Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pi9WmwgLudVb1lKKH79QQ-2HDYw.roa
File:                     pi9WmwgLudVb1lKKH79QQ-2HDYw.roa (raw, json)
Hash identifier:          umOXUB1EppAz9bCGN2Z1zVi2OPJH+66X8gHQ6K8ugxc=
Subject key identifier:   A6:2F:56:9B:08:0B:B9:D5:5B:D6:52:8A:1F:BF:50:43:ED:87:0D:8C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019EB1C891A52085B7A297343AD5C329DC8E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pi9WmwgLudVb1lKKH79QQ-2HDYw.roa
Signing time:             Wed 10 Jun 2026 13:46:12 +0000
ROA not before:           Wed 10 Jun 2026 13:46:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     147003
IP address blocks:        147.90.16.0/23 maxlen: 24
                          147.90.66.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:c8:91:a5:20:85:b7:a2:97:34:3a:d5:c3:29:dc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun 10 13:46:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a62f569b080bb9d55bd6528a1fbf5043ed870d8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:05:ab:7d:7f:5f:5a:48:9a:4b:cf:49:80:6d:
                    34:43:29:22:a8:1f:4f:bb:a2:9a:04:50:bb:6e:e0:
                    c2:89:f2:46:96:a8:10:78:60:2c:05:d1:e3:0a:d6:
                    b6:0f:13:77:73:17:8c:62:40:68:09:cd:9e:6b:0a:
                    99:55:0b:93:8d:b3:bf:bf:de:18:08:f7:45:0d:cc:
                    ad:91:f1:5e:9c:60:2c:ba:c3:70:0d:c9:f3:5d:e0:
                    64:8b:c6:74:7b:2e:83:06:0f:b9:02:e7:c2:01:91:
                    8b:a9:b1:b2:68:36:e3:83:97:2a:44:19:94:82:3d:
                    4c:85:88:6f:61:4d:6a:ff:0e:05:f5:83:c9:12:78:
                    6f:d5:30:75:c3:da:78:83:49:31:70:f0:09:ca:af:
                    73:72:f1:80:15:c1:6c:46:f3:0f:ff:b0:65:80:a0:
                    9e:5f:e4:f8:5d:1c:c7:59:3f:f1:8c:ca:c7:84:94:
                    20:ab:e8:51:62:d2:cc:95:dd:c1:d8:fb:d5:76:a1:
                    a0:1a:e2:d7:de:63:4d:f6:dd:31:0b:65:9e:1a:3f:
                    81:18:61:28:de:f2:e2:67:23:79:f3:d4:7e:35:20:
                    5c:d1:2d:7c:b0:b2:14:6c:a5:ae:43:2a:ca:72:b4:
                    9b:d9:b8:ef:43:5a:93:eb:9c:e5:88:c1:fe:8a:f6:
                    ed:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:2F:56:9B:08:0B:B9:D5:5B:D6:52:8A:1F:BF:50:43:ED:87:0D:8C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/pi9WmwgLudVb1lKKH79QQ-2HDYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.16.0/23
                  147.90.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:60:7c:a6:22:9e:5e:26:11:94:11:c0:71:5d:94:4b:51:d9:
         db:e8:78:ff:ae:93:3d:10:c0:b1:ee:29:b3:0d:66:b4:23:eb:
         f0:cd:a3:ed:36:b5:78:62:2d:d2:c0:87:40:c5:ef:77:03:72:
         07:32:ba:36:ca:58:94:62:3f:3a:71:b9:0f:ae:d6:fe:b4:40:
         25:45:5a:b6:a0:88:70:af:bf:97:64:f3:98:7a:82:a6:ff:5f:
         0a:1a:7e:45:16:1e:23:35:7a:12:b1:96:16:55:41:0f:8c:6d:
         21:c0:7c:d4:74:e2:63:34:83:c7:fa:ef:2e:72:a0:7b:d8:56:
         f3:9c:2f:05:21:ed:45:f4:ab:78:2b:15:4e:59:aa:ba:62:e1:
         5c:e0:44:61:40:5b:29:69:9f:61:30:39:08:38:08:fc:4f:c0:
         ec:80:1c:19:d4:9b:61:d7:19:78:18:ca:01:81:de:9c:87:e4:
         ef:ed:f5:da:ab:1c:aa:1a:16:c1:b1:b4:d7:06:bb:7c:a6:44:
         28:58:9d:6a:1f:83:27:22:d2:40:96:8d:44:b8:66:4e:ca:03:
         61:3a:18:08:b6:60:28:6e:98:35:09:54:7e:15:ca:57:16:89:
         4e:ac:c6:60:a8:59:24:8c:30:2c:94:5b:8e:1b:eb:15:19:69:
         ea:5f:e8:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6xyJGlIIW3opc0OtXDKdyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjEwMTM0NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjJmNTY5YjA4MGJiOWQ1NWJkNjUyOGExZmJmNTA0M2VkODcwZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAWrfX9fWkiaS89JgG00QykiqB9P
u6KaBFC7buDCifJGlqgQeGAsBdHjCta2DxN3cxeMYkBoCc2eawqZVQuTjbO/v94Y
CPdFDcytkfFenGAsusNwDcnzXeBki8Z0ey6DBg+5AufCAZGLqbGyaDbjg5cqRBmU
gj1MhYhvYU1q/w4F9YPJEnhv1TB1w9p4g0kxcPAJyq9zcvGAFcFsRvMP/7BlgKCe
X+T4XRzHWT/xjMrHhJQgq+hRYtLMld3B2PvVdqGgGuLX3mNN9t0xC2WeGj+BGGEo
3vLiZyN589R+NSBc0S18sLIUbKWuQyrKcrSb2bjvQ1qT65zliMH+ivbtrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKYvVpsIC7nVW9ZSih+/UEPthw2MMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcGk5V213Z0x1ZFZiMWxLS0g3OVFRLTJIRFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBk1oQAwQB
k1pCMA0GCSqGSIb3DQEBCwUAA4IBAQB+YHymIp5eJhGUEcBxXZRLUdnb6Hj/rpM9
EMCx7imzDWa0I+vwzaPtNrV4Yi3SwIdAxe93A3IHMro2yliUYj86cbkPrtb+tEAl
RVq2oIhwr7+XZPOYeoKm/18KGn5FFh4jNXoSsZYWVUEPjG0hwHzUdOJjNIPH+u8u
cqB72FbznC8FIe1F9Kt4KxVOWaq6YuFc4ERhQFspaZ9hMDkIOAj8T8DsgBwZ1Jth
1xl4GMoBgd6ch+Tv7fXaqxyqGhbBsbTXBrt8pkQoWJ1qH4MnItJAlo1EuGZOygNh
OhgItmAobpg1CVR+FcpXFolOrMZgqFkkjDAslFuOG+sVGWnqX+hb
-----END CERTIFICATE-----