Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/499hdYRYGTlyYlB6NRAHud358ng.roa
File:                     499hdYRYGTlyYlB6NRAHud358ng.roa (raw, json)
Hash identifier:          IaAL9KXNg4R3o4nDLkQhvnQbWyEgCTCV0stvAnRu5wA=
Subject key identifier:   E3:DF:61:75:84:58:19:39:72:62:50:7A:35:10:07:B9:DD:F9:F2:78
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DF6B1535B2A448E1DD0001BDCF8120C0C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/499hdYRYGTlyYlB6NRAHud358ng.roa
Signing time:             Tue 05 May 2026 05:51:49 +0000
ROA not before:           Tue 05 May 2026 05:51:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        147.90.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f6:b1:53:5b:2a:44:8e:1d:d0:00:1b:dc:f8:12:0c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  5 05:51:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3df6175845819397262507a351007b9ddf9f278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:13:28:03:4b:0f:49:ae:3a:a6:31:7a:9f:3a:
                    f1:40:14:d0:8c:9b:82:0b:33:c1:d0:98:42:77:25:
                    17:8c:f3:d4:c0:c6:7b:4f:c3:1f:26:b0:d4:4c:86:
                    de:d4:e2:2a:d0:e2:e6:8d:dc:89:4d:cd:38:4c:08:
                    ee:ff:b5:58:9b:20:79:fe:30:7e:91:da:db:a2:62:
                    4a:5d:79:b3:0d:5c:fa:ed:44:ba:10:a2:77:c4:32:
                    c9:27:54:b2:d4:04:f3:73:b0:59:d5:ca:34:55:cb:
                    32:4d:5f:72:01:bd:e5:9d:7d:ab:30:12:83:43:45:
                    ff:ab:21:ee:50:f4:3b:86:dd:0c:d1:b7:e6:44:88:
                    12:9c:18:ec:4a:dd:49:a4:fb:a9:e7:81:c9:b4:03:
                    87:f1:42:98:58:d8:1b:ef:7b:2e:91:88:34:11:e5:
                    66:67:29:d0:51:35:f2:30:0b:b5:c3:4b:90:62:b5:
                    b6:d9:71:94:42:be:4e:4b:61:cd:09:92:ea:ed:8b:
                    74:8e:7a:4d:98:7b:48:10:d5:54:27:9d:b5:b4:f6:
                    95:4c:c3:90:8a:2b:1e:97:78:d3:1b:73:e5:17:bb:
                    a9:41:c8:6d:33:2e:f1:a5:db:aa:7c:33:ee:81:37:
                    3e:3f:cb:b2:e4:fb:a3:65:a9:af:7e:27:33:32:ad:
                    fc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DF:61:75:84:58:19:39:72:62:50:7A:35:10:07:B9:DD:F9:F2:78
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/499hdYRYGTlyYlB6NRAHud358ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:b7:fa:be:bb:ae:b1:af:3b:5f:b0:9e:a9:b9:8a:44:69:09:
         bf:22:2d:d0:81:f1:ca:55:48:b0:3e:4b:ce:09:f8:1e:de:74:
         07:8a:fb:ab:b8:80:3c:0c:94:f3:86:a9:14:12:36:bc:2e:13:
         0a:8a:78:64:e1:b9:7b:90:14:85:96:4c:ce:00:49:75:23:9a:
         37:c0:e8:dc:a7:cf:c2:f1:a5:cf:33:a7:fb:41:8b:0a:c5:d2:
         35:f6:61:31:a9:c0:c2:d1:07:f6:86:8a:04:7b:13:e0:cd:ae:
         6a:14:2a:35:cf:e7:36:48:f7:2f:2b:7a:b1:70:53:09:a3:6c:
         95:f1:0a:61:13:74:08:45:51:b0:62:73:f0:c8:ac:c2:56:98:
         6d:0d:f7:8e:b8:15:81:18:1e:c5:3e:7f:84:e6:de:ce:e0:6b:
         76:96:96:c6:84:08:97:aa:59:64:b8:37:40:e3:64:b4:3e:d1:
         5b:b0:a1:0e:af:1a:73:32:72:e8:67:d2:05:fc:4a:81:05:a4:
         77:68:e7:03:ad:77:44:e1:72:4a:17:66:b1:cd:10:93:87:77:
         ed:aa:23:30:26:c3:f1:58:16:78:96:8d:7a:f7:c0:90:06:c1:
         e1:ad:ae:a9:8f:82:95:f8:63:7b:e1:04:6d:78:b5:97:7d:c3:
         f4:05:6c:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ32sVNbKkSOHdAAG9z4EgwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTA1MDU1MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2RmNjE3NTg0NTgxOTM5NzI2MjUwN2EzNTEwMDdiOWRkZjlmMjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RMoA0sPSa46pjF6nzrxQBTQjJuC
CzPB0JhCdyUXjPPUwMZ7T8MfJrDUTIbe1OIq0OLmjdyJTc04TAju/7VYmyB5/jB+
kdrbomJKXXmzDVz67US6EKJ3xDLJJ1Sy1ATzc7BZ1co0VcsyTV9yAb3lnX2rMBKD
Q0X/qyHuUPQ7ht0M0bfmRIgSnBjsSt1JpPup54HJtAOH8UKYWNgb73sukYg0EeVm
ZynQUTXyMAu1w0uQYrW22XGUQr5OS2HNCZLq7Yt0jnpNmHtIENVUJ521tPaVTMOQ
iisel3jTG3PlF7upQchtMy7xpduqfDPugTc+P8uy5PujZamvficzMq38ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPfYXWEWBk5cmJQejUQB7nd+fJ4MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvNDk5aGRZUllHVGx5WWxCNk5SQUh1ZDM1OG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oBMA0G
CSqGSIb3DQEBCwUAA4IBAQBvt/q+u66xrztfsJ6puYpEaQm/Ii3QgfHKVUiwPkvO
Cfge3nQHivuruIA8DJTzhqkUEja8LhMKinhk4bl7kBSFlkzOAEl1I5o3wOjcp8/C
8aXPM6f7QYsKxdI19mExqcDC0Qf2hooEexPgza5qFCo1z+c2SPcvK3qxcFMJo2yV
8QphE3QIRVGwYnPwyKzCVphtDfeOuBWBGB7FPn+E5t7O4Gt2lpbGhAiXqllkuDdA
42S0PtFbsKEOrxpzMnLoZ9IF/EqBBaR3aOcDrXdE4XJKF2axzRCTh3ftqiMwJsPx
WBZ4lo1698CQBsHhra6pj4KV+GN74QRteLWXfcP0BWwI
-----END CERTIFICATE-----