Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aqWP3g3GGoxhViHE9dT4arhuWgE.roa
File:                     aqWP3g3GGoxhViHE9dT4arhuWgE.roa (raw, json)
Hash identifier:          ej4V9y1oztL7y6ZaqeLHbS6ft6wJQYHPySmRF1v2HpE=
Subject key identifier:   6A:A5:8F:DE:0D:C6:1A:8C:61:56:21:C4:F5:D4:F8:6A:B8:6E:5A:01
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E16106E85E19FEEAF03320E86536FDB18
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aqWP3g3GGoxhViHE9dT4arhuWgE.roa
Signing time:             Mon 11 May 2026 08:03:56 +0000
ROA not before:           Mon 11 May 2026 08:03:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198250
IP address blocks:        147.90.72.0/24 maxlen: 24
                          147.90.76.0/24 maxlen: 24
                          158.173.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:10:6e:85:e1:9f:ee:af:03:32:0e:86:53:6f:db:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 11 08:03:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aa58fde0dc61a8c615621c4f5d4f86ab86e5a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:47:0f:36:79:d4:62:a7:15:0c:32:0c:d2:
                    87:c8:64:b0:6d:37:d4:de:47:47:57:bb:ae:e9:9d:
                    01:f3:8f:b6:e1:75:8a:67:06:20:33:ef:6a:65:a1:
                    91:f9:03:3e:c2:2b:b0:c8:97:55:94:61:82:23:c0:
                    95:32:37:12:08:96:a6:11:57:86:d8:aa:e8:c8:9e:
                    af:b1:89:69:f5:84:f5:0d:63:10:eb:44:b5:69:85:
                    3d:e6:6b:ae:42:32:ca:ce:bc:11:cc:1f:77:67:86:
                    bf:1f:29:cd:6a:f7:17:8a:84:87:34:ee:83:69:ef:
                    b7:b0:33:a1:ab:7f:22:b8:ab:27:c7:cc:4b:b8:9b:
                    67:de:b3:34:ec:4e:61:dc:c8:87:3d:5a:31:40:d8:
                    3e:6d:ee:53:68:6b:e4:7f:aa:b3:15:7d:5a:4b:28:
                    25:3c:03:85:85:b6:81:ef:76:67:52:fc:c5:f0:c4:
                    05:bd:d6:05:39:5d:42:ad:de:09:d8:49:fa:19:86:
                    a9:3e:71:a3:ea:e5:97:e7:66:11:7e:f7:54:f0:fd:
                    68:f0:b5:1e:ff:8c:8f:8c:39:cf:ff:8d:7e:bb:24:
                    f7:13:62:d5:33:71:af:05:6d:e0:c9:35:78:82:eb:
                    c1:d6:dd:87:e3:9f:1d:40:e1:ce:0a:2d:54:ee:50:
                    36:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A5:8F:DE:0D:C6:1A:8C:61:56:21:C4:F5:D4:F8:6A:B8:6E:5A:01
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/aqWP3g3GGoxhViHE9dT4arhuWgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.72.0/24
                  147.90.76.0/24
                  158.173.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:e9:ee:e8:fd:d0:95:05:e4:52:5f:4e:91:52:f1:63:f7:8b:
         1e:90:80:58:92:95:58:34:b6:e3:f3:c4:1c:f3:56:98:a0:a7:
         52:77:d4:11:4a:0c:60:2d:83:46:52:fd:c4:bf:ff:15:d0:f9:
         3d:2b:09:e8:54:1a:11:d4:13:f4:67:a8:59:66:d6:93:f2:f5:
         80:de:ec:89:25:f5:34:84:68:4f:17:30:46:03:ac:c4:a3:5d:
         45:be:b4:89:f0:90:66:f8:cc:e9:ac:5b:9c:97:fb:aa:22:b7:
         d9:38:7e:0c:1e:c7:8e:58:79:f6:97:34:c1:72:d4:60:b0:9b:
         43:bd:0c:47:31:fb:c7:c3:e4:64:1f:49:9e:74:2d:b5:5a:0a:
         46:04:0c:5f:c5:0a:40:36:56:2f:1d:1d:ae:f8:ce:f0:4c:5d:
         ca:01:82:a3:75:35:e9:58:69:f4:9d:7a:b0:6d:ea:e3:0a:c6:
         95:d3:ed:ec:27:e0:25:c5:fd:3c:9d:80:43:a0:ca:db:da:30:
         b1:72:6a:03:b6:57:3b:ff:50:69:f1:cb:73:d3:c5:d4:98:09:
         90:84:1e:9f:af:d9:6a:0a:0f:f9:16:a5:67:d8:b8:7f:fd:ed:
         8b:29:1f:e3:14:2c:1e:b4:48:b8:30:80:26:83:5e:bb:f3:25:
         b7:dd:9d:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4WEG6F4Z/urwMyDoZTb9sYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTExMDgwMzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE1OGZkZTBkYzYxYThjNjE1NjIxYzRmNWQ0Zjg2YWI4NmU1YTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx5HDzZ51GKnFQwyDNKHyGSwbTfU
3kdHV7uu6Z0B84+24XWKZwYgM+9qZaGR+QM+wiuwyJdVlGGCI8CVMjcSCJamEVeG
2KroyJ6vsYlp9YT1DWMQ60S1aYU95muuQjLKzrwRzB93Z4a/HynNavcXioSHNO6D
ae+3sDOhq38iuKsnx8xLuJtn3rM07E5h3MiHPVoxQNg+be5TaGvkf6qzFX1aSygl
PAOFhbaB73ZnUvzF8MQFvdYFOV1Crd4J2En6GYapPnGj6uWX52YRfvdU8P1o8LUe
/4yPjDnP/41+uyT3E2LVM3GvBW3gyTV4guvB1t2H458dQOHOCi1U7lA28wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGqlj94NxhqMYVYhxPXU+Gq4bloBMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYXFXUDNnM0dHb3hoVmlIRTlkVDRhcmh1V2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAk1pIAwQA
k1pMAwQAnq3OMA0GCSqGSIb3DQEBCwUAA4IBAQAZ6e7o/dCVBeRSX06RUvFj94se
kIBYkpVYNLbj88Qc81aYoKdSd9QRSgxgLYNGUv3Ev/8V0Pk9KwnoVBoR1BP0Z6hZ
ZtaT8vWA3uyJJfU0hGhPFzBGA6zEo11FvrSJ8JBm+MzprFucl/uqIrfZOH4MHseO
WHn2lzTBctRgsJtDvQxHMfvHw+RkH0medC21WgpGBAxfxQpANlYvHR2u+M7wTF3K
AYKjdTXpWGn0nXqwberjCsaV0+3sJ+Alxf08nYBDoMrb2jCxcmoDtlc7/1Bp8ctz
08XUmAmQhB6fr9lqCg/5FqVn2Lh//e2LKR/jFCwetEi4MIAmg1678yW33Z1S
-----END CERTIFICATE-----