Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xl4pcYs_X6zMcrAeurYiOfDdXiw.roa
File:                     Xl4pcYs_X6zMcrAeurYiOfDdXiw.roa (raw, json)
Hash identifier:          luRueCpve0/kxXqpNwvzkdnstuosRbgDM3d7Og/ANAM=
Subject key identifier:   5E:5E:29:71:8B:3F:5F:AC:CC:72:B0:1E:BA:B6:22:39:F0:DD:5E:2C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CF7B304040D99D9DD8DDEC86F5EE6142C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xl4pcYs_X6zMcrAeurYiOfDdXiw.roa
Signing time:             Mon 16 Mar 2026 17:30:30 +0000
ROA not before:           Mon 16 Mar 2026 17:30:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214668
IP address blocks:        147.90.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:b3:04:04:0d:99:d9:dd:8d:de:c8:6f:5e:e6:14:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 16 17:30:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e5e29718b3f5faccc72b01ebab62239f0dd5e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:44:b1:6c:07:2c:96:b6:57:01:b4:76:2d:
                    59:64:eb:94:19:8e:7c:64:9c:2e:62:1e:12:c3:75:
                    89:35:1e:ef:5f:d1:68:9d:c5:d6:e9:f3:32:c5:54:
                    53:da:fa:53:2d:37:10:5b:1e:14:d3:55:42:8d:56:
                    07:71:31:83:48:ff:7d:c4:fb:e7:7c:a4:bd:7a:68:
                    a2:37:b9:1d:58:9b:9b:34:a0:11:df:86:6d:01:d6:
                    54:39:fa:f5:f5:80:f9:e2:e8:64:83:f1:30:33:95:
                    f8:b8:a4:67:bf:eb:fc:bd:57:8e:79:56:70:e5:ea:
                    39:54:fa:f4:da:0d:03:a4:53:d6:d9:01:a1:47:49:
                    38:54:fc:d8:ed:91:b5:c1:e8:a7:b8:93:ed:ea:b2:
                    d4:4b:89:bd:c4:ef:4a:66:73:f1:7a:a7:fb:2e:2d:
                    c9:55:a5:c0:20:83:c8:ce:fd:58:d8:b9:13:05:00:
                    65:f6:48:53:47:b9:32:48:37:3d:68:6c:8b:6f:62:
                    e0:2b:23:4e:82:16:c0:2e:88:ab:62:84:b8:86:23:
                    86:6f:4a:c3:b7:88:7f:6b:98:01:7a:74:17:79:1e:
                    a9:0b:a8:2a:3a:1f:1d:d3:2f:c9:9f:11:cd:ef:7d:
                    a7:18:72:bd:4e:af:cc:37:fe:47:9e:46:38:4d:6c:
                    1a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:5E:29:71:8B:3F:5F:AC:CC:72:B0:1E:BA:B6:22:39:F0:DD:5E:2C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xl4pcYs_X6zMcrAeurYiOfDdXiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:05:d5:a6:cb:40:c0:12:18:fa:08:26:46:58:31:64:87:60:
         8e:82:9a:74:b4:ca:3b:30:4c:04:54:f2:60:c3:a8:15:4f:25:
         87:7c:0c:7c:60:39:95:30:d9:a4:ad:30:9c:58:6a:81:0a:f4:
         83:0f:a6:ba:ef:53:9c:8b:96:2f:8a:e6:34:be:48:49:a1:2a:
         2c:2a:01:43:af:38:6b:b4:7f:00:78:03:a4:4f:7d:5e:7d:fd:
         1c:19:7c:ad:87:72:51:be:83:52:ab:3f:5e:63:5a:91:14:af:
         f7:77:8c:bb:18:e6:63:9c:05:2d:45:5b:9c:2a:1f:f3:68:a1:
         7c:9c:36:bb:53:ef:85:18:99:5c:40:8f:f0:bb:98:25:57:b2:
         37:a8:23:06:0c:0c:a4:e5:08:ee:37:14:a0:04:1c:39:cf:27:
         d2:1f:a4:1c:12:65:2b:c2:84:8b:82:07:d7:f0:fa:98:ea:4e:
         02:2e:38:2a:9d:eb:5f:a6:8e:3a:bf:a9:28:90:35:26:bd:eb:
         bd:32:49:f2:68:8c:b3:99:21:d5:8f:b9:16:97:b6:d5:f7:13:
         9c:5a:c6:97:51:f3:0e:66:2c:a8:8c:fa:6b:a7:af:b3:07:ff:
         a6:08:1c:e4:f6:01:21:c6:c2:d8:b7:3f:78:06:67:67:52:c7:
         d7:37:86:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3swQEDZnZ3Y3eyG9e5hQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzE2MTczMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTVlMjk3MThiM2Y1ZmFjY2M3MmIwMWViYWI2MjIzOWYwZGQ1ZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+5EsWwHLJa2VwG0di1ZZOuUGY58
ZJwuYh4Sw3WJNR7vX9FoncXW6fMyxVRT2vpTLTcQWx4U01VCjVYHcTGDSP99xPvn
fKS9emiiN7kdWJubNKAR34ZtAdZUOfr19YD54uhkg/EwM5X4uKRnv+v8vVeOeVZw
5eo5VPr02g0DpFPW2QGhR0k4VPzY7ZG1weinuJPt6rLUS4m9xO9KZnPxeqf7Li3J
VaXAIIPIzv1Y2LkTBQBl9khTR7kySDc9aGyLb2LgKyNOghbALoirYoS4hiOGb0rD
t4h/a5gBenQXeR6pC6gqOh8d0y/JnxHN732nGHK9Tq/MN/5HnkY4TWwa9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5eKXGLP1+szHKwHrq2Ijnw3V4sMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWGw0cGNZc19YNnpNY3JBZXVyWWlPZkRkWGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rbMA0G
CSqGSIb3DQEBCwUAA4IBAQBgBdWmy0DAEhj6CCZGWDFkh2COgpp0tMo7MEwEVPJg
w6gVTyWHfAx8YDmVMNmkrTCcWGqBCvSDD6a671Oci5YviuY0vkhJoSosKgFDrzhr
tH8AeAOkT31eff0cGXyth3JRvoNSqz9eY1qRFK/3d4y7GOZjnAUtRVucKh/zaKF8
nDa7U++FGJlcQI/wu5glV7I3qCMGDAyk5QjuNxSgBBw5zyfSH6QcEmUrwoSLggfX
8PqY6k4CLjgqnetfpo46v6kokDUmveu9MknyaIyzmSHVj7kWl7bV9xOcWsaXUfMO
ZiyojPprp6+zB/+mCBzk9gEhxsLYtz94BmdnUsfXN4bO
-----END CERTIFICATE-----