Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2SGkVXS3gjmR0olkIKayfWyrVlU.roa
File:                     2SGkVXS3gjmR0olkIKayfWyrVlU.roa (raw, json)
Hash identifier:          +xPHlE0ujJwcsJJ11ddw5BIuPPnxRR+p8I+AEv6iWko=
Subject key identifier:   D9:21:A4:55:74:B7:82:39:91:D2:89:64:20:A6:B2:7D:6C:AB:56:55
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D005708B8428F582A50D813958387BFDD
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2SGkVXS3gjmR0olkIKayfWyrVlU.roa
Signing time:             Wed 18 Mar 2026 09:46:37 +0000
ROA not before:           Wed 18 Mar 2026 09:46:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203636
IP address blocks:        147.90.122.0/24 maxlen: 24
                          147.90.123.0/24 maxlen: 24
                          147.90.124.0/24 maxlen: 24
                          147.90.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:57:08:b8:42:8f:58:2a:50:d8:13:95:83:87:bf:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 18 09:46:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d921a45574b7823991d2896420a6b27d6cab5655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:54:7c:78:42:22:89:1d:b2:d1:f8:9b:97:2e:
                    ab:7d:e0:fb:90:63:4c:a0:05:f9:79:a8:aa:5b:b1:
                    a0:f5:a2:8a:ee:e7:bb:c1:e0:e3:ae:70:da:79:96:
                    b5:dc:b6:7c:ae:b3:5c:73:af:97:f1:2e:4c:98:e2:
                    67:dd:fc:c3:c7:b1:e3:ff:8e:55:9b:97:6d:82:32:
                    66:a3:4c:8f:fe:bc:84:f8:dd:e7:0b:ab:48:f8:f3:
                    61:4b:d5:9a:eb:b1:3c:0c:68:be:5b:14:53:09:01:
                    d1:92:e4:56:a5:02:22:50:77:3a:f9:18:79:fa:80:
                    d3:65:5f:ee:9a:fa:9d:c5:79:0c:03:b2:8f:25:3b:
                    0b:c7:87:04:3a:91:c0:ce:b7:22:d4:b1:97:72:82:
                    b4:ac:eb:7f:6b:ab:1e:30:a5:9d:7e:17:a3:f4:e9:
                    cb:ed:7d:ad:1e:b0:40:aa:4f:13:9e:9b:8d:01:6d:
                    5c:f4:6a:72:27:df:b1:d5:9c:5e:49:e2:ac:2b:b6:
                    00:08:0c:d6:0e:e5:bd:cb:28:6a:e9:32:3b:68:9c:
                    31:fd:f8:9c:09:e6:f1:9f:ed:b8:20:e6:4d:cf:2d:
                    f0:e5:b7:16:2c:ed:9a:4f:9f:da:21:29:df:08:15:
                    51:78:57:da:86:90:d6:2f:c0:93:6f:21:9e:16:89:
                    f3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:21:A4:55:74:B7:82:39:91:D2:89:64:20:A6:B2:7D:6C:AB:56:55
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2SGkVXS3gjmR0olkIKayfWyrVlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.122.0-147.90.125.255

    Signature Algorithm: sha256WithRSAEncryption
         70:1e:dc:ad:dd:2d:c8:7b:38:11:69:ee:a5:ab:7f:bf:0b:71:
         28:8f:a7:64:a2:88:c2:36:e0:90:80:83:23:35:72:a9:53:1c:
         21:0d:52:e5:3d:f0:b8:67:7b:82:d6:43:5b:9f:d3:83:cc:c3:
         c8:97:95:e5:f9:e8:e6:ee:28:8e:a5:93:48:3f:d7:32:07:de:
         7d:ac:51:91:8a:ca:f2:38:58:5e:af:4d:64:d0:e9:28:c1:61:
         6c:f4:fd:b2:fa:a7:a5:d7:56:b0:7b:2b:ec:49:ea:31:d6:19:
         1c:52:24:97:8c:99:ba:7f:fe:31:77:47:54:e5:e3:d7:c8:e4:
         99:25:b1:4b:3f:15:68:73:6d:00:64:d7:38:26:c8:5e:bd:29:
         62:18:ab:57:62:23:5e:33:7b:1a:c9:e2:1b:5e:dc:3c:70:3b:
         98:56:d6:f3:02:cd:4c:7a:4c:9b:66:e9:82:85:b0:97:26:de:
         63:c9:59:74:10:a4:78:a2:b6:1b:39:2e:f4:97:17:12:87:ef:
         72:fc:e6:33:fa:cb:55:57:94:46:79:82:22:ea:cf:ae:9d:0b:
         a9:b4:5d:3c:2a:1f:07:95:27:fe:b8:59:99:da:15:fd:40:18:
         0b:9d:f0:52:a9:f4:64:d2:f1:54:b9:03:ec:db:43:b9:a9:59:
         30:e8:fb:9c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0AVwi4Qo9YKlDYE5WDh7/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzE4MDk0NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTIxYTQ1NTc0Yjc4MjM5OTFkMjg5NjQyMGE2YjI3ZDZjYWI1NjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFR8eEIiiR2y0fibly6rfeD7kGNM
oAX5eaiqW7Gg9aKK7ue7weDjrnDaeZa13LZ8rrNcc6+X8S5MmOJn3fzDx7Hj/45V
m5dtgjJmo0yP/ryE+N3nC6tI+PNhS9Wa67E8DGi+WxRTCQHRkuRWpQIiUHc6+Rh5
+oDTZV/umvqdxXkMA7KPJTsLx4cEOpHAzrci1LGXcoK0rOt/a6seMKWdfhej9OnL
7X2tHrBAqk8TnpuNAW1c9GpyJ9+x1ZxeSeKsK7YACAzWDuW9yyhq6TI7aJwx/fic
Cebxn+24IOZNzy3w5bcWLO2aT5/aISnfCBVReFfahpDWL8CTbyGeFonzzwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNkhpFV0t4I5kdKJZCCmsn1sq1ZVMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMlNHa1ZYUzNnam1SMG9sa0lLYXlmV3lyVmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGTWnoD
BAGTWnwwDQYJKoZIhvcNAQELBQADggEBAHAe3K3dLch7OBFp7qWrf78LcSiPp2Si
iMI24JCAgyM1cqlTHCENUuU98Lhne4LWQ1uf04PMw8iXleX56ObuKI6lk0g/1zIH
3n2sUZGKyvI4WF6vTWTQ6SjBYWz0/bL6p6XXVrB7K+xJ6jHWGRxSJJeMmbp//jF3
R1Tl49fI5JklsUs/FWhzbQBk1zgmyF69KWIYq1diI14zexrJ4hte3DxwO5hW1vMC
zUx6TJtm6YKFsJcm3mPJWXQQpHiiths5LvSXFxKH73L85jP6y1VXlEZ5giLqz66d
C6m0XTwqHweVJ/64WZnaFf1AGAud8FKp9GTS8VS5A+zbQ7mpWTDo+5w=
-----END CERTIFICATE-----