Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/e_rjlWnufkXRX9vnEoGHBtoPDac.roa
File:                     e_rjlWnufkXRX9vnEoGHBtoPDac.roa (raw, json)
Hash identifier:          f9AdDE4jwXRSzGfg61tw5g/ly2XLBstvny92h62L67Y=
Subject key identifier:   7B:FA:E3:95:69:EE:7E:45:D1:5F:DB:E7:12:81:87:06:DA:0F:0D:A7
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CDE655E8D039974F0A2E3C3A2F81A9AF1
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/e_rjlWnufkXRX9vnEoGHBtoPDac.roa
Signing time:             Wed 11 Mar 2026 19:35:11 +0000
ROA not before:           Wed 11 Mar 2026 19:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135120
IP address blocks:        147.90.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:de:65:5e:8d:03:99:74:f0:a2:e3:c3:a2:f8:1a:9a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 11 19:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bfae39569ee7e45d15fdbe712818706da0f0da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e1:04:7f:61:f6:32:33:bf:77:16:8a:47:e0:
                    d4:4b:70:54:83:3c:85:2e:a2:a0:03:42:97:4f:e6:
                    91:92:df:59:c4:15:fd:90:0f:cd:74:8c:0c:b8:0f:
                    05:f9:b0:47:33:23:cc:5c:84:63:3d:56:2a:12:b9:
                    43:0f:60:23:03:fa:3e:51:b1:b6:f0:0e:be:d4:32:
                    e0:29:73:e8:0b:3a:2b:e5:30:57:36:bd:bd:ec:c0:
                    b0:1c:5d:97:8d:e4:83:bb:13:ee:af:c0:de:23:b5:
                    36:a9:4a:5d:10:b1:cc:12:fc:06:87:1b:4f:ef:1d:
                    bc:db:d5:61:f2:4c:58:63:54:7c:10:cd:60:30:28:
                    50:79:ac:1c:0a:54:6f:cc:32:a3:15:fb:fa:a5:24:
                    e9:91:5d:e1:cc:82:b1:ce:79:03:9b:b3:70:95:15:
                    32:c3:91:a9:8e:dc:c3:a1:12:e7:85:05:2b:18:c2:
                    2b:94:00:d5:7a:62:e5:ef:6e:87:1d:b4:00:dd:d6:
                    63:0c:df:07:56:a3:f7:8f:5d:43:a4:ee:2b:32:64:
                    4e:40:3d:80:dc:b8:9f:a7:0c:3e:14:da:cf:e3:5a:
                    2a:34:58:ee:60:fb:62:e9:84:8c:e9:45:4e:d4:2f:
                    94:fe:9f:3f:f9:61:60:12:43:ef:18:7c:a6:38:22:
                    49:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FA:E3:95:69:EE:7E:45:D1:5F:DB:E7:12:81:87:06:DA:0F:0D:A7
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/e_rjlWnufkXRX9vnEoGHBtoPDac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:e4:7c:21:14:4f:13:68:19:b4:91:36:bc:03:60:00:33:8e:
         e7:09:63:b6:d3:c6:31:8c:69:9d:e5:a4:c4:c2:84:3f:1a:e6:
         ab:f7:f9:8a:a2:7d:bb:07:9b:45:45:a1:eb:7b:67:01:14:1e:
         ba:d1:75:23:08:49:5c:02:a7:6a:f2:73:8d:f7:9b:bb:f7:df:
         dd:21:80:d0:77:60:cc:6b:b7:c8:2f:1c:30:a2:6f:1d:ea:c2:
         79:0e:ca:64:32:29:f4:74:c8:50:05:8d:45:df:cb:8b:f7:97:
         36:3e:68:35:6a:c0:50:70:0f:02:cf:30:de:86:c4:f6:66:86:
         6b:8b:1f:9a:b1:e6:f2:e1:d7:48:e4:86:79:97:de:ea:98:3d:
         97:f4:25:d5:d2:d6:01:45:ad:55:d2:40:26:96:67:5e:6d:37:
         50:7e:ce:4a:ba:da:11:b2:c9:ee:74:74:42:d7:01:2e:04:77:
         10:c8:4e:fb:20:8d:df:7a:60:8a:03:c1:d4:d4:48:4b:29:a2:
         a8:70:34:8a:ba:87:3a:9d:e0:dd:e6:1e:14:6e:ca:38:20:0f:
         4e:dd:c1:0b:1e:b5:68:95:ac:ae:88:34:73:a6:7a:94:a9:e0:
         c2:ee:8b:95:d8:40:26:24:32:27:63:17:17:87:78:d2:f8:15:
         76:ed:4e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzeZV6NA5l08KLjw6L4GprxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzExMTkzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmZhZTM5NTY5ZWU3ZTQ1ZDE1ZmRiZTcxMjgxODcwNmRhMGYwZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OEEf2H2MjO/dxaKR+DUS3BUgzyF
LqKgA0KXT+aRkt9ZxBX9kA/NdIwMuA8F+bBHMyPMXIRjPVYqErlDD2AjA/o+UbG2
8A6+1DLgKXPoCzor5TBXNr297MCwHF2XjeSDuxPur8DeI7U2qUpdELHMEvwGhxtP
7x2829Vh8kxYY1R8EM1gMChQeawcClRvzDKjFfv6pSTpkV3hzIKxznkDm7NwlRUy
w5GpjtzDoRLnhQUrGMIrlADVemLl726HHbQA3dZjDN8HVqP3j11DpO4rMmROQD2A
3Lifpww+FNrP41oqNFjuYPti6YSM6UVO1C+U/p8/+WFgEkPvGHymOCJJgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHv645Vp7n5F0V/b5xKBhwbaDw2nMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvZV9yamxXbnVma1hSWDl2bkVvR0hCdG9QRGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk1oCMA0G
CSqGSIb3DQEBCwUAA4IBAQCu5HwhFE8TaBm0kTa8A2AAM47nCWO208YxjGmd5aTE
woQ/Guar9/mKon27B5tFRaHre2cBFB660XUjCElcAqdq8nON95u799/dIYDQd2DM
a7fILxwwom8d6sJ5DspkMin0dMhQBY1F38uL95c2Pmg1asBQcA8CzzDehsT2ZoZr
ix+aseby4ddI5IZ5l97qmD2X9CXV0tYBRa1V0kAmlmdebTdQfs5KutoRssnudHRC
1wEuBHcQyE77II3femCKA8HU1EhLKaKocDSKuoc6neDd5h4Ubso4IA9O3cELHrVo
layuiDRzpnqUqeDC7ouV2EAmJDInYxcXh3jS+BV27U6G
-----END CERTIFICATE-----