Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oLOWkIQSQbKi3CfZpKTXc4iZU2U.roa
File:                     oLOWkIQSQbKi3CfZpKTXc4iZU2U.roa (raw, json)
Hash identifier:          +8Ju1oH+wLQ2ix/jPrUv/qlO++0LCxmZWlZBsswxTXQ=
Subject key identifier:   A0:B3:96:90:84:12:41:B2:A2:DC:27:D9:A4:A4:D7:73:88:99:53:65
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D07979E0F46DF18D7486026E12A867042
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oLOWkIQSQbKi3CfZpKTXc4iZU2U.roa
Signing time:             Thu 19 Mar 2026 19:34:29 +0000
ROA not before:           Thu 19 Mar 2026 19:34:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43350
IP address blocks:        147.90.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:07:97:9e:0f:46:df:18:d7:48:60:26:e1:2a:86:70:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 19 19:34:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0b39690841241b2a2dc27d9a4a4d77388995365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:7a:4f:81:c5:4a:75:83:2a:37:3c:2b:5f:63:
                    0c:59:e9:b5:59:66:c3:81:47:75:54:2d:e1:ab:b9:
                    c2:c4:ea:d9:9e:3e:dd:a9:cb:95:dc:b6:8a:8c:cb:
                    92:ae:23:8f:94:bd:48:6f:c8:29:09:21:e6:6a:29:
                    28:60:44:0d:ef:ba:f4:cb:79:fe:2c:0d:b3:33:d5:
                    28:c5:b6:ee:63:13:ec:70:70:39:55:85:fd:26:cf:
                    90:da:f3:20:3c:76:35:f1:6d:6c:68:37:ae:92:65:
                    9b:8d:fc:1e:b0:c1:48:a5:cd:b2:77:3a:7d:ae:57:
                    9c:02:1d:4b:99:ba:b0:c5:c8:ab:89:1b:b1:ef:1f:
                    b8:99:b5:8e:4a:29:e0:40:85:de:5d:f6:df:40:10:
                    1b:b3:88:a6:81:65:f1:fd:a1:62:0a:4a:2f:b9:7c:
                    57:79:cb:21:2c:37:1a:56:36:b4:c5:03:47:d0:e6:
                    2d:d4:83:1b:be:bc:e7:aa:0e:46:fc:0e:5f:9b:77:
                    0c:8e:95:f2:ad:74:97:41:52:41:08:a6:6f:73:5f:
                    d6:98:38:6e:ba:38:50:8c:6d:d1:73:7d:c2:9c:05:
                    09:64:90:38:f9:63:68:83:63:10:00:42:0d:ad:1b:
                    de:12:74:3c:b0:08:8c:34:09:25:d1:4a:dd:aa:e9:
                    bb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B3:96:90:84:12:41:B2:A2:DC:27:D9:A4:A4:D7:73:88:99:53:65
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/oLOWkIQSQbKi3CfZpKTXc4iZU2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:75:72:78:a6:de:b3:a2:8a:43:22:27:52:71:ac:5a:23:66:
         60:c4:b0:69:c3:0c:c1:d1:7c:4b:7e:b5:cd:c9:95:e5:ff:3f:
         17:34:c2:dc:a6:29:5a:16:33:85:0d:ab:04:c8:cb:9d:76:b1:
         7a:ad:21:5c:74:c4:d3:35:98:ea:9c:b8:43:dd:6e:f4:9f:bb:
         f4:61:09:95:58:66:0a:a0:17:a1:42:4b:5d:4c:d2:e0:6f:45:
         9e:73:40:53:31:b9:c0:f0:bb:2e:81:72:cd:47:9b:cd:89:f5:
         fb:f4:19:1e:c5:cd:65:77:b0:cb:62:31:55:aa:86:b1:ee:30:
         d2:d6:15:b2:1c:ff:2a:80:8c:98:1f:8c:41:21:d1:72:ad:52:
         00:83:65:c9:07:13:9e:c9:a1:6a:4e:5d:e7:fa:af:20:3b:1d:
         d6:05:93:97:67:65:f4:4b:82:81:3a:41:45:4d:e0:08:86:ee:
         dd:0c:62:60:7a:85:86:cc:55:96:ac:a7:c1:96:f4:3f:e3:79:
         d0:a3:fc:e8:f8:ea:33:e6:42:51:91:8f:5e:a7:4c:c0:fa:d0:
         21:c3:e4:20:59:b7:3b:b3:af:7b:88:cd:e5:f8:07:3b:fc:e6:
         8d:a1:2f:e7:cd:5f:ed:f2:2c:8a:d1:0f:bd:c2:9f:47:d3:7d:
         13:b4:16:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Hl54PRt8Y10hgJuEqhnBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzE5MTkzNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGIzOTY5MDg0MTI0MWIyYTJkYzI3ZDlhNGE0ZDc3Mzg4OTk1MzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HpPgcVKdYMqNzwrX2MMWem1WWbD
gUd1VC3hq7nCxOrZnj7dqcuV3LaKjMuSriOPlL1Ib8gpCSHmaikoYEQN77r0y3n+
LA2zM9UoxbbuYxPscHA5VYX9Js+Q2vMgPHY18W1saDeukmWbjfwesMFIpc2ydzp9
rlecAh1LmbqwxciriRux7x+4mbWOSingQIXeXfbfQBAbs4imgWXx/aFiCkovuXxX
ecshLDcaVja0xQNH0OYt1IMbvrznqg5G/A5fm3cMjpXyrXSXQVJBCKZvc1/WmDhu
ujhQjG3Rc33CnAUJZJA4+WNog2MQAEINrRveEnQ8sAiMNAkl0Urdqum7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCzlpCEEkGyotwn2aSk13OImVNlMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvb0xPV2tJUVNRYktpM0NmWnBLVFhjNGlaVTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1rZMA0G
CSqGSIb3DQEBCwUAA4IBAQBgdXJ4pt6zoopDIidScaxaI2ZgxLBpwwzB0XxLfrXN
yZXl/z8XNMLcpilaFjOFDasEyMuddrF6rSFcdMTTNZjqnLhD3W70n7v0YQmVWGYK
oBehQktdTNLgb0Wec0BTMbnA8LsugXLNR5vNifX79Bkexc1ld7DLYjFVqoax7jDS
1hWyHP8qgIyYH4xBIdFyrVIAg2XJBxOeyaFqTl3n+q8gOx3WBZOXZ2X0S4KBOkFF
TeAIhu7dDGJgeoWGzFWWrKfBlvQ/43nQo/zo+Ooz5kJRkY9ep0zA+tAhw+QgWbc7
s697iM3l+Ac7/OaNoS/nzV/t8iyK0Q+9wp9H030TtBbL
-----END CERTIFICATE-----