Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/0w4XcBQywwl1teApjX6VHSPuvgg.roa
File:                     0w4XcBQywwl1teApjX6VHSPuvgg.roa (raw, json)
Hash identifier:          /EcXOS7UzKKs89buMydMe2QfoMOWxkfJCW82u93ztaw=
Subject key identifier:   D3:0E:17:70:14:32:C3:09:75:B5:E0:29:8D:7E:95:1D:23:EE:BE:08
Certificate issuer:       /CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
Certificate serial:       019E2073BEB0BCDFAACF66457EB1A644EB30
Authority key identifier: E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/0w4XcBQywwl1teApjX6VHSPuvgg.roa
Signing time:             Wed 13 May 2026 08:28:36 +0000
ROA not before:           Wed 13 May 2026 08:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48807
IP address blocks:        185.90.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:20:73:be:b0:bc:df:aa:cf:66:45:7e:b1:a6:44:eb:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4f2a866202f4b8cbc33382d6e82d81d8964c80e
        Validity
            Not Before: May 13 08:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d30e17701432c30975b5e0298d7e951d23eebe08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1e:4b:d7:46:fc:89:d8:0f:1f:c0:4a:5c:a2:
                    e5:04:7d:cc:0b:e8:d5:44:c5:43:66:a0:aa:a4:8b:
                    c3:aa:03:49:f5:4b:6e:ae:0d:fa:45:cf:97:fd:49:
                    f9:ce:ed:db:53:c1:1c:56:47:b9:34:77:84:40:df:
                    46:5a:51:4e:f5:c3:6c:7c:db:b2:d7:27:c3:9a:9f:
                    aa:e6:b7:ce:12:6d:a8:18:10:4c:2e:41:be:aa:5d:
                    54:5a:b9:06:15:76:b4:10:34:4c:87:c3:6a:cd:53:
                    4f:c5:86:51:e4:45:46:4a:27:65:ee:54:88:1c:53:
                    b8:14:11:58:d3:29:59:1c:ba:19:bf:7e:78:2e:6d:
                    56:b2:89:84:5b:af:0a:68:72:12:71:07:6f:42:4a:
                    f8:45:e0:57:8a:b7:04:e6:a2:71:79:57:64:e4:a5:
                    b3:c8:72:19:5d:e6:c3:cb:23:5f:54:3d:b3:e3:86:
                    38:0d:22:91:29:e4:6e:1b:f1:19:e2:19:ac:fb:71:
                    97:e5:bf:f5:75:eb:61:c4:3f:b4:b5:e1:e0:ba:bd:
                    6a:e4:a8:08:b3:7a:37:78:07:6d:22:29:00:6a:94:
                    b7:8e:f2:2c:58:c7:be:c2:ef:a0:90:a0:22:6f:15:
                    83:1d:ea:8c:9c:f1:8a:5e:16:ef:5a:4e:5f:7c:7a:
                    e5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:0E:17:70:14:32:C3:09:75:B5:E0:29:8D:7E:95:1D:23:EE:BE:08
            X509v3 Authority Key Identifier:
                keyid:E4:F2:A8:66:20:2F:4B:8C:BC:33:38:2D:6E:82:D8:1D:89:64:C8:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5PKoZiAvS4y8MzgtboLYHYlkyA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/0w4XcBQywwl1teApjX6VHSPuvgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8791a1-e679-4663-a2da-1a513df069fc/1/5PKoZiAvS4y8MzgtboLYHYlkyA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:03:bd:55:46:e7:2b:ec:71:16:fc:14:d4:a6:8e:b6:3a:df:
         22:8c:fb:69:89:63:e0:89:e6:5a:cf:cb:37:8e:0a:af:38:19:
         2f:9b:13:fe:da:d5:8f:29:9e:7a:e8:9f:99:1b:16:b3:7d:2a:
         5f:90:f4:4b:b4:10:bb:a8:81:08:3b:5c:0a:9d:4b:8d:b2:db:
         8c:7a:15:45:ea:96:da:75:0f:cd:58:e5:5a:a1:8d:e5:ee:11:
         91:75:df:d2:bf:56:40:b8:e7:01:ac:72:f1:0e:2c:7c:c4:e4:
         2e:c3:fc:99:c6:9c:9f:ef:75:ad:6a:41:c0:3a:bd:4f:1a:79:
         ee:40:46:2d:57:9b:03:88:d9:15:fb:b2:ca:f2:0e:e7:99:23:
         f8:9e:e2:89:97:99:67:13:ad:12:38:b3:98:cb:7b:57:3c:df:
         1a:5f:81:a7:cc:53:bd:76:03:7f:1c:51:97:51:cf:0c:0a:3f:
         0b:e1:97:7b:b5:b3:4e:e3:93:6e:c0:ab:69:9a:90:a0:d9:b2:
         7f:38:15:3b:6c:fc:9e:38:8e:45:81:c5:77:1f:0a:0d:07:b9:
         ca:37:64:ab:82:90:36:c9:df:08:29:e3:fc:e8:43:0a:80:f3:
         28:d7:57:95:a3:9e:37:84:a6:7a:4e:7b:be:c6:5d:92:25:09:
         4c:dc:1f:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4gc76wvN+qz2ZFfrGmROswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZjJhODY2MjAyZjRiOGNiYzMzMzgyZDZlODJkODFkODk2
NGM4MGUwHhcNMjYwNTEzMDgyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzBlMTc3MDE0MzJjMzA5NzViNWUwMjk4ZDdlOTUxZDIzZWViZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB5L10b8idgPH8BKXKLlBH3MC+jV
RMVDZqCqpIvDqgNJ9Uturg36Rc+X/Un5zu3bU8EcVke5NHeEQN9GWlFO9cNsfNuy
1yfDmp+q5rfOEm2oGBBMLkG+ql1UWrkGFXa0EDRMh8NqzVNPxYZR5EVGSidl7lSI
HFO4FBFY0ylZHLoZv354Lm1WsomEW68KaHIScQdvQkr4ReBXircE5qJxeVdk5KWz
yHIZXebDyyNfVD2z44Y4DSKRKeRuG/EZ4hms+3GX5b/1dethxD+0teHgur1q5KgI
s3o3eAdtIikAapS3jvIsWMe+wu+gkKAibxWDHeqMnPGKXhbvWk5ffHrlzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMOF3AUMsMJdbXgKY1+lR0j7r4IMB8GA1UdIwQY
MBaAFOTyqGYgL0uMvDM4LW6C2B2JZMgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVBLb1ppQXZTNHk4TXpndGJvTFlIWWxreUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84NzkxYTEtZTY3OS00NjYzLWEyZGEt
MWE1MTNkZjA2OWZjLzEvMHc0WGNCUXl3d2wxdGVBcGpYNlZIU1B1dmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84NzkxYTEtZTY3OS00NjYzLWEyZGEtMWE1MTNkZjA2OWZj
LzEvNVBLb1ppQXZTNHk4TXpndGJvTFlIWWxreUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVqQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSA71VRucr7HEW/BTUpo62Ot8ijPtpiWPgieZaz8s3
jgqvOBkvmxP+2tWPKZ566J+ZGxazfSpfkPRLtBC7qIEIO1wKnUuNstuMehVF6pba
dQ/NWOVaoY3l7hGRdd/Sv1ZAuOcBrHLxDix8xOQuw/yZxpyf73WtakHAOr1PGnnu
QEYtV5sDiNkV+7LK8g7nmSP4nuKJl5lnE60SOLOYy3tXPN8aX4GnzFO9dgN/HFGX
Uc8MCj8L4Zd7tbNO45NuwKtpmpCg2bJ/OBU7bPyeOI5FgcV3HwoNB7nKN2SrgpA2
yd8IKeP86EMKgPMo11eVo543hKZ6Tnu+xl2SJQlM3B/L
-----END CERTIFICATE-----