Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z3cxOhxO9Px8Dh03Z6SRB02yphM.roa
File:                     Z3cxOhxO9Px8Dh03Z6SRB02yphM.roa (raw, json)
Hash identifier:          jzKp0+u63vKLto+ROcr3H51HZdxYZ9aPzguH3EaNVUE=
Subject key identifier:   67:77:31:3A:1C:4E:F4:FC:7C:0E:1D:37:67:A4:91:07:4D:B2:A6:13
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DC3350C724B0C32C82FA6E88E700593CF
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z3cxOhxO9Px8Dh03Z6SRB02yphM.roa
Signing time:             Sat 25 Apr 2026 05:55:26 +0000
ROA not before:           Sat 25 Apr 2026 05:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        147.90.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:35:0c:72:4b:0c:32:c8:2f:a6:e8:8e:70:05:93:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 25 05:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6777313a1c4ef4fc7c0e1d3767a491074db2a613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0f:34:77:4c:ae:a6:2c:33:22:b0:3d:b9:e6:
                    ae:a8:96:6a:18:22:26:30:2c:6e:24:ce:ed:eb:fb:
                    8c:20:1c:8c:aa:7d:9d:ba:59:f2:79:ca:69:0a:0f:
                    40:a2:87:d4:87:03:95:46:df:0e:96:da:69:fe:65:
                    fe:2e:b9:ec:e0:3b:5b:e1:f6:96:65:77:87:d0:ec:
                    50:9b:65:d3:19:87:d7:45:65:fe:33:7d:1f:39:56:
                    36:ad:ac:9d:13:a7:5c:97:ad:e5:a7:17:b2:3e:02:
                    4b:c1:ff:d6:66:1f:6d:1b:51:30:78:78:8c:fd:1a:
                    df:36:b3:dd:05:f1:bb:d2:0c:5c:bc:46:a6:99:d3:
                    84:4b:43:c7:d3:12:a8:34:f4:b9:59:ea:04:46:b5:
                    11:99:c5:13:a2:98:b5:dd:42:54:b4:1a:0d:18:ee:
                    b4:27:8c:de:a9:0e:bd:18:9a:83:c6:e8:98:1b:d5:
                    a3:22:b6:39:07:0b:b7:51:52:fa:c1:05:4b:27:1a:
                    63:d6:f2:28:d1:d5:b7:7c:8a:bd:56:7e:28:26:2e:
                    c3:17:ba:55:d9:f9:73:fc:a8:34:83:9e:43:bc:b7:
                    0b:c6:e9:15:0d:ba:ba:3b:60:1e:ec:29:7d:9f:ea:
                    64:42:b6:cc:60:d2:e5:22:b5:61:26:82:cb:3b:e9:
                    71:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:77:31:3A:1C:4E:F4:FC:7C:0E:1D:37:67:A4:91:07:4D:B2:A6:13
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z3cxOhxO9Px8Dh03Z6SRB02yphM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:80:3c:fa:c9:1e:6c:95:45:5b:bf:54:65:11:df:ff:da:6d:
         65:4d:b4:ec:a3:6c:80:9d:f0:11:7e:c1:f4:96:c2:7f:87:ec:
         ac:e5:aa:87:98:90:52:7a:54:57:e1:88:7a:12:3e:d5:f5:b7:
         a9:19:4f:9b:cd:f1:a2:de:b7:11:b5:fb:18:8f:7e:97:b3:19:
         fc:70:18:12:9d:54:35:28:57:d6:b1:c7:d0:74:6a:4d:ba:b5:
         83:c3:be:02:80:bc:e5:74:f7:9c:be:84:d3:05:4a:84:36:01:
         1b:b8:d5:1c:77:03:48:44:c0:43:a9:1f:80:c6:ce:1e:f2:e1:
         6b:61:63:21:34:5b:83:a1:1d:e7:6a:ec:9b:d2:c4:ec:7b:b5:
         e7:21:04:75:72:35:cf:a1:79:7e:2e:6a:91:52:90:54:9b:1d:
         b1:b4:8a:80:3a:44:c8:b1:41:88:7a:6e:0b:bd:b1:90:a1:a9:
         2f:be:06:6c:95:f8:c0:62:86:58:d7:46:cb:4d:75:cb:bf:60:
         d6:ed:c8:bd:e2:0f:df:d1:4c:40:53:f7:46:2e:54:66:34:cc:
         8e:9a:20:06:96:cf:5d:43:42:87:f7:22:87:a3:e7:0b:b7:61:
         22:2c:c0:62:e1:48:8d:21:41:8e:a6:e2:67:f4:b2:f8:29:6f:
         f2:4d:6d:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DNQxySwwyyC+m6I5wBZPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDI1MDU1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc3MzEzYTFjNGVmNGZjN2MwZTFkMzc2N2E0OTEwNzRkYjJhNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww80d0yupiwzIrA9ueauqJZqGCIm
MCxuJM7t6/uMIByMqn2dulnyecppCg9AoofUhwOVRt8Oltpp/mX+Lrns4Dtb4faW
ZXeH0OxQm2XTGYfXRWX+M30fOVY2raydE6dcl63lpxeyPgJLwf/WZh9tG1EweHiM
/RrfNrPdBfG70gxcvEammdOES0PH0xKoNPS5WeoERrURmcUTopi13UJUtBoNGO60
J4zeqQ69GJqDxuiYG9WjIrY5Bwu3UVL6wQVLJxpj1vIo0dW3fIq9Vn4oJi7DF7pV
2flz/Kg0g55DvLcLxukVDbq6O2Ae7Cl9n+pkQrbMYNLlIrVhJoLLO+lxQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd3MTocTvT8fA4dN2ekkQdNsqYTMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWjNjeE9oeE85UHg4RGgwM1o2U1JCMDJ5cGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oGMA0G
CSqGSIb3DQEBCwUAA4IBAQAtgDz6yR5slUVbv1RlEd//2m1lTbTso2yAnfARfsH0
lsJ/h+ys5aqHmJBSelRX4Yh6Ej7V9bepGU+bzfGi3rcRtfsYj36Xsxn8cBgSnVQ1
KFfWscfQdGpNurWDw74CgLzldPecvoTTBUqENgEbuNUcdwNIRMBDqR+Axs4e8uFr
YWMhNFuDoR3nauyb0sTse7XnIQR1cjXPoXl+LmqRUpBUmx2xtIqAOkTIsUGIem4L
vbGQoakvvgZslfjAYoZY10bLTXXLv2DW7ci94g/f0UxAU/dGLlRmNMyOmiAGls9d
Q0KH9yKHo+cLt2EiLMBi4UiNIUGOpuJn9LL4KW/yTW0D
-----END CERTIFICATE-----