehm_dCix2NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.45.0/24
                  147.90.228.0/24
                  147.90.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:38:ec:2d:db:f8:33:29:31:7d:39:74:d2:5f:b0:59:00:0a:
         34:b2:16:87:55:c5:7f:05:20:97:16:c1:26:94:9b:f8:24:98:
         2d:4f:3a:71:f6:5d:3f:90:21:a6:f5:04:b7:20:37:c6:08:87:
         96:9e:e3:ad:70:4a:95:c5:6a:ac:26:bd:e9:a4:98:2d:2c:14:
         7b:1b:4c:86:f0:35:5f:d5:42:7f:6e:e5:d7:13:78:fb:e7:57:
         cd:b1:87:a8:04:67:b4:84:eb:44:ab:bc:fc:a1:3a:c9:8c:b8:
         6a:1d:de:b2:27:da:f5:4f:d3:a3:92:c9:2d:f2:d9:d6:62:f0:
         ff:66:c6:f0:e6:05:29:ec:dd:72:e1:45:18:16:08:db:d3:70:
         a0:78:26:2c:6e:c4:1c:ce:40:78:c0:27:a7:99:f4:ab:c4:63:
         0b:ff:d2:08:5e:8e:a2:00:39:d0:7c:aa:52:43:2e:61:3c:c9:
         55:69:76:76:64:54:9e:3e:08:72:e6:75:c7:f8:e0:c0:f9:a2:
         68:50:bc:95:fa:30:3c:c9:26:33:18:dc:ce:5f:73:3f:09:62:
         53:aa:45:7d:7c:29:c5:d0:a5:7c:c5:a6:a3:94:07:ff:12:76:
         77:31:9c:1a:ae:52:f1:4d:01:56:cc:0b:61:63:45:8c:23:2d:
         ba:fd:d3:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2/ctSPU6yaOQD/kQYsGA+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDI0MTIyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjAzZGJmOTA4NzM5MDU5OWUzM2VjM2YxMjE5YmY3NDI4YjFkOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eIjxn3AERE8z01L6h2WI66ONLMT
H2Y1NFUIlOC+tsz2nDTS0waGrJEopVqJGzQetrkqlYhzZDaK0hf5lC7g14WymXO7
pm82cJLCe4fl16beCGKn94gsb//tYpEXAvelbG+O7IAcHkfwFsAxOLPsQGKYZPTw
v4HUrTUiIVwbKrsqx2PzSCicjqsbB0crw19m810Bu/fnc0It0Ex2y3/PqTBaV0JX
4R8F1/Bn1j/BPwd2FWeROuou38Byj2kH49/ZlpZ/De1/ziKnwbAL1HJo+CxKqvYC
tLL4OK1P6hWxeDJ+fmorj3bl0u8QoJbSXJvMRyMBMgWAfgQvCrpij0fyuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJsD2/kIc5BZnjPsPxIZv3QosdjVMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbXdQYi1RaHprRm1lTS13X0VobV9kQ2l4Mk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAk1otAwQA
k1rkAwQAk1roMA0GCSqGSIb3DQEBCwUAA4IBAQAnOOwt2/gzKTF9OXTSX7BZAAo0
shaHVcV/BSCXFsEmlJv4JJgtTzpx9l0/kCGm9QS3IDfGCIeWnuOtcEqVxWqsJr3p
pJgtLBR7G0yG8DVf1UJ/buXXE3j751fNsYeoBGe0hOtEq7z8oTrJjLhqHd6yJ9r1
T9Ojkskt8tnWYvD/Zsbw5gUp7N1y4UUYFgjb03CgeCYsbsQczkB4wCenmfSrxGML
/9IIXo6iADnQfKpSQy5hPMlVaXZ2ZFSePghy5nXH+ODA+aJoULyV+jA8ySYzGNzO
X3M/CWJTqkV9fCnF0KV8xaajlAf/EnZ3MZwarlLxTQFWzAthY0WMIy26/dNu
-----END CERTIFICATE-----