Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/at7t76gq_GPyk7_iLeAMBSOPO-U.roa
File:                     at7t76gq_GPyk7_iLeAMBSOPO-U.roa (raw, json)
Hash identifier:          1IANpbqZKiQokbnmW7ni7Cr8n4gtnfZL/zRMTD3C+ws=
Subject key identifier:   6A:DE:ED:EF:A8:2A:FC:63:F2:93:BF:E2:2D:E0:0C:05:23:8F:3B:E5
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CF7B3035E6264421E9E56C21FF44CCD26
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/at7t76gq_GPyk7_iLeAMBSOPO-U.roa
Signing time:             Mon 16 Mar 2026 17:30:29 +0000
ROA not before:           Mon 16 Mar 2026 17:30:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30058
IP address blocks:        147.90.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:b3:03:5e:62:64:42:1e:9e:56:c2:1f:f4:4c:cd:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 16 17:30:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6adeedefa82afc63f293bfe22de00c05238f3be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1e:75:a5:98:0c:0a:86:de:16:49:aa:1f:c8:
                    a0:3b:b2:ab:9c:b2:da:49:a2:e9:22:51:56:34:6d:
                    5b:3a:25:43:85:c3:8e:13:74:0c:ae:06:94:ee:1c:
                    aa:d7:0f:72:4e:61:d8:44:bf:7a:be:ee:df:b4:f3:
                    8b:2d:d9:cf:48:02:0b:f7:6b:13:f0:ad:90:0a:65:
                    85:1c:9b:ce:32:d7:7b:75:56:c6:5f:76:27:6e:1b:
                    51:29:f5:da:5b:e8:61:1f:4a:68:03:14:39:43:27:
                    38:8a:4f:76:42:08:88:92:e8:6a:24:ca:a1:8a:90:
                    ca:98:e0:7d:5c:c1:40:27:3f:0c:46:aa:b7:d7:82:
                    ed:ee:cc:17:b2:c4:ec:a3:90:8b:8d:b2:6d:e9:1c:
                    b6:0e:fa:a7:cd:9b:5e:bd:c5:b6:e5:02:43:c3:a1:
                    63:81:4c:d2:cf:54:f5:93:a4:21:f6:6c:41:7b:3d:
                    60:0b:c4:67:c3:b0:49:2f:0f:37:a2:6d:a2:e3:06:
                    b3:5b:60:fd:24:a2:ee:6c:98:3b:ad:b8:57:3b:ae:
                    7d:31:22:0f:74:7e:20:ff:c2:00:73:1c:56:39:a2:
                    25:73:29:44:38:aa:9f:f7:8d:5e:d2:9f:f1:92:cb:
                    67:e9:aa:bf:05:9d:7d:7c:a5:08:f6:16:c4:29:40:
                    91:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DE:ED:EF:A8:2A:FC:63:F2:93:BF:E2:2D:E0:0C:05:23:8F:3B:E5
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/at7t76gq_GPyk7_iLeAMBSOPO-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ee:9d:c5:1c:9a:42:15:34:0b:52:6d:1b:fa:e5:6e:55:00:
         99:24:0b:bf:39:aa:3f:7c:14:a2:75:f0:cf:a1:b2:14:cd:db:
         97:0b:14:59:78:48:52:54:09:6a:6f:05:0b:60:4f:c2:e6:f7:
         6b:a6:77:f6:f6:36:93:ad:de:cd:7a:1b:64:fa:8e:35:93:3c:
         d7:f8:61:01:12:b0:8e:ba:e6:08:aa:a6:6d:39:8d:78:76:93:
         5d:c9:8a:3d:b7:ca:bc:4b:88:82:f9:f7:25:58:57:9f:94:16:
         4e:d5:05:82:fa:87:01:95:9f:5c:fe:f7:d9:4c:07:50:93:36:
         a0:af:44:48:39:59:88:6c:70:aa:c5:8e:bf:72:f7:2c:48:a5:
         74:3d:1e:99:a7:af:46:17:c3:d2:0b:ee:17:24:a7:da:82:19:
         79:6f:2a:03:e5:99:04:69:13:8b:be:bb:15:a0:46:cc:39:22:
         0b:62:73:68:e1:93:33:62:24:8d:d8:92:95:04:86:ba:b7:b0:
         6f:25:bb:41:47:77:ad:3d:5c:c5:84:5c:9c:e1:4b:76:70:ec:
         00:58:3d:6d:60:f8:c3:4a:d6:8f:60:72:95:fe:01:4c:72:b5:
         a9:d4:0d:44:25:20:dc:fe:ff:6f:e6:05:d3:de:1b:1b:99:62:
         05:98:b3:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3swNeYmRCHp5Wwh/0TM0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzE2MTczMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRlZWRlZmE4MmFmYzYzZjI5M2JmZTIyZGUwMGMwNTIzOGYzYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph51pZgMCobeFkmqH8igO7KrnLLa
SaLpIlFWNG1bOiVDhcOOE3QMrgaU7hyq1w9yTmHYRL96vu7ftPOLLdnPSAIL92sT
8K2QCmWFHJvOMtd7dVbGX3YnbhtRKfXaW+hhH0poAxQ5Qyc4ik92QgiIkuhqJMqh
ipDKmOB9XMFAJz8MRqq314Lt7swXssTso5CLjbJt6Ry2DvqnzZtevcW25QJDw6Fj
gUzSz1T1k6Qh9mxBez1gC8Rnw7BJLw83om2i4wazW2D9JKLubJg7rbhXO659MSIP
dH4g/8IAcxxWOaIlcylEOKqf941e0p/xkstn6aq/BZ19fKUI9hbEKUCRXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGre7e+oKvxj8pO/4i3gDAUjjzvlMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYXQ3dDc2Z3FfR1B5azdfaUxlQU1CU09QTy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oEMA0G
CSqGSIb3DQEBCwUAA4IBAQBr7p3FHJpCFTQLUm0b+uVuVQCZJAu/Oao/fBSidfDP
obIUzduXCxRZeEhSVAlqbwULYE/C5vdrpnf29jaTrd7Nehtk+o41kzzX+GEBErCO
uuYIqqZtOY14dpNdyYo9t8q8S4iC+fclWFeflBZO1QWC+ocBlZ9c/vfZTAdQkzag
r0RIOVmIbHCqxY6/cvcsSKV0PR6Zp69GF8PSC+4XJKfaghl5byoD5ZkEaROLvrsV
oEbMOSILYnNo4ZMzYiSN2JKVBIa6t7BvJbtBR3etPVzFhFyc4Ut2cOwAWD1tYPjD
StaPYHKV/gFMcrWp1A1EJSDc/v9v5gXT3hsbmWIFmLN1
-----END CERTIFICATE-----