Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/z4_BmsW_lyz9_l4Bfpme4hQyIpk.roa
File:                     z4_BmsW_lyz9_l4Bfpme4hQyIpk.roa (raw, json)
Hash identifier:          knqn/RP8tw7crXV3Om7Rthw31BbRUB9zgxL34UKZOok=
Subject key identifier:   CF:8F:C1:9A:C5:BF:97:2C:FD:FE:5E:01:7E:99:9E:E2:14:32:22:99
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DEA38E1AB0DD721F244DFA1E6A2D0BE1D
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/z4_BmsW_lyz9_l4Bfpme4hQyIpk.roa
Signing time:             Sat 02 May 2026 19:44:49 +0000
ROA not before:           Sat 02 May 2026 19:44:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201386
IP address blocks:        147.90.16.0/24 maxlen: 24
                          158.173.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ea:38:e1:ab:0d:d7:21:f2:44:df:a1:e6:a2:d0:be:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  2 19:44:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf8fc19ac5bf972cfdfe5e017e999ee214322299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2e:b9:c5:d1:c5:c7:b9:04:9d:ba:e6:45:88:
                    29:39:d4:98:4a:7e:05:e8:fd:2f:30:91:eb:d1:8c:
                    15:05:09:4d:2a:9b:9e:37:a5:1d:db:0c:18:5e:8f:
                    3b:a4:17:f0:7e:65:1d:d4:fe:31:0f:75:8c:d8:a7:
                    e2:e4:87:e4:8c:76:0f:c5:11:1e:79:df:ad:ad:78:
                    62:8d:2a:f9:6f:03:e9:76:e6:01:07:30:bd:f9:ca:
                    6e:04:68:96:29:ee:5b:87:d0:a7:78:0d:a7:b2:b0:
                    d0:7e:1c:77:f4:74:b4:e2:f3:81:ee:d4:15:b3:7f:
                    80:9e:86:3f:4f:0d:a7:8a:45:b9:83:b8:c5:71:f8:
                    ca:58:28:7b:c6:cf:7a:76:36:b7:16:40:9f:5a:19:
                    3a:a3:f1:65:34:7a:78:d9:f7:71:a9:af:ae:2d:52:
                    f6:a7:b3:96:2b:b2:36:2e:52:5f:f8:48:27:bc:bb:
                    ec:9c:1a:9a:c0:d4:77:b0:7a:75:b2:88:e3:9a:6a:
                    f0:62:93:99:5e:7c:79:e9:a0:a9:6e:e3:72:e8:fe:
                    27:f7:cf:2d:4e:46:9d:fa:73:bc:e7:f2:e3:17:7e:
                    03:9d:1f:79:99:a8:77:7c:eb:8b:f0:7f:61:3e:08:
                    40:fd:18:60:ce:f5:8e:28:78:f3:1f:d0:d5:a2:49:
                    00:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8F:C1:9A:C5:BF:97:2C:FD:FE:5E:01:7E:99:9E:E2:14:32:22:99
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/z4_BmsW_lyz9_l4Bfpme4hQyIpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.16.0/24
                  158.173.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ea:01:1b:fb:df:d5:93:59:96:1b:fc:d9:54:7b:c1:23:e5:
         30:e4:31:be:70:8e:f9:22:0b:fc:95:2a:36:1e:70:03:cd:4e:
         9a:93:f3:90:d4:1e:0d:d6:2a:e0:db:fb:0d:98:62:a0:a1:a3:
         ae:36:7d:98:84:e4:91:ac:67:d5:0b:93:2d:5c:c4:5e:8b:3e:
         09:c4:48:13:a0:03:8d:10:46:97:c2:9b:de:ef:53:ae:94:92:
         55:3d:84:3f:f0:12:8d:2b:d8:ed:92:f0:19:9e:cf:51:8d:e7:
         c6:57:c1:4d:5c:f5:cc:3d:12:55:22:49:72:ff:a6:f3:53:41:
         d1:db:a9:39:a9:06:90:d6:d6:6c:bf:9b:3f:1b:6a:6a:b1:66:
         3e:a6:f9:06:a7:20:6b:37:2e:86:65:c8:39:5a:d8:8e:8e:2f:
         79:d5:b4:3d:18:dd:2f:c5:2e:f3:6a:f0:af:54:a8:59:2b:22:
         f4:2f:d6:95:4e:db:15:0b:8b:05:1a:b4:7c:5e:2e:f9:ad:47:
         97:77:50:11:c4:07:8e:72:ba:a1:b9:25:b4:18:83:12:da:ad:
         6b:fe:6b:f6:5f:c1:0c:cb:1c:6d:b9:00:48:a3:6b:07:88:6e:
         ab:c1:51:d4:cc:1d:dd:ac:7a:c1:a5:54:8e:ae:ef:77:57:ef:
         d9:35:08:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3qOOGrDdch8kTfoeai0L4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTAyMTk0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjhmYzE5YWM1YmY5NzJjZmRmZTVlMDE3ZTk5OWVlMjE0MzIyMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1C65xdHFx7kEnbrmRYgpOdSYSn4F
6P0vMJHr0YwVBQlNKpueN6Ud2wwYXo87pBfwfmUd1P4xD3WM2Kfi5IfkjHYPxREe
ed+trXhijSr5bwPpduYBBzC9+cpuBGiWKe5bh9CneA2nsrDQfhx39HS04vOB7tQV
s3+AnoY/Tw2nikW5g7jFcfjKWCh7xs96dja3FkCfWhk6o/FlNHp42fdxqa+uLVL2
p7OWK7I2LlJf+EgnvLvsnBqawNR3sHp1sojjmmrwYpOZXnx56aCpbuNy6P4n988t
Tkad+nO85/LjF34DnR95mah3fOuL8H9hPghA/RhgzvWOKHjzH9DVokkA0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+PwZrFv5cs/f5eAX6ZnuIUMiKZMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvejRfQm1zV19seXo5X2w0QmZwbWU0aFF5SXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1oQAwQA
nq3AMA0GCSqGSIb3DQEBCwUAA4IBAQCl6gEb+9/Vk1mWG/zZVHvBI+Uw5DG+cI75
Igv8lSo2HnADzU6ak/OQ1B4N1irg2/sNmGKgoaOuNn2YhOSRrGfVC5MtXMReiz4J
xEgToAONEEaXwpve71OulJJVPYQ/8BKNK9jtkvAZns9RjefGV8FNXPXMPRJVIkly
/6bzU0HR26k5qQaQ1tZsv5s/G2pqsWY+pvkGpyBrNy6GZcg5WtiOji951bQ9GN0v
xS7zavCvVKhZKyL0L9aVTtsVC4sFGrR8Xi75rUeXd1ARxAeOcrqhuSW0GIMS2q1r
/mv2X8EMyxxtuQBIo2sHiG6rwVHUzB3drHrBpVSOru93V+/ZNQj3
-----END CERTIFICATE-----