Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_z7kU3qOADUYM-brnFBtli8lcg8.roa
File:                     _z7kU3qOADUYM-brnFBtli8lcg8.roa (raw, json)
Hash identifier:          URXcbntR++xwjgsk/WYby/9KuVc/4Lw9ecxtZDNqxoM=
Subject key identifier:   FF:3E:E4:53:7A:8E:00:35:18:33:E6:EB:9C:50:6D:96:2F:25:72:0F
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D1ED88392C9E851EC0AE00E4716B35D33
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_z7kU3qOADUYM-brnFBtli8lcg8.roa
Signing time:             Tue 24 Mar 2026 07:56:39 +0000
ROA not before:           Tue 24 Mar 2026 07:56:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402186
IP address blocks:        147.90.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1e:d8:83:92:c9:e8:51:ec:0a:e0:0e:47:16:b3:5d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 24 07:56:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff3ee4537a8e00351833e6eb9c506d962f25720f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6e:0e:da:ca:92:ef:ca:73:67:f9:3e:c1:ad:
                    7d:a8:3d:ee:a4:b2:1a:df:1b:cf:17:56:db:be:8a:
                    5d:1b:97:32:de:79:65:6e:c6:e4:80:3d:74:3e:2c:
                    96:0d:f1:63:a5:8d:91:bb:77:ba:18:5e:5b:3a:41:
                    34:a5:22:f3:3b:41:94:4c:16:9c:49:56:94:a3:b5:
                    8c:9d:85:81:dd:76:7f:5c:5a:ec:5d:81:87:15:22:
                    7f:e6:bc:ef:b1:8b:07:7e:94:73:ef:da:22:82:3b:
                    d5:51:6f:5e:fd:d7:eb:dc:58:69:48:62:b0:2e:83:
                    d2:70:18:4b:9b:f7:f7:fd:19:85:c6:76:49:38:21:
                    1d:6d:19:67:7d:32:82:7c:04:87:97:1a:17:a6:fa:
                    73:da:a9:d3:01:b0:d5:3e:de:3f:50:13:ae:8f:e5:
                    2a:c9:ab:83:d6:b2:61:f9:32:6b:5d:55:3c:f6:78:
                    ab:52:8b:4a:34:55:01:23:52:45:f3:d1:c2:bb:ea:
                    4a:76:b2:c2:5b:1c:c9:d3:14:c8:26:d6:ea:43:2f:
                    41:08:c9:6b:c5:0c:54:73:cd:3d:00:46:c1:3d:4f:
                    e8:5d:a0:e0:e2:b8:54:a9:3b:8a:29:5c:c3:e6:b8:
                    ab:d8:ad:f3:4b:89:25:c1:01:c1:cc:48:94:43:56:
                    f2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3E:E4:53:7A:8E:00:35:18:33:E6:EB:9C:50:6D:96:2F:25:72:0F
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/_z7kU3qOADUYM-brnFBtli8lcg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d1:e1:8f:2f:38:eb:8e:50:3e:e9:1c:f7:46:d2:88:2d:b7:
         f8:da:70:66:ab:d3:94:1d:0c:4f:18:b8:3e:7b:aa:22:49:f2:
         db:2e:e6:ad:25:d4:c4:ca:a0:d4:69:91:f4:be:8d:8e:91:e4:
         a9:21:02:fc:58:58:f7:be:f0:dd:f6:0f:6e:c0:ea:54:b5:5e:
         1d:ab:46:a3:f1:29:af:0f:7e:85:ae:84:2b:ff:b4:09:c3:e0:
         a0:ad:4f:6a:e0:3d:fa:01:f3:4e:fb:17:9f:c1:6c:88:e9:ed:
         0d:72:b7:41:87:e9:3d:e6:26:42:a8:f3:74:02:10:fc:63:e9:
         8d:e3:c4:5f:17:ff:81:28:52:08:e9:36:74:73:04:73:1a:82:
         72:1e:2f:55:ed:d3:a6:56:f6:0a:4a:8f:a2:50:c5:1e:af:60:
         8f:d2:9d:46:7e:ef:70:ac:0c:8f:41:8e:30:9b:25:9b:30:4a:
         cf:07:88:1d:31:25:5b:3a:d2:06:f4:6f:2b:f9:76:34:fa:a4:
         2a:6a:2e:8d:89:28:85:17:0c:93:6f:0a:68:71:cd:18:15:b6:
         d0:52:77:d1:d4:03:18:d8:57:4b:40:af:39:96:a9:dd:8e:a2:
         74:92:19:47:ff:c0:9d:dd:74:a4:22:20:da:35:2d:17:2d:b2:
         25:e7:db:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0e2IOSyehR7ArgDkcWs10zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI0MDc1NjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNlZTQ1MzdhOGUwMDM1MTgzM2U2ZWI5YzUwNmQ5NjJmMjU3MjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW4O2sqS78pzZ/k+wa19qD3upLIa
3xvPF1bbvopdG5cy3nllbsbkgD10PiyWDfFjpY2Ru3e6GF5bOkE0pSLzO0GUTBac
SVaUo7WMnYWB3XZ/XFrsXYGHFSJ/5rzvsYsHfpRz79oigjvVUW9e/dfr3FhpSGKw
LoPScBhLm/f3/RmFxnZJOCEdbRlnfTKCfASHlxoXpvpz2qnTAbDVPt4/UBOuj+Uq
yauD1rJh+TJrXVU89nirUotKNFUBI1JF89HCu+pKdrLCWxzJ0xTIJtbqQy9BCMlr
xQxUc809AEbBPU/oXaDg4rhUqTuKKVzD5rir2K3zS4klwQHBzEiUQ1byfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8+5FN6jgA1GDPm65xQbZYvJXIPMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvX3o3a1UzcU9BRFVZTS1icm5GQnRsaThsY2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1ojMA0G
CSqGSIb3DQEBCwUAA4IBAQCW0eGPLzjrjlA+6Rz3RtKILbf42nBmq9OUHQxPGLg+
e6oiSfLbLuatJdTEyqDUaZH0vo2OkeSpIQL8WFj3vvDd9g9uwOpUtV4dq0aj8Smv
D36FroQr/7QJw+CgrU9q4D36AfNO+xefwWyI6e0NcrdBh+k95iZCqPN0AhD8Y+mN
48RfF/+BKFII6TZ0cwRzGoJyHi9V7dOmVvYKSo+iUMUer2CP0p1Gfu9wrAyPQY4w
myWbMErPB4gdMSVbOtIG9G8r+XY0+qQqai6NiSiFFwyTbwpocc0YFbbQUnfR1AMY
2FdLQK85lqndjqJ0khlH/8Cd3XSkIiDaNS0XLbIl59vW
-----END CERTIFICATE-----