Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bX07DQvZ8q4HhvU9eLsZ2twKQ5A.roa
File:                     bX07DQvZ8q4HhvU9eLsZ2twKQ5A.roa (raw, json)
Hash identifier:          lI/5hzENq6fgrKbG5ySuEayQPGQJVJbrOqOLXc8/4mU=
Subject key identifier:   6D:7D:3B:0D:0B:D9:F2:AE:07:86:F5:3D:78:BB:19:DA:DC:0A:43:90
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019DFC0B9C0B6DEAEF8976D90648CACCA381
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bX07DQvZ8q4HhvU9eLsZ2twKQ5A.roa
Signing time:             Wed 06 May 2026 06:48:32 +0000
ROA not before:           Wed 06 May 2026 06:48:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205987
IP address blocks:        147.90.228.0/24 maxlen: 24
                          147.90.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:0b:9c:0b:6d:ea:ef:89:76:d9:06:48:ca:cc:a3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May  6 06:48:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d7d3b0d0bd9f2ae0786f53d78bb19dadc0a4390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8c:0d:de:14:ec:55:87:f1:d3:84:03:92:f4:
                    2e:ae:ad:76:f8:51:f4:a3:29:ef:df:db:7b:c5:b1:
                    21:aa:91:6b:72:92:68:86:9c:b2:c2:2a:53:fb:04:
                    d1:2c:a1:d6:d6:02:86:2c:cf:46:b6:fd:f3:78:e3:
                    43:5e:34:88:95:56:52:85:de:92:6a:ad:36:86:c4:
                    4b:fe:16:c2:df:c8:f3:13:04:a3:93:93:f6:14:69:
                    dc:db:1b:20:fb:3b:87:9f:d8:8f:4f:1f:05:4d:7a:
                    35:a3:8d:16:80:94:ee:f7:5d:21:9e:04:e4:4b:f2:
                    2b:06:50:c8:31:ca:f5:1e:f7:76:8a:61:47:f6:dc:
                    4d:18:75:b2:a5:72:83:26:e8:79:78:71:d1:fd:5f:
                    cd:11:07:2b:bd:0a:3a:bb:8f:c1:b9:3f:d1:a9:3c:
                    9e:9e:13:7a:d6:80:2e:a6:d9:b0:bd:07:a5:04:b3:
                    d7:e4:7a:70:41:79:42:aa:d2:2d:c6:32:94:c2:74:
                    4e:33:0d:70:0a:d5:89:f1:d1:9e:3d:d4:0c:d0:cc:
                    00:6f:ec:40:15:da:b7:4e:2d:fa:9a:a9:93:d9:1e:
                    f9:8c:ad:dc:ec:62:10:2f:c1:89:43:f8:3a:eb:85:
                    d9:75:57:29:d6:24:b9:0b:b2:c5:d6:79:50:98:34:
                    13:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7D:3B:0D:0B:D9:F2:AE:07:86:F5:3D:78:BB:19:DA:DC:0A:43:90
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/bX07DQvZ8q4HhvU9eLsZ2twKQ5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.228.0/24
                  147.90.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4e:95:84:76:1c:a1:3c:ca:0c:43:8a:db:b1:31:62:e4:d8:
         13:b0:68:1d:aa:da:2f:f1:99:66:a1:02:ab:80:fd:07:8f:cb:
         8d:89:2c:a4:b4:50:34:ab:75:d9:e4:53:58:3f:1c:29:bf:bc:
         d6:ea:eb:27:2e:53:9f:21:a3:19:97:fa:5d:0e:43:46:0a:4c:
         e6:42:ea:09:fd:6c:f5:a3:a9:9f:91:32:54:02:c1:be:00:38:
         21:ec:8f:77:8c:de:e3:34:b5:39:d5:a5:ab:e1:72:3c:b2:29:
         22:33:10:d3:23:e2:21:e8:f5:12:6d:89:68:d6:82:08:08:05:
         87:df:db:34:9d:67:43:53:f3:69:da:c3:65:33:57:14:a6:07:
         19:3d:ad:01:b2:f7:81:62:25:3a:d4:4a:dc:98:df:3d:ca:d1:
         cc:36:7c:ed:80:21:3d:92:88:17:35:6a:fe:6b:f7:4e:1b:b1:
         a3:8d:10:47:98:7f:82:b1:7f:75:59:15:f5:1e:14:2f:b1:d8:
         cd:20:b4:4e:66:b3:c6:2b:61:1c:19:f8:d7:37:8a:a1:e3:34:
         7e:0d:97:49:73:56:76:86:c3:3e:62:60:d6:dc:c5:f2:57:63:
         f8:6a:27:7c:b5:a9:b6:ae:c4:71:a2:65:7b:80:6f:63:ad:41:
         ae:40:4c:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ38C5wLberviXbZBkjKzKOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTA2MDY0ODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdkM2IwZDBiZDlmMmFlMDc4NmY1M2Q3OGJiMTlkYWRjMGE0MzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYwN3hTsVYfx04QDkvQurq12+FH0
oynv39t7xbEhqpFrcpJohpyywipT+wTRLKHW1gKGLM9Gtv3zeONDXjSIlVZShd6S
aq02hsRL/hbC38jzEwSjk5P2FGnc2xsg+zuHn9iPTx8FTXo1o40WgJTu910hngTk
S/IrBlDIMcr1Hvd2imFH9txNGHWypXKDJuh5eHHR/V/NEQcrvQo6u4/BuT/RqTye
nhN61oAuptmwvQelBLPX5HpwQXlCqtItxjKUwnROMw1wCtWJ8dGePdQM0MwAb+xA
Fdq3Ti36mqmT2R75jK3c7GIQL8GJQ/g664XZdVcp1iS5C7LF1nlQmDQTHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG19Ow0L2fKuB4b1PXi7GdrcCkOQMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvYlgwN0RRdlo4cTRIaHZVOWVMc1oydHdLUTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk1rkAwQA
k1roMA0GCSqGSIb3DQEBCwUAA4IBAQB8TpWEdhyhPMoMQ4rbsTFi5NgTsGgdqtov
8ZlmoQKrgP0Hj8uNiSyktFA0q3XZ5FNYPxwpv7zW6usnLlOfIaMZl/pdDkNGCkzm
QuoJ/Wz1o6mfkTJUAsG+ADgh7I93jN7jNLU51aWr4XI8sikiMxDTI+Ih6PUSbYlo
1oIICAWH39s0nWdDU/Np2sNlM1cUpgcZPa0BsveBYiU61ErcmN89ytHMNnztgCE9
kogXNWr+a/dOG7GjjRBHmH+CsX91WRX1HhQvsdjNILROZrPGK2EcGfjXN4qh4zR+
DZdJc1Z2hsM+YmDW3MXyV2P4aid8tam2rsRxomV7gG9jrUGuQEyp
-----END CERTIFICATE-----