Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Q47EBx3iYpPm9cMBIDld3kOcVYc.roa
File:                     Q47EBx3iYpPm9cMBIDld3kOcVYc.roa (raw, json)
Hash identifier:          +8PaqpT1pFUTS/i8wBxvyMmHoEg2vvYM1jIb/GkwkiY=
Subject key identifier:   43:8E:C4:07:1D:E2:62:93:E6:F5:C3:01:20:39:5D:DE:43:9C:55:87
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D3D82D73944CE6E06A7A5A5BF1E620226
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Q47EBx3iYpPm9cMBIDld3kOcVYc.roa
Signing time:             Mon 30 Mar 2026 06:51:18 +0000
ROA not before:           Mon 30 Mar 2026 06:51:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199986
IP address blocks:        147.90.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3d:82:d7:39:44:ce:6e:06:a7:a5:a5:bf:1e:62:02:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 30 06:51:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=438ec4071de26293e6f5c30120395dde439c5587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f0:26:94:78:6b:f1:8b:56:f5:3c:2d:18:01:
                    70:3b:43:71:0b:17:50:ae:dc:fa:68:6b:c9:5d:ed:
                    2d:dc:f2:19:4f:fe:60:a1:bf:32:0f:95:10:fd:60:
                    2c:86:cc:a1:fc:62:4d:5c:f5:e4:34:78:98:ab:22:
                    72:ac:7a:3e:1e:b6:ad:e3:2c:72:cf:a0:4c:22:67:
                    b6:16:68:5f:36:46:a1:76:d4:61:60:6a:b5:bb:c2:
                    a0:f0:9c:ce:46:59:2b:01:a7:f9:b9:13:ab:9d:84:
                    8b:23:4b:fe:91:c1:3d:44:e0:1f:3c:6b:6d:7e:92:
                    99:1b:3e:e7:a4:e3:6f:91:11:32:21:46:32:03:a5:
                    d3:94:3c:62:1a:ad:1d:81:bd:b8:8a:5e:cc:a1:de:
                    f9:80:0c:b5:d1:0c:4a:b9:9e:b2:22:78:cb:15:ed:
                    23:84:7f:e1:fe:80:ba:95:b1:95:69:db:d0:2c:c0:
                    e0:bd:aa:8e:5c:84:7a:4d:98:54:22:e3:20:a5:a0:
                    52:2b:64:c4:c5:a1:88:42:1d:77:50:4d:e8:29:eb:
                    5f:56:ba:f6:b2:21:63:aa:54:e3:26:1d:66:dd:b7:
                    83:8d:c0:9d:d6:58:1f:bb:57:6b:57:b9:ac:95:02:
                    d8:e8:48:a9:a1:36:66:8b:38:ff:b9:c5:21:42:96:
                    ce:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8E:C4:07:1D:E2:62:93:E6:F5:C3:01:20:39:5D:DE:43:9C:55:87
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Q47EBx3iYpPm9cMBIDld3kOcVYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d2:87:21:a2:58:24:4a:9d:87:bc:66:97:74:3b:37:ac:5d:
         6e:62:9c:97:20:45:f8:65:98:36:12:d0:ac:6d:a8:98:70:2a:
         fe:e0:2f:0e:7d:d5:0e:98:a7:88:5e:61:78:d2:df:af:11:23:
         ef:31:e2:18:62:ed:57:d1:3b:09:b9:45:af:35:da:e7:9b:88:
         43:f4:89:ac:20:1a:8a:5b:6a:a1:79:02:ed:1a:4c:77:f1:c2:
         b9:1d:c9:80:7f:2a:03:ef:b2:40:3a:66:a3:21:8a:f0:ec:dc:
         2e:a3:32:4b:ee:c8:17:04:f1:f2:b4:2d:f4:22:3e:b2:51:d1:
         98:31:c0:56:27:b0:1f:63:df:2d:a8:16:ef:30:8c:7b:ad:0b:
         a0:63:65:59:4d:0c:92:1c:f0:5a:d6:fe:5c:6c:ea:e2:68:4a:
         b1:ba:93:7b:2b:56:9b:c8:4d:3b:92:62:b5:5e:3d:37:44:b9:
         79:a6:3c:80:f4:81:8a:07:9e:3c:b6:23:74:fe:3e:17:43:ac:
         ed:56:50:e1:b6:c4:9c:f8:f1:6e:13:6e:2f:e4:10:2a:f7:c4:
         39:8c:c1:4d:0c:1a:3b:f8:3c:3a:83:64:a1:9f:e5:93:d3:7b:
         1c:f5:30:cc:42:2a:ce:1b:8a:5f:41:5a:62:c5:88:d5:8d:3c:
         4c:2a:16:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ09gtc5RM5uBqelpb8eYgImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzMwMDY1MTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhlYzQwNzFkZTI2MjkzZTZmNWMzMDEyMDM5NWRkZTQzOWM1NTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PAmlHhr8YtW9TwtGAFwO0NxCxdQ
rtz6aGvJXe0t3PIZT/5gob8yD5UQ/WAshsyh/GJNXPXkNHiYqyJyrHo+Hrat4yxy
z6BMIme2FmhfNkahdtRhYGq1u8Kg8JzORlkrAaf5uROrnYSLI0v+kcE9ROAfPGtt
fpKZGz7npONvkREyIUYyA6XTlDxiGq0dgb24il7Mod75gAy10QxKuZ6yInjLFe0j
hH/h/oC6lbGVadvQLMDgvaqOXIR6TZhUIuMgpaBSK2TExaGIQh13UE3oKetfVrr2
siFjqlTjJh1m3beDjcCd1lgfu1drV7mslQLY6EipoTZmizj/ucUhQpbOYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOOxAcd4mKT5vXDASA5Xd5DnFWHMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUTQ3RUJ4M2lZcFBtOWNNQklEbGQza09jVlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oXMA0G
CSqGSIb3DQEBCwUAA4IBAQBY0ocholgkSp2HvGaXdDs3rF1uYpyXIEX4ZZg2EtCs
baiYcCr+4C8OfdUOmKeIXmF40t+vESPvMeIYYu1X0TsJuUWvNdrnm4hD9ImsIBqK
W2qheQLtGkx38cK5HcmAfyoD77JAOmajIYrw7NwuozJL7sgXBPHytC30Ij6yUdGY
McBWJ7AfY98tqBbvMIx7rQugY2VZTQySHPBa1v5cbOriaEqxupN7K1abyE07kmK1
Xj03RLl5pjyA9IGKB548tiN0/j4XQ6ztVlDhtsSc+PFuE24v5BAq98Q5jMFNDBo7
+Dw6g2Shn+WT03sc9TDMQirOG4pfQVpixYjVjTxMKhY4
-----END CERTIFICATE-----