Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqJj9qgQ9__xCgPjZ9vQ9wf1c3g.roa
File:                     tqJj9qgQ9__xCgPjZ9vQ9wf1c3g.roa (raw, json)
Hash identifier:          FyMZ2MDN8chG3pGwz8+IhVUGNVEj9pshpXnI39M6Frg=
Subject key identifier:   B6:A2:63:F6:A8:10:F7:FF:F1:0A:03:E3:67:DB:D0:F7:07:F5:73:78
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CA3A63EB6A143A4B4BE2D22485FD779BD
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqJj9qgQ9__xCgPjZ9vQ9wf1c3g.roa
Signing time:             Sat 28 Feb 2026 09:48:27 +0000
ROA not before:           Sat 28 Feb 2026 09:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        147.90.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a3:a6:3e:b6:a1:43:a4:b4:be:2d:22:48:5f:d7:79:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Feb 28 09:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6a263f6a810f7fff10a03e367dbd0f707f57378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ac:30:3c:b6:cd:9e:61:5a:03:d6:eb:05:af:
                    12:5b:25:69:e9:29:b4:cb:85:43:6e:ff:c1:8c:5c:
                    c7:1e:77:64:e8:31:58:6a:1c:d2:28:fb:21:a0:1b:
                    6b:d9:ee:7f:a4:10:f4:ce:30:6b:c1:14:1e:32:9b:
                    53:59:8d:06:2d:3f:84:fb:98:db:f4:cc:be:7c:87:
                    e5:e3:67:32:58:4f:97:10:38:7e:f6:7e:9c:b0:4d:
                    c2:35:00:33:32:94:ee:bf:63:61:9b:58:63:24:3f:
                    65:ca:2e:86:ea:60:41:92:2b:e6:2d:ef:70:62:f6:
                    eb:99:62:0a:4f:f6:3a:b9:c0:79:6d:17:a1:17:11:
                    78:8f:23:0b:cc:1e:22:82:f2:90:9e:92:6b:21:c2:
                    6a:30:83:8f:27:61:e5:06:0f:c6:de:81:75:85:93:
                    dc:d7:06:f2:1b:c7:89:b3:e7:e7:59:71:5f:78:2d:
                    6c:1a:50:07:64:35:a7:e4:e0:13:d5:e3:83:bc:38:
                    c6:06:db:01:02:24:81:2c:c6:7c:45:65:36:07:fd:
                    60:2c:5a:9a:af:04:b2:ec:a1:8d:fc:23:73:8e:36:
                    83:6f:7a:4e:d6:96:86:e6:2c:77:34:d0:4f:31:44:
                    5e:7b:d3:62:81:f5:2c:9b:35:da:28:09:b8:2b:10:
                    ee:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A2:63:F6:A8:10:F7:FF:F1:0A:03:E3:67:DB:D0:F7:07:F5:73:78
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/tqJj9qgQ9__xCgPjZ9vQ9wf1c3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:3c:c7:1f:c9:47:90:b2:52:d6:81:ef:1e:81:07:33:1e:a0:
         c3:d4:66:64:89:63:ea:88:0f:64:5a:82:e4:0d:ed:74:ba:31:
         e9:82:a4:6f:dc:0e:0b:d8:00:7a:81:be:d0:ca:74:8c:5c:d9:
         2d:b2:ae:94:3f:cb:15:54:dc:a5:c3:cc:6d:8d:2a:97:8c:9a:
         ba:5a:d0:a3:0e:18:57:60:19:76:4b:72:f4:28:21:ca:17:9b:
         08:c7:5a:86:50:a8:c6:cd:e4:64:0e:40:d5:07:9b:7f:79:bc:
         0a:69:7f:73:7c:ee:da:0a:e4:f1:03:25:8f:88:cc:b0:88:a0:
         1c:9f:da:c2:fe:1b:75:b2:c1:eb:31:e9:b4:72:6f:db:96:eb:
         e4:1c:2b:ca:50:59:75:e4:1c:31:37:bc:9f:99:93:e8:6f:39:
         28:fd:bd:88:e9:23:b7:f9:b7:bc:3d:9a:ec:16:43:8b:10:ba:
         27:c3:4c:35:a2:46:86:fb:13:4b:f5:6a:00:9f:64:eb:a8:c0:
         9c:a5:f7:a0:9e:53:0a:23:2f:d4:3a:2a:3e:12:cb:0b:3b:61:
         74:12:e6:55:6a:d8:7e:3a:8f:a6:66:f2:21:bb:a1:4a:32:99:
         91:16:0d:e0:a3:66:a3:8c:22:73:d1:1d:30:af:c7:6f:54:a8:
         84:ea:77:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyjpj62oUOktL4tIkhf13m9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMjI4MDk0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmEyNjNmNmE4MTBmN2ZmZjEwYTAzZTM2N2RiZDBmNzA3ZjU3Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qwwPLbNnmFaA9brBa8SWyVp6Sm0
y4VDbv/BjFzHHndk6DFYahzSKPshoBtr2e5/pBD0zjBrwRQeMptTWY0GLT+E+5jb
9My+fIfl42cyWE+XEDh+9n6csE3CNQAzMpTuv2Nhm1hjJD9lyi6G6mBBkivmLe9w
YvbrmWIKT/Y6ucB5bRehFxF4jyMLzB4igvKQnpJrIcJqMIOPJ2HlBg/G3oF1hZPc
1wbyG8eJs+fnWXFfeC1sGlAHZDWn5OAT1eODvDjGBtsBAiSBLMZ8RWU2B/1gLFqa
rwSy7KGN/CNzjjaDb3pO1paG5ix3NNBPMURee9NigfUsmzXaKAm4KxDuBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaiY/aoEPf/8QoD42fb0PcH9XN4MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdHFKajlxZ1E5X194Q2dQalo5dlE5d2YxYzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oNMA0G
CSqGSIb3DQEBCwUAA4IBAQCGPMcfyUeQslLWge8egQczHqDD1GZkiWPqiA9kWoLk
De10ujHpgqRv3A4L2AB6gb7QynSMXNktsq6UP8sVVNylw8xtjSqXjJq6WtCjDhhX
YBl2S3L0KCHKF5sIx1qGUKjGzeRkDkDVB5t/ebwKaX9zfO7aCuTxAyWPiMywiKAc
n9rC/ht1ssHrMem0cm/bluvkHCvKUFl15BwxN7yfmZPobzko/b2I6SO3+be8PZrs
FkOLELonw0w1okaG+xNL9WoAn2TrqMCcpfegnlMKIy/UOio+EssLO2F0EuZVath+
Oo+mZvIhu6FKMpmRFg3go2ajjCJz0R0wr8dvVKiE6nfv
-----END CERTIFICATE-----