Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z5Nt4ubACBecSbHrBASKM-LRxHc.roa
File:                     Z5Nt4ubACBecSbHrBASKM-LRxHc.roa (raw, json)
Hash identifier:          uQDYK/C4jic/a8tTypMiwgKCo7NNY8PPtYkwmFd1Loo=
Subject key identifier:   67:93:6D:E2:E6:C0:08:17:9C:49:B1:EB:04:04:8A:33:E2:D1:C4:77
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CD677A4DD5A1666C44C875F60B6E9B346
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z5Nt4ubACBecSbHrBASKM-LRxHc.roa
Signing time:             Tue 10 Mar 2026 06:38:11 +0000
ROA not before:           Tue 10 Mar 2026 06:38:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59642
IP address blocks:        147.90.192.0/24 maxlen: 24
                          147.90.194.0/24 maxlen: 24
                          147.90.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d6:77:a4:dd:5a:16:66:c4:4c:87:5f:60:b6:e9:b3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 10 06:38:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67936de2e6c008179c49b1eb04048a33e2d1c477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:db:62:5e:57:d6:6d:95:4f:2a:dc:8e:cd:d1:
                    e9:96:f1:98:80:03:c0:f4:9b:ab:6f:c4:13:5c:75:
                    40:5e:81:56:71:d5:dd:c8:f1:ca:e4:6e:ce:16:74:
                    e8:94:bd:29:35:33:8a:eb:73:55:71:49:7f:8c:48:
                    5b:d7:8f:49:a9:68:61:52:d7:b5:16:42:d7:cf:a9:
                    21:e7:78:af:e1:03:45:9d:6f:d0:5c:ad:58:b7:54:
                    ac:0d:19:a1:dc:67:31:e8:c0:24:53:11:50:34:af:
                    40:97:a5:51:cd:5c:20:00:4d:2d:12:1f:15:e3:90:
                    8b:7c:57:39:d5:72:a1:ad:9c:ad:55:d0:7f:a5:4e:
                    95:3a:2f:06:ad:4f:35:c3:37:e7:16:8b:84:47:cc:
                    55:8b:de:fb:fc:7b:b5:03:be:5c:77:ed:4b:43:78:
                    f9:08:02:dd:ee:14:33:84:21:e9:24:b8:ca:7e:0c:
                    fb:7d:dd:bd:2c:42:a1:78:6e:13:43:fb:8d:b8:61:
                    79:20:68:27:d1:9b:b0:69:30:3a:17:23:ce:b3:76:
                    5b:0c:ff:99:7f:40:15:54:cf:82:89:76:08:42:62:
                    c1:bb:fe:0b:bd:a5:8f:33:7d:5f:b1:99:f8:5a:fa:
                    87:0f:65:5c:99:06:fd:08:45:4c:4a:3d:d9:bc:d5:
                    2f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:93:6D:E2:E6:C0:08:17:9C:49:B1:EB:04:04:8A:33:E2:D1:C4:77
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z5Nt4ubACBecSbHrBASKM-LRxHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.192.0/24
                  147.90.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e7:48:a0:75:e2:a2:4f:59:8f:73:76:22:d9:6f:72:13:a0:26:
         8a:45:f6:0e:37:ac:d9:6f:64:06:00:3c:4a:ac:47:45:01:7d:
         b2:33:e3:ca:90:1e:fa:8f:1e:f9:2f:a0:81:44:88:33:8e:b5:
         80:9d:31:d3:b2:3f:84:ed:f8:f4:03:ec:fc:b3:70:1e:d7:61:
         8e:2f:7b:dd:db:42:9d:23:bd:9b:6e:c1:b3:11:08:4b:d8:e9:
         7a:3f:3b:c4:32:67:0f:28:3f:0d:a7:29:de:9d:06:3a:b2:65:
         89:93:1b:1f:f7:45:8a:f6:97:7e:3c:d8:16:41:22:58:85:f9:
         36:05:26:09:49:c1:9f:e9:1d:4f:48:6e:84:20:53:77:c9:a4:
         00:83:45:05:3d:13:ac:66:5c:34:77:c6:87:60:ae:59:e2:90:
         85:ee:13:e8:cd:da:50:7b:4f:0f:bc:1b:c3:18:78:89:de:15:
         2b:9c:f2:ed:6b:85:88:74:bb:de:91:f9:24:23:f8:4c:57:c2:
         e4:bc:9a:5b:d4:30:1c:7f:02:74:b4:8d:01:59:80:9e:02:bf:
         35:6d:54:50:59:c0:ef:30:de:8c:51:c4:9f:1e:96:70:b7:51:
         f8:5f:d0:ee:af:62:cd:36:63:bb:67:50:6c:51:f6:e6:4c:93:
         08:4a:a0:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzWd6TdWhZmxEyHX2C26bNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzEwMDYzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzkzNmRlMmU2YzAwODE3OWM0OWIxZWIwNDA0OGEzM2UyZDFjNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9tiXlfWbZVPKtyOzdHplvGYgAPA
9Jurb8QTXHVAXoFWcdXdyPHK5G7OFnTolL0pNTOK63NVcUl/jEhb149JqWhhUte1
FkLXz6kh53iv4QNFnW/QXK1Yt1SsDRmh3Gcx6MAkUxFQNK9Al6VRzVwgAE0tEh8V
45CLfFc51XKhrZytVdB/pU6VOi8GrU81wzfnFouER8xVi977/Hu1A75cd+1LQ3j5
CALd7hQzhCHpJLjKfgz7fd29LEKheG4TQ/uNuGF5IGgn0ZuwaTA6FyPOs3ZbDP+Z
f0AVVM+CiXYIQmLBu/4LvaWPM31fsZn4WvqHD2VcmQb9CEVMSj3ZvNUvBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGeTbeLmwAgXnEmx6wQEijPi0cR3MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWjVOdDR1YkFDQmVjU2JIckJBU0tNLUxSeEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1rAAwQB
k1rCMA0GCSqGSIb3DQEBCwUAA4IBAQDnSKB14qJPWY9zdiLZb3IToCaKRfYON6zZ
b2QGADxKrEdFAX2yM+PKkB76jx75L6CBRIgzjrWAnTHTsj+E7fj0A+z8s3Ae12GO
L3vd20KdI72bbsGzEQhL2Ol6PzvEMmcPKD8NpynenQY6smWJkxsf90WK9pd+PNgW
QSJYhfk2BSYJScGf6R1PSG6EIFN3yaQAg0UFPROsZlw0d8aHYK5Z4pCF7hPozdpQ
e08PvBvDGHiJ3hUrnPLta4WIdLvekfkkI/hMV8LkvJpb1DAcfwJ0tI0BWYCeAr81
bVRQWcDvMN6MUcSfHpZwt1H4X9Dur2LNNmO7Z1BsUfbmTJMISqB2
-----END CERTIFICATE-----