Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ZuwBqUttUYve0oIad6Hf9GuqE5w.roa
File:                     ZuwBqUttUYve0oIad6Hf9GuqE5w.roa (raw, json)
Hash identifier:          HC2RJlUQs2ltxiCsvIp2q+uI9JYz98Kfe/y1yI9lEvM=
Subject key identifier:   66:EC:01:A9:4B:6D:51:8B:DE:D2:82:1A:77:A1:DF:F4:6B:AA:13:9C
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DD28298657F3855540AFF0506294CA7C4
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ZuwBqUttUYve0oIad6Hf9GuqE5w.roa
Signing time:             Tue 28 Apr 2026 05:14:27 +0000
ROA not before:           Tue 28 Apr 2026 05:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62513
IP address blocks:        147.90.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d2:82:98:65:7f:38:55:54:0a:ff:05:06:29:4c:a7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 28 05:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66ec01a94b6d518bded2821a77a1dff46baa139c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3a:cd:50:37:ae:5b:c9:bf:4b:10:c5:19:ab:
                    c2:f1:4b:3d:1a:26:69:28:c8:0c:de:12:6a:82:5c:
                    5b:fd:82:b5:e7:fb:50:34:e4:8f:bf:89:1e:bd:78:
                    08:8a:2d:d9:48:99:e9:d2:df:6a:7f:1e:1d:4d:b1:
                    c1:0c:e4:e9:d2:0a:35:74:ae:22:9b:15:94:84:e2:
                    f0:17:6b:e4:22:35:85:30:93:23:df:b3:18:55:ee:
                    13:55:4f:74:ba:08:9d:7f:e6:5b:54:d2:44:52:2c:
                    e5:b6:e8:6b:a8:15:a6:09:f1:71:5a:6e:f3:6a:84:
                    9b:f3:89:66:28:8b:95:21:91:f1:0b:ba:af:09:1e:
                    c1:b5:7b:11:5d:fb:18:ad:06:0d:44:3a:7b:41:a0:
                    76:68:9f:71:7e:d1:76:b0:d8:ad:ce:3c:9a:45:f0:
                    b9:ab:f6:ae:10:45:79:0e:83:70:4c:73:89:09:52:
                    a6:59:ab:bd:00:e8:9c:8f:03:c5:20:df:e3:1c:46:
                    c5:18:98:76:0a:57:5f:53:97:fd:5f:c4:df:34:0a:
                    24:e7:fa:f9:8d:aa:4e:e4:41:66:75:77:0a:ea:77:
                    1c:c1:9d:c1:3d:28:eb:80:30:b1:80:59:7d:2c:a1:
                    16:c5:f2:d7:91:42:54:24:82:2c:f4:65:36:cc:d3:
                    43:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EC:01:A9:4B:6D:51:8B:DE:D2:82:1A:77:A1:DF:F4:6B:AA:13:9C
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ZuwBqUttUYve0oIad6Hf9GuqE5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:90:74:23:04:3a:49:d5:aa:d9:df:35:b2:41:05:5e:71:2e:
         17:0c:1d:74:1c:80:32:78:89:a8:c5:b0:c5:e1:d2:39:9d:38:
         20:6d:9a:81:68:cb:07:d5:96:9b:c0:20:f8:96:5c:17:2e:af:
         97:25:d1:a3:33:85:fb:ee:e9:b2:d0:3a:30:22:ba:d1:31:b2:
         b9:2e:35:b1:69:78:84:bc:05:05:67:7a:1c:d9:2a:55:93:5e:
         34:2d:d4:64:29:61:29:57:fd:ef:d8:5e:f7:bd:3e:17:35:f7:
         14:e3:ef:b8:f4:2c:43:78:b1:03:cb:c8:ab:d2:f6:57:9c:46:
         df:3d:1f:a3:7e:a8:24:5f:5c:ac:a5:71:9f:b7:b9:b6:50:20:
         fb:f9:4b:18:68:8c:ad:f9:1e:0d:4d:84:ac:6a:6e:ff:e6:b2:
         a6:90:1e:08:a8:3a:63:9b:3c:57:ee:8e:33:f8:14:67:dd:18:
         bc:eb:3c:39:a1:a7:ae:24:12:32:03:b0:17:31:1c:d2:97:2b:
         35:27:7c:74:91:57:af:a3:f9:c2:84:17:85:74:29:06:f9:e5:
         56:9f:c2:61:bc:c0:1e:a1:93:02:78:fe:4d:d8:d6:a4:58:b1:
         33:13:57:05:6b:0a:8f:21:26:51:2f:09:5e:47:0b:ea:1e:4f:
         c3:79:22:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3SgphlfzhVVAr/BQYpTKfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDI4MDUxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmVjMDFhOTRiNmQ1MThiZGVkMjgyMWE3N2ExZGZmNDZiYWExMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTrNUDeuW8m/SxDFGavC8Us9GiZp
KMgM3hJqglxb/YK15/tQNOSPv4kevXgIii3ZSJnp0t9qfx4dTbHBDOTp0go1dK4i
mxWUhOLwF2vkIjWFMJMj37MYVe4TVU90ugidf+ZbVNJEUizltuhrqBWmCfFxWm7z
aoSb84lmKIuVIZHxC7qvCR7BtXsRXfsYrQYNRDp7QaB2aJ9xftF2sNitzjyaRfC5
q/auEEV5DoNwTHOJCVKmWau9AOicjwPFIN/jHEbFGJh2CldfU5f9X8TfNAok5/r5
japO5EFmdXcK6nccwZ3BPSjrgDCxgFl9LKEWxfLXkUJUJIIs9GU2zNNDXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbsAalLbVGL3tKCGneh3/RrqhOcMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWnV3QnFVdHRVWXZlMG9JYWQ2SGY5R3VxRTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk1rEMA0G
CSqGSIb3DQEBCwUAA4IBAQAxkHQjBDpJ1arZ3zWyQQVecS4XDB10HIAyeImoxbDF
4dI5nTggbZqBaMsH1ZabwCD4llwXLq+XJdGjM4X77umy0DowIrrRMbK5LjWxaXiE
vAUFZ3oc2SpVk140LdRkKWEpV/3v2F73vT4XNfcU4++49CxDeLEDy8ir0vZXnEbf
PR+jfqgkX1yspXGft7m2UCD7+UsYaIyt+R4NTYSsam7/5rKmkB4IqDpjmzxX7o4z
+BRn3Ri86zw5oaeuJBIyA7AXMRzSlys1J3x0kVevo/nChBeFdCkG+eVWn8JhvMAe
oZMCeP5N2NakWLEzE1cFawqPISZRLwleRwvqHk/DeSIP
-----END CERTIFICATE-----