Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aPFVJGMHk6yMgrrQKkwCbA1tm-g.roa
File:                     aPFVJGMHk6yMgrrQKkwCbA1tm-g.roa (raw, json)
Hash identifier:          5OAzpM9n9HGco3N8Q2LcLPW0f0kYF2tFmK2uFAmdexs=
Subject key identifier:   68:F1:55:24:63:07:93:AC:8C:82:BA:D0:2A:4C:02:6C:0D:6D:9B:E8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D81D51C63F409BDF46FB2E6182FC72B62
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aPFVJGMHk6yMgrrQKkwCbA1tm-g.roa
Signing time:             Sun 12 Apr 2026 13:15:20 +0000
ROA not before:           Sun 12 Apr 2026 13:15:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51847
IP address blocks:        147.90.66.0/23 maxlen: 24
                          147.90.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:d5:1c:63:f4:09:bd:f4:6f:b2:e6:18:2f:c7:2b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 12 13:15:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68f15524630793ac8c82bad02a4c026c0d6d9be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:45:16:55:80:d8:63:4a:77:a7:f2:30:4a:60:
                    9a:2d:ef:65:a5:4b:75:1c:06:5b:e6:6d:a5:51:be:
                    1f:0b:96:03:d9:d8:bb:04:01:35:18:ed:54:2b:72:
                    c4:0f:4f:e7:c3:a5:bb:00:36:c4:b2:c1:0d:51:8e:
                    97:30:4d:7c:f8:57:14:1f:b3:d0:1f:df:d3:c6:42:
                    33:42:66:db:3f:0e:02:4f:8f:18:bd:67:26:38:5a:
                    f8:38:92:70:94:65:5e:ae:43:02:f9:c1:13:83:59:
                    8b:b7:42:7a:21:a6:35:70:d9:9e:15:89:39:6b:84:
                    79:b4:8c:c4:e6:2b:92:a3:67:eb:4a:b1:b6:55:c2:
                    3c:8e:4b:87:0d:a5:3f:27:8c:53:38:97:41:70:5a:
                    08:06:17:9e:eb:1b:49:f6:f8:a1:67:8f:e9:f6:bc:
                    bc:30:81:de:c3:1b:42:5f:2e:9b:19:cd:e9:b5:49:
                    0b:d8:fd:e4:86:ae:d5:b0:2f:3f:d0:2c:4a:cf:9f:
                    d5:85:32:77:93:53:9b:3a:b1:d3:08:91:2b:8b:61:
                    f6:81:0b:cf:fc:a4:a0:63:d8:c0:d3:84:dd:05:c2:
                    79:d9:54:01:5d:f7:2e:8e:de:48:6b:78:35:8b:aa:
                    b8:1d:25:10:7b:b4:5b:1a:f7:b1:4e:55:2a:11:82:
                    79:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F1:55:24:63:07:93:AC:8C:82:BA:D0:2A:4C:02:6C:0D:6D:9B:E8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aPFVJGMHk6yMgrrQKkwCbA1tm-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.66.0/23
                  147.90.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d7:00:62:a0:a9:99:f0:c7:2d:85:2d:44:ec:49:a1:b2:15:5d:
         d4:44:90:94:ee:7c:f8:cd:92:c0:59:34:45:8b:a3:e9:f7:22:
         0c:c4:65:18:54:86:2d:bc:7c:fe:81:a4:a3:9f:53:42:a8:ef:
         40:fd:71:0a:3b:b1:f0:36:2e:52:7d:db:a7:74:6a:01:15:3e:
         04:ff:aa:a7:04:c3:b5:5b:72:67:b9:a2:f3:2f:ae:24:db:9b:
         e6:ba:fa:3b:43:23:2f:ee:c3:ca:a3:48:4f:54:2e:18:59:83:
         04:0a:91:b3:58:1a:c6:01:72:dd:7d:bb:19:83:3e:6e:91:2e:
         3f:4b:ab:3b:07:dc:b8:9a:8d:85:4b:83:0b:74:28:5c:0d:d0:
         12:95:d5:e9:89:17:3c:f8:6c:8c:af:11:e4:e8:71:6e:65:4b:
         5e:c5:08:82:b6:93:94:35:f3:0d:04:0f:be:1e:dd:02:61:0a:
         d1:1d:9d:bd:6d:d8:79:52:bd:2f:af:17:87:bf:c8:5d:6b:ba:
         f0:3d:44:93:81:4f:2d:9d:f0:f0:3a:64:b2:58:e1:cd:4f:03:
         19:c8:3f:98:af:28:2a:bc:c2:80:3f:7a:7f:f5:29:66:71:0c:
         6c:c6:63:bb:bf:cd:81:79:c3:56:d8:9c:f9:8b:90:83:66:41:
         f8:5a:39:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2B1Rxj9Am99G+y5hgvxytiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDEyMTMxNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGYxNTUyNDYzMDc5M2FjOGM4MmJhZDAyYTRjMDI2YzBkNmQ5YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUUWVYDYY0p3p/IwSmCaLe9lpUt1
HAZb5m2lUb4fC5YD2di7BAE1GO1UK3LED0/nw6W7ADbEssENUY6XME18+FcUH7PQ
H9/TxkIzQmbbPw4CT48YvWcmOFr4OJJwlGVerkMC+cETg1mLt0J6IaY1cNmeFYk5
a4R5tIzE5iuSo2frSrG2VcI8jkuHDaU/J4xTOJdBcFoIBhee6xtJ9vihZ4/p9ry8
MIHewxtCXy6bGc3ptUkL2P3khq7VsC8/0CxKz5/VhTJ3k1ObOrHTCJEri2H2gQvP
/KSgY9jA04TdBcJ52VQBXfcujt5Ia3g1i6q4HSUQe7RbGvexTlUqEYJ5DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjxVSRjB5OsjIK60CpMAmwNbZvoMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYVBGVkpHTUhrNnlNZ3JyUUtrd0NiQTF0bS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBk1pCAwQB
k1pYMA0GCSqGSIb3DQEBCwUAA4IBAQDXAGKgqZnwxy2FLUTsSaGyFV3URJCU7nz4
zZLAWTRFi6Pp9yIMxGUYVIYtvHz+gaSjn1NCqO9A/XEKO7HwNi5SfdundGoBFT4E
/6qnBMO1W3JnuaLzL64k25vmuvo7QyMv7sPKo0hPVC4YWYMECpGzWBrGAXLdfbsZ
gz5ukS4/S6s7B9y4mo2FS4MLdChcDdASldXpiRc8+GyMrxHk6HFuZUtexQiCtpOU
NfMNBA++Ht0CYQrRHZ29bdh5Ur0vrxeHv8hda7rwPUSTgU8tnfDwOmSyWOHNTwMZ
yD+YrygqvMKAP3p/9SlmcQxsxmO7v82BecNW2Jz5i5CDZkH4WjmP
-----END CERTIFICATE-----