Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/QxvtLUQvfw4XcAhpO4UYtJQjEjo.roa
File:                     QxvtLUQvfw4XcAhpO4UYtJQjEjo.roa (raw, json)
Hash identifier:          7GQVGt7ssjAutxK27900jX/cKndwnn6VRUhEFhd894M=
Subject key identifier:   43:1B:ED:2D:44:2F:7F:0E:17:70:08:69:3B:85:18:B4:94:23:12:3A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019EAB1134C0EA4A2E937133817DF6509F1A
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/QxvtLUQvfw4XcAhpO4UYtJQjEjo.roa
Signing time:             Tue 09 Jun 2026 06:28:12 +0000
ROA not before:           Tue 09 Jun 2026 06:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        147.90.37.0/24 maxlen: 24
                          147.90.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 17:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:11:34:c0:ea:4a:2e:93:71:33:81:7d:f6:50:9f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  9 06:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=431bed2d442f7f0e177008693b8518b49423123a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f1:e9:a6:73:69:00:5f:b5:51:73:10:e4:7c:
                    b6:e1:5a:be:33:81:c0:94:df:28:9a:27:90:b5:5c:
                    0b:b0:1b:49:b7:f8:f6:5c:fd:f4:61:ba:cf:e7:eb:
                    b9:b8:7e:c3:a4:30:d9:79:60:0b:03:a3:50:a7:a5:
                    9f:78:73:76:dc:a5:cb:1a:f2:dd:d2:13:d5:8f:d7:
                    95:a6:98:1c:db:10:dc:73:1c:2f:46:01:18:7a:ec:
                    c8:3c:e3:84:d8:44:08:fe:54:aa:ee:2b:95:e7:11:
                    85:99:5b:52:b3:bf:26:c1:2d:3f:d2:42:55:b6:65:
                    e3:95:3e:fc:4c:0f:13:fa:4c:99:37:85:fb:f1:56:
                    12:22:ac:88:0a:7e:cd:24:9b:e9:3c:fb:25:89:95:
                    8a:62:22:68:59:31:6a:e3:fa:df:cd:f3:78:24:bf:
                    7a:0c:00:f0:fa:a7:aa:a1:c2:e9:3a:97:b1:28:5d:
                    05:f7:75:8d:db:21:ef:b2:39:d7:47:57:b9:ae:22:
                    26:c9:ba:3b:35:be:fc:5e:61:fe:94:40:fe:19:5f:
                    d4:bf:8c:8e:7b:4e:44:b7:73:50:0c:72:da:60:8e:
                    56:3b:87:b6:0e:d0:00:a7:c3:98:56:0d:6f:81:f6:
                    1f:fb:9b:18:e2:f4:ee:a7:87:22:4d:5f:e0:ce:74:
                    bf:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1B:ED:2D:44:2F:7F:0E:17:70:08:69:3B:85:18:B4:94:23:12:3A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/QxvtLUQvfw4XcAhpO4UYtJQjEjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.37.0/24
                  147.90.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:8b:1e:cb:8b:b2:6e:4f:12:b3:c9:bb:ec:11:e1:7e:f9:74:
         55:cf:2c:15:ea:17:72:2a:43:59:12:52:47:c1:98:b6:2b:c1:
         3b:b0:ad:89:5d:5a:31:a3:12:97:b3:74:23:22:ee:dc:cb:b7:
         7a:b2:3d:aa:7c:a4:fa:46:75:29:36:66:43:c1:3f:75:65:be:
         1f:46:4f:c0:a0:c0:51:f0:f5:98:93:99:43:45:df:df:8a:f8:
         59:5e:d7:5d:48:17:cd:f2:0b:bb:d5:46:ee:a1:ca:5e:68:7d:
         e0:c2:1a:08:53:0d:b1:00:60:57:6a:18:81:4e:56:0a:2c:c7:
         82:d1:2a:a8:e3:72:95:86:bb:6b:b9:2f:f0:94:87:0c:7a:67:
         f9:31:c5:87:1c:f2:91:a1:d7:06:27:25:bc:4c:38:87:87:37:
         dc:7c:89:ff:e2:41:23:94:2e:69:e3:69:c1:bb:d3:0e:36:95:
         6d:45:04:51:23:9f:c4:04:9f:39:41:33:51:79:06:4f:b9:87:
         f9:16:18:70:3c:17:a3:94:10:a2:81:55:93:bf:36:3f:dc:4d:
         4b:7c:8e:ad:b1:2c:94:d7:31:64:74:a7:ab:ba:9f:3a:38:10:
         59:52:38:7b:97:94:43:73:d5:4d:c9:4d:7b:12:1b:b0:3a:65:
         17:db:10:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6rETTA6kouk3EzgX32UJ8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA5MDYyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFiZWQyZDQ0MmY3ZjBlMTc3MDA4NjkzYjg1MThiNDk0MjMxMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfHppnNpAF+1UXMQ5Hy24Vq+M4HA
lN8omieQtVwLsBtJt/j2XP30YbrP5+u5uH7DpDDZeWALA6NQp6WfeHN23KXLGvLd
0hPVj9eVppgc2xDccxwvRgEYeuzIPOOE2EQI/lSq7iuV5xGFmVtSs78mwS0/0kJV
tmXjlT78TA8T+kyZN4X78VYSIqyICn7NJJvpPPsliZWKYiJoWTFq4/rfzfN4JL96
DADw+qeqocLpOpexKF0F93WN2yHvsjnXR1e5riImybo7Nb78XmH+lED+GV/Uv4yO
e05Et3NQDHLaYI5WO4e2DtAAp8OYVg1vgfYf+5sY4vTup4ciTV/gznS/zQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEMb7S1EL38OF3AIaTuFGLSUIxI6MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUXh2dExVUXZmdzRYY0FocE80VVl0SlFqRWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1olAwQA
k1oyMA0GCSqGSIb3DQEBCwUAA4IBAQCgix7Li7JuTxKzybvsEeF++XRVzywV6hdy
KkNZElJHwZi2K8E7sK2JXVoxoxKXs3QjIu7cy7d6sj2qfKT6RnUpNmZDwT91Zb4f
Rk/AoMBR8PWYk5lDRd/fivhZXtddSBfN8gu71UbuocpeaH3gwhoIUw2xAGBXahiB
TlYKLMeC0Sqo43KVhrtruS/wlIcMemf5McWHHPKRodcGJyW8TDiHhzfcfIn/4kEj
lC5p42nBu9MONpVtRQRRI5/EBJ85QTNReQZPuYf5FhhwPBejlBCigVWTvzY/3E1L
fI6tsSyU1zFkdKerup86OBBZUjh7l5RDc9VNyU17EhuwOmUX2xAD
-----END CERTIFICATE-----