Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/yF2zdXHHNKoBy_2F7xqewB--hoQ.roa
File:                     yF2zdXHHNKoBy_2F7xqewB--hoQ.roa (raw, json)
Hash identifier:          ZtjUbrRXfs7yqb9P5tS+4h5H6simQ3XPYsvmvL8OSZk=
Subject key identifier:   C8:5D:B3:75:71:C7:34:AA:01:CB:FD:85:EF:1A:9E:C0:1F:BE:86:84
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D339BBF3924BEA45B0B2A3CBE60B2F97F
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/yF2zdXHHNKoBy_2F7xqewB--hoQ.roa
Signing time:             Sat 28 Mar 2026 08:42:18 +0000
ROA not before:           Sat 28 Mar 2026 08:42:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     149280
IP address blocks:        147.90.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 07:54:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:9b:bf:39:24:be:a4:5b:0b:2a:3c:be:60:b2:f9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 28 08:42:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c85db37571c734aa01cbfd85ef1a9ec01fbe8684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5a:0c:e0:ad:4d:ce:6a:08:a3:30:ef:22:db:
                    2d:2c:cc:75:a1:f6:2c:a6:50:56:53:51:81:17:c8:
                    01:8e:b9:2a:fa:fb:5b:dc:3b:39:d5:1f:6f:5a:75:
                    71:a5:c8:21:45:2b:60:1a:9b:34:c7:dd:84:5f:eb:
                    74:c0:e9:39:10:d1:bf:d0:1f:f5:37:49:f6:d1:eb:
                    30:f7:a9:60:a5:8d:d2:44:a3:59:2e:97:91:1c:bb:
                    b7:78:6f:c8:de:f7:18:79:13:8a:71:de:4f:43:27:
                    ed:b7:a0:21:10:be:96:e5:3b:13:c7:91:c4:c7:ba:
                    d4:4b:fd:8c:29:c4:48:09:09:bc:fe:94:59:7e:9a:
                    72:cb:17:c6:c2:83:b3:1b:9f:c1:ea:1e:b2:dd:d5:
                    3a:9d:b5:41:6a:10:de:67:ee:2e:87:aa:8f:b2:0a:
                    d7:85:19:c9:43:ef:5f:3c:ac:5f:dd:8b:ea:5f:8a:
                    e1:99:57:07:47:c6:a3:3a:44:06:00:01:b0:42:2f:
                    58:f8:7d:97:ca:57:f1:fa:88:d1:b5:6e:81:ab:cf:
                    4c:21:4f:85:e7:4c:61:52:20:69:a7:68:6c:ba:59:
                    4a:ca:b1:48:08:48:19:16:84:d2:95:cf:97:d4:3c:
                    6f:bf:e4:50:29:49:25:67:62:f9:33:fc:4a:63:0d:
                    30:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5D:B3:75:71:C7:34:AA:01:CB:FD:85:EF:1A:9E:C0:1F:BE:86:84
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/yF2zdXHHNKoBy_2F7xqewB--hoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b6:5e:9e:58:cf:f6:c8:35:35:96:81:fb:9e:58:52:c8:3f:16:
         72:e0:c0:77:7c:8d:fe:81:6b:dd:37:e8:d5:5c:93:9c:a7:5a:
         b4:8e:51:e8:92:4e:30:20:bb:cd:e4:e3:26:c9:e4:e2:6a:e8:
         d1:fa:d4:4a:0e:0f:17:65:f5:4e:f4:4d:64:76:60:c6:9a:d7:
         07:c9:32:d8:75:87:49:43:3d:97:b8:44:10:93:e5:5f:7f:37:
         dd:e9:bf:48:a1:38:a1:f5:f0:c1:b4:b7:a4:c2:f8:39:00:f4:
         59:86:57:dd:ba:d2:98:24:aa:60:d0:c0:aa:63:5b:d4:f8:01:
         38:91:39:c5:57:43:9c:22:0c:e4:f6:c0:70:58:74:76:5c:2d:
         c9:74:49:57:87:5f:80:db:01:1b:bb:bb:9b:64:a2:ab:bb:86:
         bf:93:3b:fc:3d:ec:15:0a:4e:fc:59:0c:e8:11:dc:2d:80:ec:
         47:1e:8a:a8:e8:ad:aa:40:9a:d0:cd:32:12:19:83:61:a7:f0:
         7a:d8:05:1d:4b:05:92:99:3e:f5:0b:71:99:01:c5:fb:b7:6f:
         b2:bb:02:b6:8a:8e:bb:12:d3:67:11:27:bd:dd:95:cd:dc:c5:
         8d:ae:93:7e:5d:c1:5d:a8:cd:36:fa:58:d2:de:1a:3f:7a:95:
         d6:15:a4:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0zm785JL6kWwsqPL5gsvl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI4MDg0MjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODVkYjM3NTcxYzczNGFhMDFjYmZkODVlZjFhOWVjMDFmYmU4Njg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzloM4K1NzmoIozDvItstLMx1ofYs
plBWU1GBF8gBjrkq+vtb3Ds51R9vWnVxpcghRStgGps0x92EX+t0wOk5ENG/0B/1
N0n20esw96lgpY3SRKNZLpeRHLu3eG/I3vcYeROKcd5PQyftt6AhEL6W5TsTx5HE
x7rUS/2MKcRICQm8/pRZfppyyxfGwoOzG5/B6h6y3dU6nbVBahDeZ+4uh6qPsgrX
hRnJQ+9fPKxf3YvqX4rhmVcHR8ajOkQGAAGwQi9Y+H2Xylfx+ojRtW6Bq89MIU+F
50xhUiBpp2hsullKyrFICEgZFoTSlc+X1Dxvv+RQKUklZ2L5M/xKYw0wBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhds3VxxzSqAcv9he8ansAfvoaEMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEveUYyemRYSEhOS29CeV8yRjd4cWV3Qi0taG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDk1pgMA0G
CSqGSIb3DQEBCwUAA4IBAQC2Xp5Yz/bINTWWgfueWFLIPxZy4MB3fI3+gWvdN+jV
XJOcp1q0jlHokk4wILvN5OMmyeTiaujR+tRKDg8XZfVO9E1kdmDGmtcHyTLYdYdJ
Qz2XuEQQk+Vffzfd6b9IoTih9fDBtLekwvg5APRZhlfdutKYJKpg0MCqY1vU+AE4
kTnFV0OcIgzk9sBwWHR2XC3JdElXh1+A2wEbu7ubZKKru4a/kzv8PewVCk78WQzo
EdwtgOxHHoqo6K2qQJrQzTISGYNhp/B62AUdSwWSmT71C3GZAcX7t2+yuwK2io67
EtNnESe93ZXN3MWNrpN+XcFdqM02+ljS3ho/epXWFaRV
-----END CERTIFICATE-----