Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/uWtlHJRfTMJCvk8xQa7UxrLi39g.roa
File:                     uWtlHJRfTMJCvk8xQa7UxrLi39g.roa (raw, json)
Hash identifier:          +wOkOcOH/sTAlSgkWyKYtTNacDGmxnlY3OYHJV7V/jM=
Subject key identifier:   B9:6B:65:1C:94:5F:4C:C2:42:BE:4F:31:41:AE:D4:C6:B2:E2:DF:D8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D71387D5E12ED3963523710B7774C3393
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/uWtlHJRfTMJCvk8xQa7UxrLi39g.roa
Signing time:             Thu 09 Apr 2026 07:50:20 +0000
ROA not before:           Thu 09 Apr 2026 07:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397563
IP address blocks:        147.90.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:38:7d:5e:12:ed:39:63:52:37:10:b7:77:4c:33:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr  9 07:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b96b651c945f4cc242be4f3141aed4c6b2e2dfd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e8:cb:ac:a3:3b:85:c8:a9:28:a0:2d:57:a4:
                    99:36:2d:d3:14:a6:39:04:93:52:1c:4e:01:93:c7:
                    c0:e3:80:e3:3d:14:bc:13:3d:ac:5f:c6:27:ec:52:
                    c7:79:87:2d:42:3a:ea:c8:70:74:ed:70:5e:65:fa:
                    66:3f:f2:17:52:37:85:f9:74:c5:b0:84:a6:e9:7e:
                    cd:9e:24:bd:c2:cf:46:47:c6:c9:94:d8:61:ad:b3:
                    ab:39:f3:64:fa:7a:5d:a2:ae:2f:dc:81:98:d7:5c:
                    4f:1f:43:ca:1b:8e:3b:39:06:e4:70:e7:59:b5:75:
                    ad:b9:3d:5d:47:39:3d:23:7e:68:cb:21:e3:eb:3d:
                    d3:b9:9e:80:66:2a:0b:23:af:28:a4:cc:d5:eb:f2:
                    cf:48:7a:ce:45:17:43:74:05:60:34:29:0d:14:45:
                    f1:c9:83:ce:03:23:f9:8d:68:0c:79:79:9a:c8:89:
                    64:63:2c:48:d3:0b:f5:58:c9:3c:c0:66:23:f3:90:
                    c3:1f:7f:c7:f0:4f:21:15:f5:8e:d3:70:f6:62:31:
                    41:a1:21:91:75:3f:be:08:50:9d:c7:ec:bd:26:a0:
                    03:75:f6:4d:67:b7:14:1c:59:09:2f:b7:06:45:89:
                    73:3c:1b:c8:10:f0:cc:54:0f:be:98:32:2e:c6:81:
                    6f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6B:65:1C:94:5F:4C:C2:42:BE:4F:31:41:AE:D4:C6:B2:E2:DF:D8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/uWtlHJRfTMJCvk8xQa7UxrLi39g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:b8:7f:a6:c2:56:22:81:a6:63:4d:22:1c:2c:a0:f6:fb:b4:
         7a:cf:a5:ad:91:99:c2:34:66:33:e5:04:cb:23:01:8c:aa:d3:
         2f:77:7a:12:6d:64:65:d6:cb:6b:cb:b6:cf:aa:a0:3c:f2:69:
         8c:80:69:0e:b9:c8:54:a4:44:de:73:37:a5:23:15:a7:81:67:
         5e:76:fa:df:c8:27:c1:a5:5d:f0:5f:30:85:ba:8a:f2:6c:07:
         bf:97:2e:a7:c6:d8:ab:89:98:51:14:80:86:f3:e5:dd:71:9b:
         05:98:4e:96:46:a3:aa:db:68:f9:4b:3f:a0:6e:0d:32:ab:b4:
         1a:33:ad:05:a6:cc:5a:39:9a:14:2a:f4:b4:8e:ed:82:78:26:
         b8:26:96:f6:78:7c:ce:4d:54:f4:9a:89:68:49:b7:41:63:da:
         06:3f:7c:53:26:9b:49:ec:22:72:27:c9:35:73:dc:8e:ae:e3:
         7f:73:53:d4:37:d0:a1:93:5e:a9:1d:d8:ba:a3:95:4d:07:21:
         c3:c2:f9:75:4e:99:44:8e:9a:a0:ce:39:e3:a8:04:e2:76:21:
         75:e9:d6:7b:8d:99:f0:90:8d:d7:70:30:25:c9:78:be:e1:45:
         a6:05:cd:d8:ae:57:2b:a3:99:8a:1f:2b:bb:7a:2f:76:2b:a6:
         3f:51:7f:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xOH1eEu05Y1I3ELd3TDOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDA5MDc1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZiNjUxYzk0NWY0Y2MyNDJiZTRmMzE0MWFlZDRjNmIyZTJkZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxejLrKM7hcipKKAtV6SZNi3TFKY5
BJNSHE4Bk8fA44DjPRS8Ez2sX8Yn7FLHeYctQjrqyHB07XBeZfpmP/IXUjeF+XTF
sISm6X7NniS9ws9GR8bJlNhhrbOrOfNk+npdoq4v3IGY11xPH0PKG447OQbkcOdZ
tXWtuT1dRzk9I35oyyHj6z3TuZ6AZioLI68opMzV6/LPSHrORRdDdAVgNCkNFEXx
yYPOAyP5jWgMeXmayIlkYyxI0wv1WMk8wGYj85DDH3/H8E8hFfWO03D2YjFBoSGR
dT++CFCdx+y9JqADdfZNZ7cUHFkJL7cGRYlzPBvIEPDMVA++mDIuxoFviwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlrZRyUX0zCQr5PMUGu1May4t/YMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvdVd0bEhKUmZUTUpDdms4eFFhN1V4ckxpMzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oyMA0G
CSqGSIb3DQEBCwUAA4IBAQB6uH+mwlYigaZjTSIcLKD2+7R6z6WtkZnCNGYz5QTL
IwGMqtMvd3oSbWRl1stry7bPqqA88mmMgGkOuchUpETeczelIxWngWdedvrfyCfB
pV3wXzCFuorybAe/ly6nxtiriZhRFICG8+XdcZsFmE6WRqOq22j5Sz+gbg0yq7Qa
M60FpsxaOZoUKvS0ju2CeCa4Jpb2eHzOTVT0moloSbdBY9oGP3xTJptJ7CJyJ8k1
c9yOruN/c1PUN9Chk16pHdi6o5VNByHDwvl1TplEjpqgzjnjqATidiF16dZ7jZnw
kI3XcDAlyXi+4UWmBc3Yrlcro5mKHyu7ei92K6Y/UX9c
-----END CERTIFICATE-----