Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-fNoeg3CyHdqXG6oJstPrXPT0Bg.roa
File:                     1-fNoeg3CyHdqXG6oJstPrXPT0Bg.roa (raw, json)
Hash identifier:          1QFy5wqujQfB4u15KsN2n6TDuXR/3Sp3g8TfQcQpK40=
Subject key identifier:   F9:F3:68:7A:0D:C2:C8:77:6A:5C:6E:A8:26:CB:4F:AD:73:D3:D0:18
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D293DF4D8B1F86EB9027226F2ABCEB76A
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-fNoeg3CyHdqXG6oJstPrXPT0Bg.roa
Signing time:             Thu 26 Mar 2026 08:23:39 +0000
ROA not before:           Thu 26 Mar 2026 08:23:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        147.90.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:31:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:3d:f4:d8:b1:f8:6e:b9:02:72:26:f2:ab:ce:b7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 26 08:23:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9f3687a0dc2c8776a5c6ea826cb4fad73d3d018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:07:d5:1c:52:86:04:fa:c2:8c:0c:3a:2d:8f:
                    c8:37:79:8d:7d:e2:87:74:56:67:af:65:ee:69:c3:
                    30:b2:41:f1:22:f7:76:cc:16:c3:e3:60:19:09:1b:
                    b5:9e:c6:8c:f8:18:ad:15:dc:d9:6b:8d:29:29:50:
                    a9:31:2e:c9:09:79:0d:ff:63:42:23:a8:b3:cd:27:
                    7b:81:ec:62:26:c1:6f:56:9b:97:91:e0:8d:aa:01:
                    6c:81:28:1b:c1:fd:2e:f0:c2:42:58:92:08:91:45:
                    4b:e5:21:cc:bf:0f:64:cc:49:83:3a:28:06:4c:46:
                    fa:00:3e:4f:05:2a:18:63:23:cd:bd:8b:00:c1:0f:
                    37:b2:dd:dc:c3:62:dd:f6:87:50:57:f9:9d:88:8d:
                    d9:30:ef:e7:3a:fa:17:15:6f:50:5e:8a:81:44:4c:
                    e6:9b:04:28:5f:72:5e:e2:3c:f0:6c:a5:86:c0:e2:
                    27:03:f0:a8:c8:d0:0d:46:c4:bb:9a:23:ce:08:42:
                    b8:d4:bf:33:16:02:c8:35:57:52:4a:40:af:07:2c:
                    45:c2:4f:3d:52:5b:5c:7b:01:53:88:86:08:40:42:
                    89:c8:18:90:db:c4:d1:eb:57:2c:5a:49:16:cd:a0:
                    57:ba:12:8f:35:e9:90:02:85:67:95:fe:a7:ab:b7:
                    b9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F3:68:7A:0D:C2:C8:77:6A:5C:6E:A8:26:CB:4F:AD:73:D3:D0:18
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-fNoeg3CyHdqXG6oJstPrXPT0Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:75:9b:85:51:57:c2:89:a1:a6:a0:10:6d:64:98:79:05:49:
         9b:a9:8c:3b:d6:51:00:9e:41:ec:f1:a0:f5:d1:55:df:f5:2c:
         99:5a:45:d9:c2:ff:92:a0:7f:21:4f:f7:f3:c3:5f:85:91:a7:
         4e:e8:75:d1:c4:d6:bc:7e:3e:c3:e3:02:8c:3d:4e:1b:4a:f9:
         3e:6b:9c:92:5f:99:ce:0b:8a:d2:d9:52:79:0c:8f:67:96:12:
         78:f9:aa:96:c3:aa:56:1f:69:79:0c:00:3f:3f:b4:06:4c:6c:
         d6:b5:5f:e5:77:24:6f:35:34:60:d8:61:cb:83:ea:6a:e0:f5:
         3d:5f:5c:01:22:bc:c2:ed:89:d9:f1:17:1c:db:ec:6f:5c:4a:
         97:44:fc:ca:1c:56:34:d4:2c:37:5c:3a:85:88:8e:21:52:66:
         ac:94:75:1c:6b:df:c8:9c:90:ca:41:cd:89:1d:1e:6d:7b:2d:
         47:30:52:79:05:62:cf:74:1a:af:66:72:f4:02:69:9b:b9:3e:
         f4:a8:79:94:00:04:09:88:04:ae:67:0b:84:16:a3:30:c1:9e:
         7b:55:6a:f8:47:74:1f:51:27:2f:51:38:6f:78:5c:dc:6d:b4:
         ff:86:12:4b:38:71:81:ac:03:15:f5:0a:71:5d:7e:6e:73:94:
         a6:f4:b1:20
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0pPfTYsfhuuQJyJvKrzrdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI2MDgyMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYzNjg3YTBkYzJjODc3NmE1YzZlYTgyNmNiNGZhZDczZDNkMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAfVHFKGBPrCjAw6LY/IN3mNfeKH
dFZnr2XuacMwskHxIvd2zBbD42AZCRu1nsaM+BitFdzZa40pKVCpMS7JCXkN/2NC
I6izzSd7gexiJsFvVpuXkeCNqgFsgSgbwf0u8MJCWJIIkUVL5SHMvw9kzEmDOigG
TEb6AD5PBSoYYyPNvYsAwQ83st3cw2Ld9odQV/mdiI3ZMO/nOvoXFW9QXoqBREzm
mwQoX3Je4jzwbKWGwOInA/CoyNANRsS7miPOCEK41L8zFgLINVdSSkCvByxFwk89
UltcewFTiIYIQEKJyBiQ28TR61csWkkWzaBXuhKPNemQAoVnlf6nq7e5kQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnzaHoNwsh3alxuqCbLT61z09AYMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMS1mTm9lZzNDeUhkcVhHNm9Kc3RQclhQVDBCZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvMmJhOTdlLTU5OGItNDhkZC04ZDU2LWY1ZmI3MWI5YTUx
Zi8xLzhFcFlCSDgzdThCWGxFdV9qSzJIUW9lVmt0by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJNaBjAN
BgkqhkiG9w0BAQsFAAOCAQEAkXWbhVFXwomhpqAQbWSYeQVJm6mMO9ZRAJ5B7PGg
9dFV3/UsmVpF2cL/kqB/IU/388NfhZGnTuh10cTWvH4+w+MCjD1OG0r5Pmuckl+Z
zguK0tlSeQyPZ5YSePmqlsOqVh9peQwAPz+0Bkxs1rVf5XckbzU0YNhhy4PqauD1
PV9cASK8wu2J2fEXHNvsb1xKl0T8yhxWNNQsN1w6hYiOIVJmrJR1HGvfyJyQykHN
iR0ebXstRzBSeQViz3Qar2Zy9AJpm7k+9Kh5lAAECYgErmcLhBajMMGee1Vq+Ed0
H1EnL1E4b3hc3G20/4YSSzhxgawDFfUKcV1+bnOUpvSxIA==
-----END CERTIFICATE-----