Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/UjVVJDkU_QFQ0rkmHbzjAXRUxOg.roa
File:                     UjVVJDkU_QFQ0rkmHbzjAXRUxOg.roa (raw, json)
Hash identifier:          1DE3eVfwV7ZiJ3s+0YPbxAX2NDY+k0IkBimQoP9xH0I=
Subject key identifier:   52:35:55:24:39:14:FD:01:50:D2:B9:26:1D:BC:E3:01:74:54:C4:E8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D293FC90032B47197AAAD9F199195F025
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/UjVVJDkU_QFQ0rkmHbzjAXRUxOg.roa
Signing time:             Thu 26 Mar 2026 08:25:39 +0000
ROA not before:           Thu 26 Mar 2026 08:25:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207158
IP address blocks:        147.90.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:3f:c9:00:32:b4:71:97:aa:ad:9f:19:91:95:f0:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 26 08:25:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=523555243914fd0150d2b9261dbce3017454c4e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:72:e7:a9:1a:b9:f7:1c:c4:83:cb:58:06:68:
                    00:15:33:fe:9a:7c:aa:37:d8:c0:16:cb:32:5c:0c:
                    8d:ee:3c:c5:7e:33:1e:70:b3:b6:76:75:a7:bc:fc:
                    dd:2d:63:ba:db:24:af:c3:27:95:0e:f7:15:b2:1e:
                    ed:75:f9:2c:c4:eb:18:c8:95:a0:8e:78:dc:01:77:
                    e8:15:28:d2:f6:ef:d2:41:15:dd:77:1a:b2:a9:ce:
                    71:ea:6c:37:68:b5:04:d8:99:af:e1:04:fe:8d:82:
                    d7:65:50:36:f6:86:e3:ef:ee:e0:50:c8:3d:a8:6c:
                    56:61:47:fc:93:ba:e9:dd:52:c2:63:b4:84:c6:7f:
                    99:ed:72:f0:12:52:59:fa:d2:22:0b:aa:9e:52:e4:
                    38:ad:96:d6:df:41:1f:1a:9b:a7:20:6a:0a:26:b7:
                    a3:75:09:fc:66:a7:cf:59:ab:86:8d:bf:a4:3b:73:
                    25:76:49:e9:e9:d4:c8:2a:47:21:99:c0:36:2e:ac:
                    eb:88:5f:89:26:e9:12:86:be:9e:6a:ce:f5:cb:5f:
                    07:72:f2:8e:56:39:fc:86:5c:16:3c:48:c7:55:4c:
                    30:40:63:43:ab:29:b0:e0:5e:cc:7b:40:f8:f4:36:
                    7a:bf:37:cc:07:23:89:c7:90:4a:a2:43:db:1e:77:
                    14:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:35:55:24:39:14:FD:01:50:D2:B9:26:1D:BC:E3:01:74:54:C4:E8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/UjVVJDkU_QFQ0rkmHbzjAXRUxOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:a2:50:69:7a:a1:78:e8:a3:fa:86:c3:ad:01:11:b1:fa:b6:
         5d:75:a5:d1:b5:89:cf:6e:60:3a:98:d2:9b:b7:11:23:82:cc:
         63:62:f1:9c:eb:9f:ab:9d:b9:a8:c9:88:16:ca:29:ad:9c:6e:
         ac:c1:12:b7:f6:21:21:d8:1c:cf:aa:9f:13:32:44:5a:01:63:
         68:fe:a7:11:1a:10:98:30:af:8f:b5:8e:9a:4b:f6:f8:05:3e:
         b0:c9:1a:f6:38:b1:fc:fd:d7:8f:a3:50:c3:68:4f:91:0b:e2:
         c4:63:06:7e:aa:a1:34:6d:a5:d6:20:0e:d6:cf:07:fa:fc:18:
         3b:7e:74:30:29:bd:94:bb:0f:b5:ea:5d:18:09:e6:56:a8:16:
         d9:b8:a9:bb:c1:81:43:d0:d9:f4:6b:43:fd:78:c1:6c:ce:66:
         08:89:ea:f3:f8:05:e3:f6:75:1e:91:01:d9:b6:e9:b0:66:82:
         d0:17:c1:0d:e8:7a:23:80:dc:4b:e5:6e:27:5f:fc:be:f0:87:
         52:35:0d:4e:01:a3:a3:18:02:c6:ee:19:54:c3:6d:ec:32:9d:
         7a:76:27:c7:60:76:a3:85:4e:4a:a6:5c:f3:37:3c:ee:df:57:
         1f:e1:92:ba:86:f5:df:fe:6a:b6:f9:ed:9c:02:6d:64:90:c8:
         79:ec:1c:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pP8kAMrRxl6qtnxmRlfAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI2MDgyNTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM1NTUyNDM5MTRmZDAxNTBkMmI5MjYxZGJjZTMwMTc0NTRjNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXLnqRq59xzEg8tYBmgAFTP+mnyq
N9jAFssyXAyN7jzFfjMecLO2dnWnvPzdLWO62ySvwyeVDvcVsh7tdfksxOsYyJWg
jnjcAXfoFSjS9u/SQRXddxqyqc5x6mw3aLUE2Jmv4QT+jYLXZVA29obj7+7gUMg9
qGxWYUf8k7rp3VLCY7SExn+Z7XLwElJZ+tIiC6qeUuQ4rZbW30EfGpunIGoKJrej
dQn8ZqfPWauGjb+kO3Mldknp6dTIKkchmcA2LqzriF+JJukShr6eas71y18HcvKO
Vjn8hlwWPEjHVUwwQGNDqymw4F7Me0D49DZ6vzfMByOJx5BKokPbHncUiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI1VSQ5FP0BUNK5Jh284wF0VMToMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVWpWVkpEa1VfUUZRMHJrbUhiempBWFJVeE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oRMA0G
CSqGSIb3DQEBCwUAA4IBAQCnolBpeqF46KP6hsOtARGx+rZddaXRtYnPbmA6mNKb
txEjgsxjYvGc65+rnbmoyYgWyimtnG6swRK39iEh2BzPqp8TMkRaAWNo/qcRGhCY
MK+PtY6aS/b4BT6wyRr2OLH8/dePo1DDaE+RC+LEYwZ+qqE0baXWIA7Wzwf6/Bg7
fnQwKb2Uuw+16l0YCeZWqBbZuKm7wYFD0Nn0a0P9eMFszmYIierz+AXj9nUekQHZ
tumwZoLQF8EN6HojgNxL5W4nX/y+8IdSNQ1OAaOjGALG7hlUw23sMp16difHYHaj
hU5KplzzNzzu31cf4ZK6hvXf/mq2+e2cAm1kkMh57Bya
-----END CERTIFICATE-----