Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aG86GBhCq_xGQ8VSzxGmYldPTZE.roa
File:                     aG86GBhCq_xGQ8VSzxGmYldPTZE.roa (raw, json)
Hash identifier:          /PY9cniq3LmqpEdUXYu7Uascvjy7FR3i8tUHZCDRRGo=
Subject key identifier:   68:6F:3A:18:18:42:AB:FC:46:43:C5:52:CF:11:A6:62:57:4F:4D:91
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D1A5325B843DE6280B0C119C5385DF361
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aG86GBhCq_xGQ8VSzxGmYldPTZE.roa
Signing time:             Mon 23 Mar 2026 10:52:29 +0000
ROA not before:           Mon 23 Mar 2026 10:52:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214730
IP address blocks:        147.90.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:53:25:b8:43:de:62:80:b0:c1:19:c5:38:5d:f3:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 23 10:52:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=686f3a181842abfc4643c552cf11a662574f4d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ca:4f:58:9c:7a:7a:e5:d2:10:f4:fa:e6:6d:
                    9e:69:62:dc:67:81:1a:1d:ff:e9:44:fd:ef:9e:a5:
                    3d:cb:6d:c3:12:ab:f6:ff:d7:ec:22:dd:0a:82:32:
                    1d:c1:50:1c:1a:75:97:fd:3e:06:cc:ef:88:89:b1:
                    82:9f:de:f6:1f:d8:a0:d7:79:2d:81:ba:c9:d5:05:
                    10:25:09:45:ed:56:2e:85:6a:58:f7:61:ce:a7:4e:
                    dd:14:7a:0d:ed:7b:fc:65:5f:63:c3:c5:5d:27:1a:
                    cc:b1:4f:b6:b5:c6:9d:bd:4f:42:7b:c4:10:ae:5c:
                    b9:22:55:88:24:ed:60:19:f6:b0:67:40:f0:71:a8:
                    cc:06:70:96:70:12:c5:64:3a:85:19:74:2c:d7:84:
                    9f:c0:1b:f4:e7:e9:60:1b:f2:f1:07:37:89:d3:93:
                    2b:c8:c5:f5:88:60:87:a5:fd:82:e5:c9:94:bd:79:
                    b6:55:9a:0d:60:b6:d2:42:c4:83:bf:3b:ce:14:b2:
                    35:f5:79:41:75:84:46:e5:54:58:58:be:f6:e6:af:
                    e2:98:de:61:0e:78:82:5c:13:41:59:b7:4d:f2:ea:
                    35:e7:9c:aa:c7:28:c8:05:94:c1:74:e0:8a:67:42:
                    26:43:4d:90:05:ae:cf:f9:55:47:b9:57:ff:b3:54:
                    9e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6F:3A:18:18:42:AB:FC:46:43:C5:52:CF:11:A6:62:57:4F:4D:91
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aG86GBhCq_xGQ8VSzxGmYldPTZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:c5:32:8f:af:65:1e:6e:54:38:a7:d9:85:ce:c1:6a:e0:62:
         5b:d4:1b:67:03:cb:5c:58:a6:12:a8:49:a1:ad:79:c7:f3:20:
         35:45:84:7a:90:90:dc:36:63:f3:00:f7:cb:47:69:cd:32:a1:
         07:28:c6:1b:ae:a3:d8:0b:da:ab:dd:c7:8b:32:93:b7:6e:cb:
         6f:29:a6:03:23:a0:b0:70:42:c8:ab:c1:0a:62:d7:2e:b7:ca:
         17:d2:e5:b0:15:18:28:de:16:d6:d6:00:03:7f:6e:47:bc:a6:
         07:4f:5a:da:07:e5:2f:ab:80:3e:5d:53:df:7f:e4:8d:2e:c7:
         42:c1:95:21:48:70:3f:31:5a:bc:ba:32:ba:bf:4f:ae:89:86:
         87:58:e9:7a:19:2b:21:c6:b4:4d:42:d2:45:cf:7b:9a:55:48:
         43:8d:08:be:eb:a0:93:86:4a:8e:56:26:ae:7a:e9:8e:7c:30:
         51:8e:52:16:59:de:f7:7f:6e:01:e8:1a:0c:84:8f:b3:31:db:
         e5:e4:3c:78:55:23:e7:06:60:a1:67:06:05:a9:02:1f:df:54:
         e2:43:51:79:ff:2b:8a:1e:ca:da:99:1a:71:6d:da:6f:8d:8e:
         c7:dd:74:7a:32:9b:c1:26:3d:90:de:87:15:9f:89:c6:32:0e:
         6a:9d:9c:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0aUyW4Q95igLDBGcU4XfNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzIzMTA1MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZmM2ExODE4NDJhYmZjNDY0M2M1NTJjZjExYTY2MjU3NGY0ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8pPWJx6euXSEPT65m2eaWLcZ4Ea
Hf/pRP3vnqU9y23DEqv2/9fsIt0KgjIdwVAcGnWX/T4GzO+IibGCn972H9ig13kt
gbrJ1QUQJQlF7VYuhWpY92HOp07dFHoN7Xv8ZV9jw8VdJxrMsU+2tcadvU9Ce8QQ
rly5IlWIJO1gGfawZ0DwcajMBnCWcBLFZDqFGXQs14SfwBv05+lgG/LxBzeJ05Mr
yMX1iGCHpf2C5cmUvXm2VZoNYLbSQsSDvzvOFLI19XlBdYRG5VRYWL725q/imN5h
DniCXBNBWbdN8uo155yqxyjIBZTBdOCKZ0ImQ02QBa7P+VVHuVf/s1SeBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhvOhgYQqv8RkPFUs8RpmJXT02RMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYUc4NkdCaENxX3hHUThWU3p4R21ZbGRQVFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1osMA0G
CSqGSIb3DQEBCwUAA4IBAQCcxTKPr2UeblQ4p9mFzsFq4GJb1BtnA8tcWKYSqEmh
rXnH8yA1RYR6kJDcNmPzAPfLR2nNMqEHKMYbrqPYC9qr3ceLMpO3bstvKaYDI6Cw
cELIq8EKYtcut8oX0uWwFRgo3hbW1gADf25HvKYHT1raB+Uvq4A+XVPff+SNLsdC
wZUhSHA/MVq8ujK6v0+uiYaHWOl6GSshxrRNQtJFz3uaVUhDjQi+66CThkqOViau
eumOfDBRjlIWWd73f24B6BoMhI+zMdvl5Dx4VSPnBmChZwYFqQIf31TiQ1F5/yuK
HsramRpxbdpvjY7H3XR6MpvBJj2Q3ocVn4nGMg5qnZy/
-----END CERTIFICATE-----