Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/prG2DPTZS19d8mz_q7AvhfUicKo.roa
File:                     prG2DPTZS19d8mz_q7AvhfUicKo.roa (raw, json)
Hash identifier:          JChF/CUlI7xgGjYOsZjRel0ZzNJuSmKlxnaXC4t1EKI=
Subject key identifier:   A6:B1:B6:0C:F4:D9:4B:5F:5D:F2:6C:FF:AB:B0:2F:85:F5:22:70:AA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D249D44034C4E388F49E55B92D2612780
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/prG2DPTZS19d8mz_q7AvhfUicKo.roa
Signing time:             Wed 25 Mar 2026 10:49:39 +0000
ROA not before:           Wed 25 Mar 2026 10:49:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401586
IP address blocks:        147.90.40.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9d:44:03:4c:4e:38:8f:49:e5:5b:92:d2:61:27:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 25 10:49:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6b1b60cf4d94b5f5df26cffabb02f85f52270aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ff:f7:4a:5a:e9:42:ec:cc:6a:41:79:cd:63:
                    c1:b7:1b:c3:24:1d:4e:a6:b0:79:1a:f9:61:31:76:
                    5e:c1:a5:2e:45:c6:58:e1:66:03:76:7c:9b:3e:e7:
                    07:61:0a:50:6e:97:cc:41:2d:59:39:6c:6d:93:98:
                    6c:fc:9f:66:25:80:19:2b:6f:c5:c4:eb:42:a5:8a:
                    f5:1f:36:21:0f:19:f5:e2:8e:33:6b:e8:2e:b6:3d:
                    ce:fe:f3:b8:20:48:21:ff:39:8d:af:00:8c:d0:99:
                    99:21:b1:66:d5:93:b7:0b:1f:3e:63:c2:51:ea:c3:
                    17:ae:ca:03:9a:d6:03:cd:07:21:63:24:48:bf:b0:
                    a9:5d:f7:99:ad:a8:e3:04:36:3a:ab:f4:f5:39:bb:
                    98:58:4a:31:c4:f7:b8:53:9a:2b:3b:3e:27:62:7e:
                    11:3c:21:83:28:d1:d6:6f:a5:29:db:26:c9:24:bf:
                    0b:7a:12:55:0d:a6:d7:5d:e2:2c:e3:18:a8:29:26:
                    6e:4a:8d:75:8d:da:8d:24:3c:6a:d7:3d:9f:3a:f6:
                    fb:96:92:9b:60:8b:7f:85:33:af:dc:32:a6:f7:11:
                    8f:8b:97:fb:52:7f:26:03:06:45:8c:f0:4c:98:75:
                    02:10:94:6a:d6:7b:8b:67:3e:50:f7:55:c5:db:7a:
                    1f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B1:B6:0C:F4:D9:4B:5F:5D:F2:6C:FF:AB:B0:2F:85:F5:22:70:AA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/prG2DPTZS19d8mz_q7AvhfUicKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:ed:f7:9c:6e:8a:fc:42:e3:c2:87:6e:2e:50:4c:c8:4d:7e:
         76:2f:19:2b:22:a4:56:c0:76:a8:17:8e:0c:84:46:d0:2f:d6:
         70:ff:1d:ef:8d:31:c0:48:6d:e4:d7:b6:f3:94:78:46:90:4c:
         ef:26:c7:76:d3:ef:9e:5d:8b:1f:b2:ec:2a:12:bd:7b:83:46:
         6b:c0:6a:47:ae:53:b0:c2:0b:5a:b9:f0:5b:46:00:1b:9c:6e:
         8b:81:b7:c5:31:b2:59:06:e5:d3:62:fe:25:34:3b:d2:3d:87:
         a9:ab:10:ba:3b:ea:43:4b:0c:16:64:ac:ea:0a:6e:75:35:ae:
         9d:a1:80:99:11:42:91:a1:63:dd:5f:9e:c5:ab:ba:cb:65:6b:
         63:66:65:42:a0:9a:51:97:1d:f8:a9:ca:ab:30:a0:6e:8c:f4:
         13:ba:bd:ee:33:01:fa:8e:4e:61:9a:42:2b:2b:83:76:e0:8b:
         1a:5d:ec:16:99:36:f9:99:04:87:11:d8:31:94:04:9f:d3:98:
         4f:56:69:78:b3:61:d9:60:20:55:f8:f7:52:62:40:08:2f:6d:
         99:90:6a:ce:f0:58:45:f3:57:12:4e:df:fb:9b:6c:e1:d1:fa:
         48:d2:db:0f:cd:aa:b4:58:68:6a:07:65:62:ad:cd:c2:96:7f:
         88:03:51:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0knUQDTE44j0nlW5LSYSeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzI1MTA0OTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIxYjYwY2Y0ZDk0YjVmNWRmMjZjZmZhYmIwMmY4NWY1MjI3MGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv/3SlrpQuzMakF5zWPBtxvDJB1O
prB5GvlhMXZewaUuRcZY4WYDdnybPucHYQpQbpfMQS1ZOWxtk5hs/J9mJYAZK2/F
xOtCpYr1HzYhDxn14o4za+gutj3O/vO4IEgh/zmNrwCM0JmZIbFm1ZO3Cx8+Y8JR
6sMXrsoDmtYDzQchYyRIv7CpXfeZrajjBDY6q/T1ObuYWEoxxPe4U5orOz4nYn4R
PCGDKNHWb6Up2ybJJL8LehJVDabXXeIs4xioKSZuSo11jdqNJDxq1z2fOvb7lpKb
YIt/hTOv3DKm9xGPi5f7Un8mAwZFjPBMmHUCEJRq1nuLZz5Q91XF23ofUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaxtgz02UtfXfJs/6uwL4X1InCqMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvcHJHMkRQVFpTMTlkOG16X3E3QXZoZlVpY0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk1ooMA0G
CSqGSIb3DQEBCwUAA4IBAQBA7fecbor8QuPCh24uUEzITX52LxkrIqRWwHaoF44M
hEbQL9Zw/x3vjTHASG3k17bzlHhGkEzvJsd20++eXYsfsuwqEr17g0ZrwGpHrlOw
wgtaufBbRgAbnG6LgbfFMbJZBuXTYv4lNDvSPYepqxC6O+pDSwwWZKzqCm51Na6d
oYCZEUKRoWPdX57Fq7rLZWtjZmVCoJpRlx34qcqrMKBujPQTur3uMwH6jk5hmkIr
K4N24IsaXewWmTb5mQSHEdgxlASf05hPVml4s2HZYCBV+PdSYkAIL22ZkGrO8FhF
81cSTt/7m2zh0fpI0tsPzaq0WGhqB2Virc3Cln+IA1GK
-----END CERTIFICATE-----