Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xS52JRIg8WyHCH9NbiWErYwET-0.roa
File:                     xS52JRIg8WyHCH9NbiWErYwET-0.roa (raw, json)
Hash identifier:          9OjwqhGM5nXJVyerXcwu/DMQdegK/cviR+NieqS/YyY=
Subject key identifier:   C5:2E:76:25:12:20:F1:6C:87:08:7F:4D:6E:25:84:AD:8C:04:4F:ED
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DB3C86322F14A5229DA58CB9C5109C0AC
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xS52JRIg8WyHCH9NbiWErYwET-0.roa
Signing time:             Wed 22 Apr 2026 06:02:27 +0000
ROA not before:           Wed 22 Apr 2026 06:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        147.90.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 12:24:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:c8:63:22:f1:4a:52:29:da:58:cb:9c:51:09:c0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 22 06:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c52e76251220f16c87087f4d6e2584ad8c044fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:2a:23:21:e2:d7:89:72:95:55:d1:e2:7f:62:
                    f6:7e:cd:bd:53:a5:b8:93:f1:97:a9:eb:a4:dc:b8:
                    73:cc:d6:92:20:83:a3:30:f4:d1:10:6f:2c:5c:26:
                    5f:b9:9b:19:c4:a8:1a:38:c5:cb:91:ae:0a:ed:df:
                    eb:76:03:26:f2:ef:ae:13:10:8f:5d:10:bd:8d:7f:
                    5f:6f:4b:db:07:9a:b3:15:e9:94:10:f0:7c:c0:c7:
                    a1:19:d4:9c:db:1d:0a:81:0a:d2:a7:0e:47:c3:f0:
                    95:69:c0:91:32:4c:19:05:0c:0e:72:3c:bd:0c:00:
                    57:e6:b4:e3:39:9e:e7:48:ff:64:9d:e9:70:5e:2b:
                    2e:4d:4a:a4:4e:57:f0:21:23:a0:32:44:f1:8f:f3:
                    bb:06:53:b8:a0:85:11:26:b1:b2:c8:e3:90:de:6c:
                    c8:cb:be:f7:ef:13:d0:72:9c:9b:ed:af:89:62:05:
                    db:af:43:af:22:4a:7b:d8:c1:e2:ed:19:59:4d:1a:
                    da:a7:ae:ee:0c:44:37:69:f9:66:ed:8b:b5:50:fa:
                    85:0d:3f:5f:da:27:91:b0:97:f1:a3:f0:66:a3:4d:
                    f7:86:f8:50:df:6a:50:da:e9:00:88:98:0d:69:5c:
                    76:43:26:b8:e2:f1:f2:7e:bf:92:90:4f:cc:6a:c1:
                    6d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2E:76:25:12:20:F1:6C:87:08:7F:4D:6E:25:84:AD:8C:04:4F:ED
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/xS52JRIg8WyHCH9NbiWErYwET-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:51:b2:cf:54:f4:41:c7:04:70:a6:52:21:1f:01:fa:c7:61:
         6f:db:1a:c6:98:2c:07:c9:79:90:97:bf:00:96:9c:43:c0:11:
         15:6a:46:42:d7:91:c0:e4:30:db:c5:f5:9f:4b:f5:5a:76:a9:
         7b:b7:e3:9d:79:d8:c4:5d:2b:0e:db:23:62:b4:38:02:3e:6f:
         d5:4d:55:7c:51:8f:c1:5f:bd:2c:0b:42:64:e4:a1:f6:7b:c8:
         9a:e7:6a:4f:6c:21:77:a0:c0:f2:f3:57:0e:7a:f6:34:3f:63:
         1a:81:60:24:0c:2f:12:a5:3f:d7:e3:f0:ed:72:f2:18:14:db:
         6a:b0:64:4c:85:9a:1a:b7:1d:a7:a4:ff:fb:bc:6d:ae:54:b9:
         dd:48:f0:90:fb:75:1b:ba:ab:2f:99:79:b6:70:aa:60:4b:84:
         46:3f:e3:00:c6:99:ed:0f:84:6b:ba:9d:1a:3c:15:70:17:8a:
         fa:ba:d5:04:21:3f:33:17:93:e9:a4:52:51:7d:a4:c2:8c:fe:
         53:cd:4a:a3:8e:e0:a0:70:74:86:c3:a1:0c:02:5c:57:a4:85:
         01:3b:62:9e:7d:0f:61:21:d1:35:cc:dc:3a:22:83:82:63:03:
         b2:6d:35:c4:17:82:4b:0b:08:c6:51:3c:47:7f:bc:14:80:06:
         29:89:60:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2zyGMi8UpSKdpYy5xRCcCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDIyMDYwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJlNzYyNTEyMjBmMTZjODcwODdmNGQ2ZTI1ODRhZDhjMDQ0ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyojIeLXiXKVVdHif2L2fs29U6W4
k/GXqeuk3LhzzNaSIIOjMPTREG8sXCZfuZsZxKgaOMXLka4K7d/rdgMm8u+uExCP
XRC9jX9fb0vbB5qzFemUEPB8wMehGdSc2x0KgQrSpw5Hw/CVacCRMkwZBQwOcjy9
DABX5rTjOZ7nSP9knelwXisuTUqkTlfwISOgMkTxj/O7BlO4oIURJrGyyOOQ3mzI
y7737xPQcpyb7a+JYgXbr0OvIkp72MHi7RlZTRrap67uDEQ3aflm7Yu1UPqFDT9f
2ieRsJfxo/Bmo033hvhQ32pQ2ukAiJgNaVx2Qya44vHyfr+SkE/MasFt6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUudiUSIPFshwh/TW4lhK2MBE/tMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEveFM1MkpSSWc4V3lIQ0g5TmJpV0VyWXdFVC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1pNMA0G
CSqGSIb3DQEBCwUAA4IBAQBOUbLPVPRBxwRwplIhHwH6x2Fv2xrGmCwHyXmQl78A
lpxDwBEVakZC15HA5DDbxfWfS/Vadql7t+OdedjEXSsO2yNitDgCPm/VTVV8UY/B
X70sC0Jk5KH2e8ia52pPbCF3oMDy81cOevY0P2MagWAkDC8SpT/X4/DtcvIYFNtq
sGRMhZoatx2npP/7vG2uVLndSPCQ+3UbuqsvmXm2cKpgS4RGP+MAxpntD4Rrup0a
PBVwF4r6utUEIT8zF5PppFJRfaTCjP5TzUqjjuCgcHSGw6EMAlxXpIUBO2KefQ9h
IdE1zNw6IoOCYwOybTXEF4JLCwjGUTxHf7wUgAYpiWCp
-----END CERTIFICATE-----