Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pKH5qjYpTQl1GCo-pwuwhaO0eJg.roa
File:                     pKH5qjYpTQl1GCo-pwuwhaO0eJg.roa (raw, json)
Hash identifier:          8deSTWrYC7C+C3NbYBqJ0irFr90pVpOsBBzRqLJar0I=
Subject key identifier:   A4:A1:F9:AA:36:29:4D:09:75:18:2A:3E:A7:0B:B0:85:A3:B4:78:98
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019C9EB5E6D9BE5CF4F624EB01FA160CCE42
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pKH5qjYpTQl1GCo-pwuwhaO0eJg.roa
Signing time:             Fri 27 Feb 2026 10:47:27 +0000
ROA not before:           Fri 27 Feb 2026 10:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        147.90.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9e:b5:e6:d9:be:5c:f4:f6:24:eb:01:fa:16:0c:ce:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 27 10:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4a1f9aa36294d0975182a3ea70bb085a3b47898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f5:71:f7:86:90:12:37:be:16:c5:de:88:75:
                    fe:33:20:a0:3b:1e:62:89:a7:bc:48:b5:21:74:98:
                    1c:bd:07:65:26:09:ec:29:8b:86:7a:07:9f:65:b9:
                    0c:05:68:75:6a:81:86:2e:91:fb:af:6e:28:91:e0:
                    fe:10:66:38:eb:d4:cb:a7:e0:fb:83:38:01:fd:d1:
                    e0:c7:6a:e9:fc:7d:71:6c:fa:84:09:08:8f:74:46:
                    ce:14:81:f0:4f:c7:12:da:33:ee:32:02:96:10:d9:
                    26:bb:47:3a:57:46:45:0e:fa:90:c1:84:a4:0e:0d:
                    40:d5:68:8a:05:4d:ba:fe:46:db:68:4a:b0:43:94:
                    36:94:e6:01:43:cd:c8:34:64:49:28:54:88:b9:e6:
                    00:2f:ee:0c:59:ec:7c:ac:09:69:b1:f7:87:ac:6d:
                    3c:9d:e9:9f:2d:1f:d2:1b:bc:e9:0f:3f:48:c4:6e:
                    95:13:77:9c:44:c1:c6:e8:e6:ea:b4:ab:9f:ce:ef:
                    42:c5:33:19:b4:c4:a9:c3:bb:09:cd:a2:12:a5:9a:
                    30:a3:96:10:4d:8e:bc:a5:d6:05:62:86:7c:0e:cf:
                    4c:4d:35:6c:2d:3a:26:80:01:9d:49:7c:d5:ec:80:
                    81:c7:7d:78:71:17:dc:4f:cc:37:27:59:89:25:a2:
                    a9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A1:F9:AA:36:29:4D:09:75:18:2A:3E:A7:0B:B0:85:A3:B4:78:98
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pKH5qjYpTQl1GCo-pwuwhaO0eJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:c0:fb:83:3a:eb:7d:54:d3:d5:e5:8c:d2:ff:94:37:22:a2:
         d4:c1:18:1f:96:a1:88:a5:ca:21:e6:d0:58:e2:4a:8e:f9:5e:
         b6:46:79:6d:18:77:15:ec:b3:39:8f:6d:87:5d:73:a7:26:1e:
         28:12:73:6e:51:83:28:5e:38:ff:ed:c2:74:11:47:d8:af:db:
         16:fd:d8:ac:b7:dd:c7:37:1d:8a:5c:b8:c3:4c:ed:d3:77:6a:
         e8:ed:04:f6:f0:4a:35:04:f7:0b:c5:d7:93:44:40:65:a1:a5:
         84:f4:5a:91:79:1c:e4:08:b0:de:db:ae:a0:df:cc:2e:49:07:
         d8:3d:98:65:26:14:03:52:4e:5b:e8:99:a7:1f:30:64:36:b3:
         20:af:8a:3c:b4:52:eb:e9:20:78:63:78:2d:67:3a:f1:44:12:
         62:98:33:75:24:09:6f:e7:f2:66:e7:80:10:4f:b6:6c:46:8e:
         fc:99:f3:61:dc:4d:b9:f3:b9:90:71:ff:21:20:39:ab:25:8c:
         39:ac:e8:04:a5:b2:b6:de:a5:1e:ff:b1:db:4a:4f:8c:f7:ca:
         60:0f:41:c1:fb:b4:de:96:1d:9a:2a:3d:c8:7b:f6:4b:f0:9e:
         05:9b:b7:2b:e8:2d:2a:ac:1b:d3:c9:d5:4f:2d:b9:85:73:29:
         8f:51:1d:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyetebZvlz09iTrAfoWDM5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMjI3MTA0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGExZjlhYTM2Mjk0ZDA5NzUxODJhM2VhNzBiYjA4NWEzYjQ3ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvVx94aQEje+FsXeiHX+MyCgOx5i
iae8SLUhdJgcvQdlJgnsKYuGegefZbkMBWh1aoGGLpH7r24okeD+EGY469TLp+D7
gzgB/dHgx2rp/H1xbPqECQiPdEbOFIHwT8cS2jPuMgKWENkmu0c6V0ZFDvqQwYSk
Dg1A1WiKBU26/kbbaEqwQ5Q2lOYBQ83INGRJKFSIueYAL+4MWex8rAlpsfeHrG08
nemfLR/SG7zpDz9IxG6VE3ecRMHG6ObqtKufzu9CxTMZtMSpw7sJzaISpZowo5YQ
TY68pdYFYoZ8Ds9MTTVsLTomgAGdSXzV7ICBx314cRfcT8w3J1mJJaKpHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSh+ao2KU0JdRgqPqcLsIWjtHiYMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcEtINXFqWXBUUWwxR0NvLXB3dXdoYU8wZUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rqMA0G
CSqGSIb3DQEBCwUAA4IBAQC+wPuDOut9VNPV5YzS/5Q3IqLUwRgflqGIpcoh5tBY
4kqO+V62RnltGHcV7LM5j22HXXOnJh4oEnNuUYMoXjj/7cJ0EUfYr9sW/dist93H
Nx2KXLjDTO3Td2ro7QT28Eo1BPcLxdeTREBloaWE9FqReRzkCLDe266g38wuSQfY
PZhlJhQDUk5b6JmnHzBkNrMgr4o8tFLr6SB4Y3gtZzrxRBJimDN1JAlv5/Jm54AQ
T7ZsRo78mfNh3E2587mQcf8hIDmrJYw5rOgEpbK23qUe/7HbSk+M98pgD0HB+7Te
lh2aKj3Ie/ZL8J4Fm7cr6C0qrBvTydVPLbmFcymPUR1A
-----END CERTIFICATE-----