Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mzgIbK-rTd70VpVNNDqu8kYKx0E.roa
File:                     mzgIbK-rTd70VpVNNDqu8kYKx0E.roa (raw, json)
Hash identifier:          b0gPnGly22u19tS/IPHBtDiN25a6YFPqinvip8rXo5Y=
Subject key identifier:   9B:38:08:6C:AF:AB:4D:DE:F4:56:95:4D:34:3A:AE:F2:46:0A:C7:41
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D2B3F3EFC03783BCED7F79E4E0E166AF7
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mzgIbK-rTd70VpVNNDqu8kYKx0E.roa
Signing time:             Thu 26 Mar 2026 17:44:18 +0000
ROA not before:           Thu 26 Mar 2026 17:44:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199915
IP address blocks:        147.90.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:3f:3e:fc:03:78:3b:ce:d7:f7:9e:4e:0e:16:6a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 26 17:44:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b38086cafab4ddef456954d343aaef2460ac741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cf:ec:ab:52:1c:14:6d:8c:ec:d2:b6:4d:ba:
                    41:30:60:c5:db:2f:5c:62:ab:f6:ee:aa:a3:89:1b:
                    44:d3:84:80:75:d2:ab:e4:b1:e7:99:1d:71:d1:8d:
                    f3:a6:46:8b:89:3c:ac:a6:d3:2d:bc:28:75:77:01:
                    cc:5d:91:29:31:73:b9:32:28:e3:3c:05:9e:5d:58:
                    d9:01:cb:04:6e:ea:25:53:f0:0d:69:77:70:71:d3:
                    54:e8:41:26:a0:d3:da:6e:94:6c:6f:e3:e7:38:ab:
                    1b:cd:87:50:c4:2a:37:c5:89:6f:5a:be:4c:90:c5:
                    0d:24:53:09:f9:a3:25:ac:1f:a6:3a:4c:5b:5c:b7:
                    2e:f6:96:3d:a4:51:d0:d3:74:66:ce:ef:e1:8a:4c:
                    a5:98:d5:41:62:c2:6d:d6:da:bf:c1:1d:92:46:30:
                    3f:4f:0f:4d:fd:32:d0:f0:58:9c:ee:c0:4d:d1:f2:
                    fb:5a:06:9d:8a:5c:55:76:3d:eb:69:7b:4f:32:55:
                    96:15:49:02:7b:ac:09:04:84:8d:23:27:08:c1:fb:
                    34:0d:a3:32:fc:11:1a:5a:c5:93:4a:ab:e0:9d:1e:
                    22:4b:f2:31:3f:14:5d:b7:4a:66:08:09:1f:e4:59:
                    9b:11:69:43:1f:5d:b1:1c:7c:ed:f2:ca:59:e0:1d:
                    78:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:38:08:6C:AF:AB:4D:DE:F4:56:95:4D:34:3A:AE:F2:46:0A:C7:41
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mzgIbK-rTd70VpVNNDqu8kYKx0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:3a:9d:c2:0d:68:f0:c6:ae:2c:f4:0a:2c:22:98:44:40:43:
         d9:c2:6d:64:d9:0e:ae:2d:af:64:27:7f:2e:f0:5a:23:0e:1a:
         2b:8c:ab:99:3a:88:1d:d3:4a:75:18:4b:71:d9:02:88:60:0c:
         79:22:f7:91:fa:aa:a7:f7:d5:b7:55:06:ed:b0:9c:77:8c:f9:
         ad:f3:29:d2:f1:44:6d:7f:2a:c1:77:a6:99:83:00:4e:e3:12:
         05:ba:a1:b3:ab:5e:b8:91:c9:69:54:b1:45:35:2a:ab:48:5f:
         6b:c6:b6:69:23:13:b2:05:b1:bf:f4:48:d8:b0:32:df:bf:9c:
         b8:a9:68:ff:d2:e6:3c:48:bc:4a:ef:8f:f6:34:23:27:30:bb:
         95:b3:ab:73:2e:e7:27:f6:6b:01:c6:2d:3f:8d:c4:e4:de:13:
         c6:27:f6:23:5e:e7:13:b0:04:80:ef:71:06:8b:11:13:98:a6:
         3f:45:e2:2f:40:d7:3b:e9:7f:5c:90:69:1e:ca:e8:34:b7:ee:
         1d:e0:2f:6c:65:0a:18:0f:c8:38:40:2d:bd:23:da:6e:09:81:
         c2:0a:d2:73:78:8f:af:01:26:b3:9e:61:4b:23:ef:51:3e:76:
         0e:24:1f:0e:19:d1:66:b2:1c:6e:ad:15:77:32:2c:dc:fe:97:
         ab:f7:c1:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0rPz78A3g7ztf3nk4OFmr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI2MTc0NDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM4MDg2Y2FmYWI0ZGRlZjQ1Njk1NGQzNDNhYWVmMjQ2MGFjNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48/sq1IcFG2M7NK2TbpBMGDF2y9c
Yqv27qqjiRtE04SAddKr5LHnmR1x0Y3zpkaLiTysptMtvCh1dwHMXZEpMXO5Mijj
PAWeXVjZAcsEbuolU/ANaXdwcdNU6EEmoNPabpRsb+PnOKsbzYdQxCo3xYlvWr5M
kMUNJFMJ+aMlrB+mOkxbXLcu9pY9pFHQ03Rmzu/hikylmNVBYsJt1tq/wR2SRjA/
Tw9N/TLQ8Fic7sBN0fL7WgadilxVdj3raXtPMlWWFUkCe6wJBISNIycIwfs0DaMy
/BEaWsWTSqvgnR4iS/IxPxRdt0pmCAkf5FmbEWlDH12xHHzt8spZ4B14/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs4CGyvq03e9FaVTTQ6rvJGCsdBMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbXpnSWJLLXJUZDcwVnBWTk5EcXU4a1lLeDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oaMA0G
CSqGSIb3DQEBCwUAA4IBAQCqOp3CDWjwxq4s9AosIphEQEPZwm1k2Q6uLa9kJ38u
8FojDhorjKuZOogd00p1GEtx2QKIYAx5IveR+qqn99W3VQbtsJx3jPmt8ynS8URt
fyrBd6aZgwBO4xIFuqGzq164kclpVLFFNSqrSF9rxrZpIxOyBbG/9EjYsDLfv5y4
qWj/0uY8SLxK74/2NCMnMLuVs6tzLucn9msBxi0/jcTk3hPGJ/YjXucTsASA73EG
ixETmKY/ReIvQNc76X9ckGkeyug0t+4d4C9sZQoYD8g4QC29I9puCYHCCtJzeI+v
ASaznmFLI+9RPnYOJB8OGdFmshxurRV3Mizc/per98Gk
-----END CERTIFICATE-----