Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RbwWlrFcOadAKAa8Kd2eRH9Q-wg.roa
File:                     RbwWlrFcOadAKAa8Kd2eRH9Q-wg.roa (raw, json)
Hash identifier:          60CNC0kQDnraYoYjjsw2uGa4+No9iofhNuw4KqLm7cc=
Subject key identifier:   45:BC:16:96:B1:5C:39:A7:40:28:06:BC:29:DD:9E:44:7F:50:FB:08
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E0760FCC4E149DD7CD3BD8FC00FF1FE30
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RbwWlrFcOadAKAa8Kd2eRH9Q-wg.roa
Signing time:             Fri 08 May 2026 11:37:37 +0000
ROA not before:           Fri 08 May 2026 11:37:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        147.90.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:60:fc:c4:e1:49:dd:7c:d3:bd:8f:c0:0f:f1:fe:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  8 11:37:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45bc1696b15c39a7402806bc29dd9e447f50fb08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b4:af:b6:cb:2b:91:9f:64:f6:53:b5:0b:f9:
                    cd:fa:fa:01:6a:b4:57:19:23:67:39:9a:0d:80:76:
                    69:6c:97:2f:f5:af:36:24:6b:0b:7f:fe:55:97:3d:
                    b5:f9:4b:43:16:19:96:3f:e7:29:5b:52:75:97:6d:
                    35:c6:4b:43:4d:8a:0e:7e:ec:ec:94:3f:1d:fe:9a:
                    ca:8a:43:2b:5b:62:5b:8e:81:63:96:a8:64:92:1c:
                    00:43:81:89:2b:ff:6b:cd:41:95:16:73:65:c3:f8:
                    4d:2c:c0:6c:d5:d2:bf:6f:01:c8:30:55:3b:96:8c:
                    a6:cd:56:7e:8a:5c:8c:5d:dc:44:55:8f:f1:f4:b5:
                    9c:25:e8:ea:0a:38:ac:09:0f:21:21:b6:08:a4:21:
                    cc:d0:f9:c1:e4:13:60:e7:fc:4d:a9:22:6c:c7:54:
                    30:4a:9f:55:d3:c0:ba:3b:25:f1:6d:ea:54:4e:74:
                    e3:84:94:d9:01:ce:bb:97:f5:2b:f7:ec:ca:90:f3:
                    a4:27:5e:10:b3:fc:2d:93:e7:82:6c:c2:b8:dc:ac:
                    95:e8:b3:89:8f:2e:4c:f0:ef:f4:ba:2a:42:c6:46:
                    8e:62:c0:f2:00:c8:8f:3b:23:99:c8:75:55:ac:92:
                    0f:44:a7:38:f2:15:4c:8c:64:ce:81:c9:d1:7e:1d:
                    07:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:BC:16:96:B1:5C:39:A7:40:28:06:BC:29:DD:9E:44:7F:50:FB:08
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/RbwWlrFcOadAKAa8Kd2eRH9Q-wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:86:a3:cb:e4:43:12:aa:39:47:e4:05:7b:b3:7d:9c:fa:e4:
         8c:6c:3d:6e:57:d5:b7:7a:50:0e:b1:9c:21:b2:b3:34:fc:fc:
         22:92:63:e1:20:b0:13:45:b2:73:5d:1e:15:fb:06:46:4f:35:
         93:da:db:8b:06:94:75:82:88:0f:64:1f:d7:c8:53:02:82:54:
         3c:47:38:5e:ba:31:73:96:30:a5:15:c9:a5:3c:9b:4c:a4:1b:
         f8:c6:88:f8:79:4e:02:92:eb:d8:8c:82:df:a1:b0:30:e6:56:
         2c:35:21:3d:bd:07:29:04:09:19:26:53:bc:20:6e:fa:86:b8:
         4f:1f:d5:6a:c2:61:4b:09:94:2f:78:2a:3e:9d:b9:b7:a5:60:
         15:89:72:ee:37:04:54:67:f7:e1:1b:d9:5c:a5:51:83:45:e0:
         4c:c9:2f:41:3e:17:b0:36:8c:b1:d5:87:9b:b7:d8:13:bc:c1:
         e2:bf:54:0a:86:91:00:a0:eb:8a:ea:24:0a:4d:86:35:62:99:
         ef:1f:a2:8f:f2:96:49:f3:52:58:85:14:04:0f:a5:b2:c5:da:
         47:f0:ad:ba:6d:3f:94:4a:90:b7:e9:dc:87:a3:2a:5a:63:a5:
         f1:3d:fb:1d:27:3d:6d:ca:fb:ec:f2:ac:28:47:da:9b:9d:6e:
         5f:13:4f:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4HYPzE4UndfNO9j8AP8f4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTA4MTEzNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWJjMTY5NmIxNWMzOWE3NDAyODA2YmMyOWRkOWU0NDdmNTBmYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubSvtssrkZ9k9lO1C/nN+voBarRX
GSNnOZoNgHZpbJcv9a82JGsLf/5Vlz21+UtDFhmWP+cpW1J1l201xktDTYoOfuzs
lD8d/prKikMrW2JbjoFjlqhkkhwAQ4GJK/9rzUGVFnNlw/hNLMBs1dK/bwHIMFU7
loymzVZ+ilyMXdxEVY/x9LWcJejqCjisCQ8hIbYIpCHM0PnB5BNg5/xNqSJsx1Qw
Sp9V08C6OyXxbepUTnTjhJTZAc67l/Ur9+zKkPOkJ14Qs/wtk+eCbMK43KyV6LOJ
jy5M8O/0uipCxkaOYsDyAMiPOyOZyHVVrJIPRKc48hVMjGTOgcnRfh0H3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEW8FpaxXDmnQCgGvCndnkR/UPsIMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvUmJ3V2xyRmNPYWRBS0FhOEtkMmVSSDlRLXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rdMA0G
CSqGSIb3DQEBCwUAA4IBAQC5hqPL5EMSqjlH5AV7s32c+uSMbD1uV9W3elAOsZwh
srM0/PwikmPhILATRbJzXR4V+wZGTzWT2tuLBpR1gogPZB/XyFMCglQ8RzheujFz
ljClFcmlPJtMpBv4xoj4eU4CkuvYjILfobAw5lYsNSE9vQcpBAkZJlO8IG76hrhP
H9VqwmFLCZQveCo+nbm3pWAViXLuNwRUZ/fhG9lcpVGDReBMyS9BPhewNoyx1Yeb
t9gTvMHiv1QKhpEAoOuK6iQKTYY1YpnvH6KP8pZJ81JYhRQED6WyxdpH8K26bT+U
SpC36dyHoypaY6XxPfsdJz1tyvvs8qwoR9qbnW5fE0+Y
-----END CERTIFICATE-----