Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rIrkSF2w9iEg-Q_FCKrvgUPj1Fk.roa
File:                     rIrkSF2w9iEg-Q_FCKrvgUPj1Fk.roa (raw, json)
Hash identifier:          tiwjQb9PuLzlpnOMlVJIhzlTzqfVCYFCzgRCWp/CnwI=
Subject key identifier:   AC:8A:E4:48:5D:B0:F6:21:20:F9:0F:C5:08:AA:EF:81:43:E3:D4:59
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CD271AE39E825AB179E2C25EB618C60A0
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rIrkSF2w9iEg-Q_FCKrvgUPj1Fk.roa
Signing time:             Mon 09 Mar 2026 11:53:11 +0000
ROA not before:           Mon 09 Mar 2026 11:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        147.90.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:71:ae:39:e8:25:ab:17:9e:2c:25:eb:61:8c:60:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar  9 11:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac8ae4485db0f62120f90fc508aaef8143e3d459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a2:a0:21:f7:12:a2:0f:13:92:97:ae:5a:34:
                    37:20:0b:91:e5:98:5f:21:01:d2:6d:54:f4:60:49:
                    26:05:05:66:9d:67:0c:11:cc:f9:76:8f:95:5d:54:
                    83:17:62:34:ba:5b:53:66:ae:16:90:0b:c2:a9:f7:
                    bf:21:bf:8b:a4:51:87:ad:b7:94:71:01:80:5c:3c:
                    6c:6c:37:c3:84:3b:66:96:0b:3d:68:7c:0c:8b:ee:
                    45:9b:7e:08:fe:f8:dd:35:99:e2:fe:c1:ec:9e:ef:
                    f3:5a:05:e7:a9:b4:06:01:53:1d:94:42:36:62:c9:
                    be:48:45:57:a8:46:89:1f:a1:c0:01:27:07:b4:43:
                    bb:c1:ce:2d:2f:fd:a5:96:80:3e:97:6e:00:36:95:
                    e3:b3:35:7f:bb:0c:77:21:52:4c:4b:82:4d:ae:2a:
                    14:bc:fb:35:48:c5:d8:fd:5c:80:e4:12:21:e2:4a:
                    d9:22:30:ba:2a:f5:4d:e7:50:ed:ec:18:61:06:55:
                    cd:a3:48:2a:c3:be:f8:6a:86:79:4f:e3:03:42:d2:
                    ca:be:8a:7e:1d:8d:f2:d6:f0:da:c3:bb:fd:ec:15:
                    a8:b6:af:66:eb:14:1d:01:a0:c8:43:8c:f0:34:9a:
                    96:6f:31:bc:4f:98:54:5f:7c:a5:cc:48:f5:d3:96:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8A:E4:48:5D:B0:F6:21:20:F9:0F:C5:08:AA:EF:81:43:E3:D4:59
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rIrkSF2w9iEg-Q_FCKrvgUPj1Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:91:e3:52:25:ad:98:e3:78:74:47:b2:1b:41:14:6e:e6:29:
         c6:40:17:a7:54:e7:23:14:8b:e3:9e:4f:49:4d:27:66:64:5f:
         e4:a7:08:5a:b9:5f:e4:1b:cc:27:9d:f9:4d:13:8c:6d:19:d6:
         d6:dc:5a:df:3d:4c:1e:92:22:ef:48:22:73:44:be:10:48:f1:
         cc:08:96:71:1b:ca:6c:b3:a1:94:cf:19:91:5e:2e:eb:95:23:
         20:9f:d9:be:2a:ac:02:6f:0f:eb:64:62:ec:df:40:ce:05:2e:
         52:7b:0c:13:84:74:0e:5e:ce:d1:87:f6:01:d4:fd:86:a3:d8:
         ec:f3:1b:77:f1:37:ab:4d:56:b8:d0:ad:e7:0d:59:e2:8a:55:
         d6:18:a5:4e:17:46:11:ce:64:6d:9d:34:e4:9f:8a:d8:49:ea:
         89:46:ab:02:c7:8b:16:3e:4f:a9:8f:79:f9:36:cb:8a:df:34:
         6a:da:ec:5c:86:21:6a:c8:11:c8:3a:5a:44:f5:c8:26:f7:ee:
         ce:dc:15:80:e5:9f:e9:77:e8:19:3d:67:08:21:bb:3d:7a:98:
         a1:0e:51:ce:8f:8b:3b:41:2f:02:c3:04:2f:80:05:b1:92:aa:
         7e:71:77:a0:88:06:a9:d3:f1:72:44:35:bc:e0:3b:c7:21:4b:
         cd:94:c7:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSca456CWrF54sJethjGCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzA5MTE1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhhZTQ0ODVkYjBmNjIxMjBmOTBmYzUwOGFhZWY4MTQzZTNkNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaKgIfcSog8TkpeuWjQ3IAuR5Zhf
IQHSbVT0YEkmBQVmnWcMEcz5do+VXVSDF2I0ultTZq4WkAvCqfe/Ib+LpFGHrbeU
cQGAXDxsbDfDhDtmlgs9aHwMi+5Fm34I/vjdNZni/sHsnu/zWgXnqbQGAVMdlEI2
Ysm+SEVXqEaJH6HAAScHtEO7wc4tL/2lloA+l24ANpXjszV/uwx3IVJMS4JNrioU
vPs1SMXY/VyA5BIh4krZIjC6KvVN51Dt7BhhBlXNo0gqw774aoZ5T+MDQtLKvop+
HY3y1vDaw7v97BWotq9m6xQdAaDIQ4zwNJqWbzG8T5hUX3ylzEj105ZFOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyK5EhdsPYhIPkPxQiq74FD49RZMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcklya1NGMnc5aUVnLVFfRkNLcnZnVVBqMUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oFMA0G
CSqGSIb3DQEBCwUAA4IBAQArkeNSJa2Y43h0R7IbQRRu5inGQBenVOcjFIvjnk9J
TSdmZF/kpwhauV/kG8wnnflNE4xtGdbW3FrfPUwekiLvSCJzRL4QSPHMCJZxG8ps
s6GUzxmRXi7rlSMgn9m+KqwCbw/rZGLs30DOBS5SewwThHQOXs7Rh/YB1P2Go9js
8xt38TerTVa40K3nDVniilXWGKVOF0YRzmRtnTTkn4rYSeqJRqsCx4sWPk+pj3n5
NsuK3zRq2uxchiFqyBHIOlpE9cgm9+7O3BWA5Z/pd+gZPWcIIbs9epihDlHOj4s7
QS8CwwQvgAWxkqp+cXegiAap0/FyRDW84DvHIUvNlMfb
-----END CERTIFICATE-----