Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/r-Revzdh0vN3VxAoJxgSIAJ18sQ.roa
File:                     r-Revzdh0vN3VxAoJxgSIAJ18sQ.roa (raw, json)
Hash identifier:          EYz46Gbe3A5YG0m5wegK5tTM8z+AEy+iq7a3py/vSWo=
Subject key identifier:   AF:E4:5E:BF:37:61:D2:F3:77:57:10:28:27:18:12:20:02:75:F2:C4
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DACA6D1A409D6B47CBA72D1A77F7DB5B9
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/r-Revzdh0vN3VxAoJxgSIAJ18sQ.roa
Signing time:             Mon 20 Apr 2026 20:48:26 +0000
ROA not before:           Mon 20 Apr 2026 20:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399275
IP address blocks:        147.90.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 12:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ac:a6:d1:a4:09:d6:b4:7c:ba:72:d1:a7:7f:7d:b5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 20 20:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afe45ebf3761d2f377571028271812200275f2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b4:cb:e1:d8:64:c0:13:58:c6:ce:7c:84:e4:
                    83:a7:21:83:ff:53:ea:de:af:61:ea:91:69:57:ba:
                    7c:c7:72:45:31:d0:48:67:95:b0:e3:49:90:0b:66:
                    d5:8b:e0:ce:28:42:82:8d:18:d6:88:9a:82:7b:7f:
                    38:d6:56:1f:2d:a3:32:e8:49:81:c6:9a:38:61:20:
                    88:53:fd:1f:8b:35:4d:62:0a:53:15:38:e4:68:d9:
                    32:5a:96:2e:a8:12:b3:0d:9d:ca:a6:0c:13:7d:cd:
                    15:6a:bd:a1:3d:cf:9a:ac:ce:3c:2e:d0:8a:9a:fc:
                    3e:1e:39:0a:58:27:cb:90:7c:86:93:f4:59:fa:e0:
                    24:59:98:51:a3:1c:eb:98:d7:82:a0:33:94:9a:f8:
                    34:9f:44:98:0c:15:27:67:1a:d0:6d:33:7a:53:7a:
                    42:83:9d:b6:87:8d:ce:d4:a0:f1:6f:3b:49:2e:31:
                    04:b0:c7:13:b1:c1:2c:fb:5f:5f:f6:9c:14:36:83:
                    88:99:00:da:ca:4e:22:7a:9c:87:3c:41:49:ef:fd:
                    e8:77:fe:25:a2:f7:17:fb:e3:5a:9c:42:87:17:9c:
                    ca:9d:a3:19:31:e1:d0:08:04:2a:79:c2:a7:52:e6:
                    d8:4f:3f:64:20:e4:15:e1:0a:1f:62:91:a8:12:e0:
                    8d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E4:5E:BF:37:61:D2:F3:77:57:10:28:27:18:12:20:02:75:F2:C4
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/r-Revzdh0vN3VxAoJxgSIAJ18sQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:bf:87:6a:67:e4:90:e3:17:e6:06:42:eb:36:b1:e2:51:79:
         e9:75:6f:90:6c:d4:3b:b5:4f:02:6e:d3:5a:76:be:b5:f4:fc:
         fe:35:18:9d:fd:3f:13:06:14:68:62:6f:11:9f:60:b0:bd:52:
         5a:61:a6:e4:85:42:f4:81:6e:b9:f8:86:7d:f4:60:30:5c:9b:
         9b:3d:5e:07:75:7e:51:62:45:27:8a:c6:ad:27:50:88:3d:d4:
         62:3c:48:14:5d:7c:9b:ae:f8:b4:21:72:96:59:74:05:d0:89:
         54:9b:70:ce:28:d0:f6:2b:02:21:4b:c3:d3:fd:41:e2:17:e2:
         2b:9e:8f:6b:3c:4e:4a:27:fa:cc:9f:ba:2a:98:a7:c8:03:87:
         c1:19:d2:ad:ed:87:5a:af:70:bd:50:03:de:20:8a:f6:06:02:
         99:31:5b:f0:46:3a:26:1d:ce:83:7b:aa:1b:2d:da:a1:80:f4:
         89:72:0b:77:9a:04:e8:d6:fe:d6:82:bf:4e:96:90:59:bf:ff:
         15:ef:f6:7c:97:ad:b9:f9:46:0a:65:81:04:6b:c1:3d:1d:a7:
         ec:ff:7a:9f:23:9f:b7:1e:99:54:2a:85:a7:4c:a3:15:aa:6c:
         3f:86:c7:fe:fb:47:b7:65:e1:e9:12:17:74:48:de:e5:89:41:
         b8:e9:7b:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2sptGkCda0fLpy0ad/fbW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDIwMjA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU0NWViZjM3NjFkMmYzNzc1NzEwMjgyNzE4MTIyMDAyNzVmMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bTL4dhkwBNYxs58hOSDpyGD/1Pq
3q9h6pFpV7p8x3JFMdBIZ5Ww40mQC2bVi+DOKEKCjRjWiJqCe3841lYfLaMy6EmB
xpo4YSCIU/0fizVNYgpTFTjkaNkyWpYuqBKzDZ3KpgwTfc0Var2hPc+arM48LtCK
mvw+HjkKWCfLkHyGk/RZ+uAkWZhRoxzrmNeCoDOUmvg0n0SYDBUnZxrQbTN6U3pC
g522h43O1KDxbztJLjEEsMcTscEs+19f9pwUNoOImQDayk4iepyHPEFJ7/3od/4l
ovcX++NanEKHF5zKnaMZMeHQCAQqecKnUubYTz9kIOQV4QofYpGoEuCNywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/kXr83YdLzd1cQKCcYEiACdfLEMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvci1SZXZ6ZGgwdk4zVnhBb0p4Z1NJQUoxOHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1pxMA0G
CSqGSIb3DQEBCwUAA4IBAQCWv4dqZ+SQ4xfmBkLrNrHiUXnpdW+QbNQ7tU8CbtNa
dr619Pz+NRid/T8TBhRoYm8Rn2CwvVJaYabkhUL0gW65+IZ99GAwXJubPV4HdX5R
YkUnisatJ1CIPdRiPEgUXXybrvi0IXKWWXQF0IlUm3DOKND2KwIhS8PT/UHiF+Ir
no9rPE5KJ/rMn7oqmKfIA4fBGdKt7Ydar3C9UAPeIIr2BgKZMVvwRjomHc6De6ob
LdqhgPSJcgt3mgTo1v7Wgr9OlpBZv/8V7/Z8l625+UYKZYEEa8E9Hafs/3qfI5+3
HplUKoWnTKMVqmw/hsf++0e3ZeHpEhd0SN7liUG46XvW
-----END CERTIFICATE-----