Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/adKubzMl26AWhE6t-Nt8dAeIDSo.roa
File:                     adKubzMl26AWhE6t-Nt8dAeIDSo.roa (raw, json)
Hash identifier:          eHaZDxu1Co8ty8Z+2FreGqTNTst9DAUQIElGD15nP5s=
Subject key identifier:   69:D2:AE:6F:33:25:DB:A0:16:84:4E:AD:F8:DB:7C:74:07:88:0D:2A
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E11AB14D40C97461584433653DEDE6EEE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/adKubzMl26AWhE6t-Nt8dAeIDSo.roa
Signing time:             Sun 10 May 2026 11:34:45 +0000
ROA not before:           Sun 10 May 2026 11:34:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        147.90.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:11:ab:14:d4:0c:97:46:15:84:43:36:53:de:de:6e:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 10 11:34:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69d2ae6f3325dba016844eadf8db7c7407880d2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:34:f2:44:63:f0:9d:57:46:6e:58:ff:e2:ff:
                    44:91:46:d9:06:d6:cd:05:75:e4:7e:8f:d1:56:37:
                    d3:32:10:64:b8:87:42:ff:3d:f9:43:e9:99:dd:47:
                    b2:3d:a4:05:8a:a5:94:9f:88:6d:27:e1:ef:7c:0a:
                    ec:31:f3:3a:7b:d1:25:55:9b:f0:28:60:d8:00:f1:
                    24:15:83:52:09:aa:b9:50:70:d2:1e:1f:fa:a2:49:
                    16:7c:e7:0b:27:c4:5a:03:17:0c:5f:26:f5:b8:1f:
                    75:b1:2b:03:40:ef:f5:ed:9d:f8:9f:42:33:09:cd:
                    69:96:95:33:97:5f:d0:20:73:ab:8c:85:9d:84:1f:
                    da:c2:b1:29:32:45:3e:40:05:62:d4:89:31:1f:87:
                    24:7c:85:62:0d:b2:41:cd:9f:32:7c:83:5d:99:d0:
                    de:fa:17:76:72:33:1f:6b:f4:4d:63:a2:25:66:ef:
                    d4:a1:2a:27:e7:a6:04:e4:0e:92:b1:02:8b:1b:aa:
                    fb:0c:b0:ed:40:51:43:72:b6:93:69:50:53:c3:2d:
                    0a:7b:bc:16:e4:bc:90:70:ec:6b:20:2d:52:c4:6d:
                    8b:b9:67:dc:e3:92:41:30:0b:35:4f:46:a6:b3:68:
                    bb:0f:b3:57:7a:5f:8d:b0:2e:31:66:4a:b7:7f:77:
                    a6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D2:AE:6F:33:25:DB:A0:16:84:4E:AD:F8:DB:7C:74:07:88:0D:2A
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/adKubzMl26AWhE6t-Nt8dAeIDSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3b:9a:ff:f1:65:19:c4:18:b2:e7:e4:fb:3a:e0:47:4c:a4:
         8a:82:3a:ad:ec:5f:c2:18:08:e1:b5:9d:87:8c:d2:8a:88:60:
         b5:01:5a:2f:2b:93:d1:91:ea:09:c2:01:b9:22:08:c6:57:e6:
         87:5d:59:c4:e7:9c:44:2f:51:8b:99:a2:c1:8b:f5:89:48:4c:
         6e:41:f2:03:70:e6:8b:b1:06:61:c7:ec:7d:ae:99:85:9b:8d:
         46:5b:34:72:eb:f4:85:57:f3:ed:a3:23:a3:ae:80:7b:09:ff:
         1a:19:ef:0b:2c:8f:74:42:b3:df:11:96:af:37:6c:bc:4a:01:
         f4:41:69:dd:2c:62:31:ac:c8:3d:5f:70:3c:ff:28:4d:52:92:
         4f:2f:98:35:f8:71:1b:5a:18:31:be:84:93:35:c2:95:36:95:
         33:94:57:ee:00:cd:46:da:99:8b:8b:5b:f6:fa:56:11:44:6e:
         72:67:bd:24:c9:99:8e:67:77:87:2d:b8:84:07:5d:4a:e9:cf:
         bc:c4:dd:46:e1:f1:37:07:cd:ce:81:a2:2a:05:8c:16:51:57:
         44:ac:f4:7f:e6:f0:c1:2a:72:79:ee:91:05:35:99:70:73:24:
         cc:20:83:6e:ad:19:e9:4d:ae:bc:0c:f0:05:7e:fa:e4:49:6c:
         75:b6:cc:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4RqxTUDJdGFYRDNlPe3m7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTEwMTEzNDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQyYWU2ZjMzMjVkYmEwMTY4NDRlYWRmOGRiN2M3NDA3ODgwZDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTTyRGPwnVdGblj/4v9EkUbZBtbN
BXXkfo/RVjfTMhBkuIdC/z35Q+mZ3UeyPaQFiqWUn4htJ+HvfArsMfM6e9ElVZvw
KGDYAPEkFYNSCaq5UHDSHh/6okkWfOcLJ8RaAxcMXyb1uB91sSsDQO/17Z34n0Iz
Cc1plpUzl1/QIHOrjIWdhB/awrEpMkU+QAVi1IkxH4ckfIViDbJBzZ8yfINdmdDe
+hd2cjMfa/RNY6IlZu/UoSon56YE5A6SsQKLG6r7DLDtQFFDcraTaVBTwy0Ke7wW
5LyQcOxrIC1SxG2LuWfc45JBMAs1T0ams2i7D7NXel+NsC4xZkq3f3emywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnSrm8zJdugFoROrfjbfHQHiA0qMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYWRLdWJ6TWwyNkFXaEU2dC1OdDhkQWVJRFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oRMA0G
CSqGSIb3DQEBCwUAA4IBAQBHO5r/8WUZxBiy5+T7OuBHTKSKgjqt7F/CGAjhtZ2H
jNKKiGC1AVovK5PRkeoJwgG5IgjGV+aHXVnE55xEL1GLmaLBi/WJSExuQfIDcOaL
sQZhx+x9rpmFm41GWzRy6/SFV/PtoyOjroB7Cf8aGe8LLI90QrPfEZavN2y8SgH0
QWndLGIxrMg9X3A8/yhNUpJPL5g1+HEbWhgxvoSTNcKVNpUzlFfuAM1G2pmLi1v2
+lYRRG5yZ70kyZmOZ3eHLbiEB11K6c+8xN1G4fE3B83OgaIqBYwWUVdErPR/5vDB
KnJ57pEFNZlwcyTMIINurRnpTa68DPAFfvrkSWx1tsya
-----END CERTIFICATE-----