Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VTzeiRp0tie0DM2JDL0c1JSB7i8.roa
File:                     VTzeiRp0tie0DM2JDL0c1JSB7i8.roa (raw, json)
Hash identifier:          NPgxIPbe7yyLdF+tGq67S0HuGSeE1JurpQ6+0UkJ5JI=
Subject key identifier:   55:3C:DE:89:1A:74:B6:27:B4:0C:CD:89:0C:BD:1C:D4:94:81:EE:2F
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019EBC0B36F6838F62DC6BDD91709B7A3636
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VTzeiRp0tie0DM2JDL0c1JSB7i8.roa
Signing time:             Fri 12 Jun 2026 13:35:12 +0000
ROA not before:           Fri 12 Jun 2026 13:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210874
IP address blocks:        147.90.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:0b:36:f6:83:8f:62:dc:6b:dd:91:70:9b:7a:36:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun 12 13:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=553cde891a74b627b40ccd890cbd1cd49481ee2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:02:3b:55:92:cc:73:c9:5d:6d:2f:83:aa:9b:
                    ec:2d:ce:5f:a6:3b:c3:71:bb:e4:db:0a:f5:f5:64:
                    d7:4e:1c:af:b7:08:d5:d3:1e:bc:29:5d:9a:aa:b9:
                    f7:4d:e2:d6:af:3e:7d:ad:ba:c7:75:57:44:64:b0:
                    c1:a3:c6:a0:eb:1d:f9:23:70:d5:98:0b:f1:f1:f8:
                    62:86:81:0e:23:12:6b:f4:35:e4:ce:b9:58:5f:56:
                    cd:f1:34:56:b0:c8:76:85:c5:cb:37:61:31:97:70:
                    3d:6a:2a:76:f3:ec:32:ba:6c:da:59:ff:75:c0:2b:
                    6e:50:c5:4f:1b:53:46:94:0e:72:b7:e0:d8:3e:27:
                    98:96:17:3e:92:87:2b:e2:a1:98:dd:a8:bf:b2:81:
                    a2:bb:7c:30:d1:16:49:64:3b:d8:92:df:42:72:f7:
                    42:a1:ec:06:f6:b4:e3:cc:e8:f1:34:47:58:1f:22:
                    d4:2c:53:f2:50:53:75:c8:0d:ea:03:79:d3:64:a3:
                    ca:51:9e:61:23:0c:49:ae:72:80:00:8e:fb:cf:27:
                    a4:24:a6:45:85:8f:e5:1f:72:f6:0b:82:08:13:ba:
                    11:1c:6d:d0:2b:b6:f8:3c:b9:2b:d3:18:8c:a1:b5:
                    05:21:94:47:3d:af:e7:7f:b1:18:71:af:0d:de:ff:
                    2f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:3C:DE:89:1A:74:B6:27:B4:0C:CD:89:0C:BD:1C:D4:94:81:EE:2F
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VTzeiRp0tie0DM2JDL0c1JSB7i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         e7:9e:62:10:a8:40:e9:eb:de:88:3e:5b:9e:9b:0a:1b:0d:55:
         a0:ee:ec:55:6e:b5:b7:12:7b:13:b5:00:93:0e:b2:6a:20:a0:
         51:42:18:f1:c1:e0:82:e4:22:83:9c:1f:08:d8:e1:65:32:fd:
         ec:47:6b:da:89:24:07:b6:26:8a:01:aa:69:ec:87:5e:6e:5f:
         46:9e:b4:49:4c:e1:4b:16:a7:3e:b3:00:8b:48:93:18:48:85:
         67:cb:21:7d:aa:80:b2:a9:2a:40:a6:0e:83:c0:0b:46:2b:a8:
         20:5c:14:0c:6f:e6:d7:92:76:13:88:6b:6d:22:8b:f2:5b:c9:
         a7:ff:1c:17:21:d3:42:a6:e9:1b:83:9c:7a:6d:e3:43:4f:4e:
         23:f1:c7:82:bb:0a:f8:24:20:e1:48:10:a7:49:18:ee:b2:dc:
         86:71:6d:f0:4a:df:b2:d3:b7:bc:e4:96:c3:d8:3b:1d:35:9a:
         7a:41:1e:6e:4e:f4:5c:67:da:76:6c:06:a8:11:d7:4e:e7:eb:
         61:12:0d:ae:b8:8b:35:94:97:2a:08:de:eb:7a:e7:a5:31:dd:
         21:6a:e9:a2:f3:cf:84:2c:91:91:04:db:99:97:0a:43:93:51:
         ae:30:d4:d2:b8:d8:49:f8:84:b0:7d:27:f4:09:7d:4e:ef:18:
         9e:d3:4e:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68Czb2g49i3GvdkXCbejY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjEyMTMzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTNjZGU4OTFhNzRiNjI3YjQwY2NkODkwY2JkMWNkNDk0ODFlZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQI7VZLMc8ldbS+DqpvsLc5fpjvD
cbvk2wr19WTXThyvtwjV0x68KV2aqrn3TeLWrz59rbrHdVdEZLDBo8ag6x35I3DV
mAvx8fhihoEOIxJr9DXkzrlYX1bN8TRWsMh2hcXLN2Exl3A9aip28+wyumzaWf91
wCtuUMVPG1NGlA5yt+DYPieYlhc+kocr4qGY3ai/soGiu3ww0RZJZDvYkt9CcvdC
oewG9rTjzOjxNEdYHyLULFPyUFN1yA3qA3nTZKPKUZ5hIwxJrnKAAI77zyekJKZF
hY/lH3L2C4IIE7oRHG3QK7b4PLkr0xiMobUFIZRHPa/nf7EYca8N3v8vWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFU83okadLYntAzNiQy9HNSUge4vMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVlR6ZWlScDB0aWUwRE0ySkRMMGMxSlNCN2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFk1qAMA0G
CSqGSIb3DQEBCwUAA4IBAQDnnmIQqEDp696IPluemwobDVWg7uxVbrW3EnsTtQCT
DrJqIKBRQhjxweCC5CKDnB8I2OFlMv3sR2vaiSQHtiaKAapp7Idebl9GnrRJTOFL
Fqc+swCLSJMYSIVnyyF9qoCyqSpApg6DwAtGK6ggXBQMb+bXknYTiGttIovyW8mn
/xwXIdNCpukbg5x6beNDT04j8ceCuwr4JCDhSBCnSRjustyGcW3wSt+y07e85JbD
2DsdNZp6QR5uTvRcZ9p2bAaoEddO5+thEg2uuIs1lJcqCN7reuelMd0haumi88+E
LJGRBNuZlwpDk1GuMNTSuNhJ+ISwfSf0CX1O7xie005d
-----END CERTIFICATE-----