Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mxtv6yv9-7i1PhLbewmMFmYxTtI.roa
File:                     mxtv6yv9-7i1PhLbewmMFmYxTtI.roa (raw, json)
Hash identifier:          hNFcU5B0LgIAvUIBv7uv5n/Txrov8sFfkE7HUqegqyo=
Subject key identifier:   9B:1B:6F:EB:2B:FD:FB:B8:B5:3E:12:DB:7B:09:8C:16:66:31:4E:D2
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D298D03145D9AA66ECF6BC9AFEA2BD77E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mxtv6yv9-7i1PhLbewmMFmYxTtI.roa
Signing time:             Thu 26 Mar 2026 09:50:00 +0000
ROA not before:           Thu 26 Mar 2026 09:50:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        147.90.19.0/24 maxlen: 24
                          147.90.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:8d:03:14:5d:9a:a6:6e:cf:6b:c9:af:ea:2b:d7:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 26 09:50:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b1b6feb2bfdfbb8b53e12db7b098c1666314ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:4b:5a:ba:3c:92:49:a8:20:6e:60:b4:49:
                    a1:46:19:5e:8d:48:cc:06:85:2b:6f:73:83:73:a5:
                    39:64:5a:4f:00:d3:96:b5:9f:f4:df:4b:26:3a:dc:
                    50:3c:dd:ca:53:c6:d0:9e:09:05:4c:12:1e:a1:42:
                    f9:d3:ad:62:14:41:77:85:db:94:ce:00:23:c4:2c:
                    63:35:b4:19:1e:61:7e:e8:07:1f:50:a7:4d:83:3b:
                    74:d8:e9:3d:34:3c:ae:da:31:6a:6a:93:8a:dc:ea:
                    77:f3:d2:69:dd:b0:ed:84:3e:3f:24:36:c8:13:49:
                    8d:2d:a8:35:b0:96:af:a2:59:1e:f1:2c:1e:8b:d5:
                    0b:7d:c5:d6:f7:77:54:ae:b9:27:09:49:fb:0d:97:
                    46:31:d8:68:15:19:84:48:25:3a:8c:70:b9:5c:ff:
                    e1:0d:36:11:ac:fd:bb:72:51:3f:d4:91:6e:5f:45:
                    1b:80:fb:e3:0a:57:64:52:64:90:f1:36:17:c2:48:
                    97:56:e6:d8:ad:34:5a:6f:26:7c:ef:b2:7d:bc:da:
                    2b:ee:42:f0:e1:99:f2:39:fe:18:7b:14:9c:f0:7e:
                    3b:7f:6e:c4:ba:be:07:ae:54:76:e6:b4:9a:62:82:
                    d3:93:5f:68:2b:c3:13:ab:2a:a5:8d:ae:27:85:b6:
                    fa:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1B:6F:EB:2B:FD:FB:B8:B5:3E:12:DB:7B:09:8C:16:66:31:4E:D2
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/mxtv6yv9-7i1PhLbewmMFmYxTtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.19.0/24
                  147.90.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:85:86:a3:c0:90:5d:ea:a0:aa:b7:16:d6:48:c8:7e:4f:ac:
         64:c0:4f:76:c2:90:c1:de:00:45:9c:50:6b:4f:fa:b7:68:9c:
         79:b6:db:68:39:fc:39:5a:dc:59:7e:6d:f5:61:36:54:4e:6a:
         c1:23:36:62:36:03:c5:2c:09:19:6b:ae:f6:70:7d:11:f5:ae:
         e2:b9:57:c4:ff:6c:8b:d4:3b:03:c5:61:46:c4:2f:f2:da:af:
         a4:7a:09:8c:e9:24:3b:dd:80:61:22:e5:ef:d3:8d:39:30:94:
         de:14:a5:cf:6d:c5:05:57:80:29:ce:04:85:1a:ff:8e:53:9b:
         28:c3:c8:27:2e:f1:0b:61:87:92:32:77:25:05:95:02:75:b2:
         2b:5b:1d:db:36:9d:d8:72:7b:e8:15:2e:44:27:5b:b4:62:8c:
         51:fc:10:42:55:cb:74:c1:af:62:c7:c8:2b:2d:fd:29:69:69:
         fb:eb:3e:78:76:bd:17:d1:b4:9f:23:d7:b5:e2:62:60:fe:43:
         36:d5:61:4a:b8:ec:f0:f0:b0:62:37:3f:db:3f:35:59:39:72:
         73:f7:b1:57:ed:c2:61:37:30:b5:85:ad:df:02:ed:50:9b:d4:
         fc:75:32:8b:e5:bf:60:0f:60:5b:02:f3:b1:c9:dc:ad:18:3e:
         0d:ea:84:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0pjQMUXZqmbs9rya/qK9d+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI2MDk1MDAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFiNmZlYjJiZmRmYmI4YjUzZTEyZGI3YjA5OGMxNjY2MzE0ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcJLWro8kkmoIG5gtEmhRhlejUjM
BoUrb3ODc6U5ZFpPANOWtZ/030smOtxQPN3KU8bQngkFTBIeoUL5061iFEF3hduU
zgAjxCxjNbQZHmF+6AcfUKdNgzt02Ok9NDyu2jFqapOK3Op389Jp3bDthD4/JDbI
E0mNLag1sJavolke8Swei9ULfcXW93dUrrknCUn7DZdGMdhoFRmESCU6jHC5XP/h
DTYRrP27clE/1JFuX0UbgPvjCldkUmSQ8TYXwkiXVubYrTRabyZ877J9vNor7kLw
4ZnyOf4YexSc8H47f27Eur4HrlR25rSaYoLTk19oK8MTqyqlja4nhbb6CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJsbb+sr/fu4tT4S23sJjBZmMU7SMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbXh0djZ5djktN2kxUGhMYmV3bU1GbVl4VHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1oTAwQA
k1oVMA0GCSqGSIb3DQEBCwUAA4IBAQC3hYajwJBd6qCqtxbWSMh+T6xkwE92wpDB
3gBFnFBrT/q3aJx5tttoOfw5WtxZfm31YTZUTmrBIzZiNgPFLAkZa672cH0R9a7i
uVfE/2yL1DsDxWFGxC/y2q+kegmM6SQ73YBhIuXv0405MJTeFKXPbcUFV4ApzgSF
Gv+OU5sow8gnLvELYYeSMnclBZUCdbIrWx3bNp3YcnvoFS5EJ1u0YoxR/BBCVct0
wa9ix8grLf0paWn76z54dr0X0bSfI9e14mJg/kM21WFKuOzw8LBiNz/bPzVZOXJz
97FX7cJhNzC1ha3fAu1Qm9T8dTKL5b9gD2BbAvOxydytGD4N6oTs
-----END CERTIFICATE-----