Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rO4CqSFk76x326wyUVOREb-ZY5k.roa
File:                     rO4CqSFk76x326wyUVOREb-ZY5k.roa (raw, json)
Hash identifier:          JX3HeoOQTjorog6L1PHtbYfSC1nV7yW7ju6Ee2HVjlk=
Subject key identifier:   AC:EE:02:A9:21:64:EF:AC:77:DB:AC:32:51:53:91:11:BF:99:63:99
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E17315274C3540D7073D3269510FFA7E7
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rO4CqSFk76x326wyUVOREb-ZY5k.roa
Signing time:             Mon 11 May 2026 13:19:28 +0000
ROA not before:           Mon 11 May 2026 13:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     27284
IP address blocks:        147.90.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:31:52:74:c3:54:0d:70:73:d3:26:95:10:ff:a7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: May 11 13:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acee02a92164efac77dbac3251539111bf996399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b1:02:9f:bc:4d:8c:cb:d4:21:42:bd:7b:e2:
                    0c:43:cb:a6:9d:6d:b9:cf:e5:f4:68:6e:2e:91:1b:
                    1e:3d:d9:e9:89:65:85:98:f7:ee:d0:c6:3d:67:5e:
                    e8:d7:53:29:f6:77:69:59:0c:d3:8b:e7:d4:8e:aa:
                    b8:b7:9d:d7:61:c7:4a:02:bf:10:c4:d3:f0:34:ad:
                    a2:4c:ab:45:2a:09:20:c6:09:da:8c:fd:7f:20:3a:
                    40:5a:15:01:a8:ac:27:ae:dd:40:d5:5d:27:f2:6f:
                    11:b8:47:01:ed:74:53:9b:2c:18:bb:80:49:8d:7e:
                    cc:26:af:83:8c:1a:54:33:4b:10:d4:a4:31:a1:42:
                    40:ee:de:94:11:49:21:ed:a7:ac:d6:02:63:be:5f:
                    87:fa:62:10:77:24:b1:f7:b2:43:fa:f7:2e:ec:46:
                    b8:b2:8b:d2:b0:16:7e:f5:57:09:1d:eb:a0:a8:1e:
                    10:f2:04:1a:b6:73:52:5d:a4:42:ae:b8:d7:b8:80:
                    2b:d5:70:54:f7:0e:fc:1d:51:a7:fd:30:15:10:da:
                    d6:53:8c:9e:03:67:f1:b5:7b:44:b7:52:62:d1:9a:
                    90:de:9c:50:33:50:38:30:a8:0e:76:3c:84:50:e2:
                    1a:4f:ac:2e:fc:cb:05:2c:52:c0:53:3f:11:45:19:
                    07:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EE:02:A9:21:64:EF:AC:77:DB:AC:32:51:53:91:11:BF:99:63:99
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/rO4CqSFk76x326wyUVOREb-ZY5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:1b:da:71:cd:59:af:fa:3a:e6:99:af:24:36:ae:4f:89:67:
         6c:92:d9:b2:f2:4a:02:74:c9:52:59:65:76:5d:5d:0f:fe:8b:
         8f:cf:a4:d8:56:01:a7:6a:d4:5d:e1:06:d5:41:2d:03:8e:62:
         75:a4:46:e3:ea:bd:e1:3f:d8:5f:6b:b1:03:6c:6e:03:ea:55:
         83:8a:c4:90:ac:29:6a:21:42:16:a1:63:84:b7:0c:2c:a3:58:
         62:c3:88:3b:c0:12:43:ae:b1:ac:29:23:cb:49:5e:a9:e6:a0:
         90:d5:9b:b2:35:f7:df:05:b3:57:f5:5f:85:ba:e1:83:de:4b:
         2b:67:73:ea:44:22:26:01:20:a2:9a:4f:db:e4:92:09:f7:b9:
         2f:fc:68:73:e9:db:ed:cd:3c:f6:67:27:4c:87:a5:75:a1:53:
         ea:1b:17:02:77:c8:db:ca:06:58:d2:b6:33:2f:1a:81:c1:4d:
         58:37:59:d0:3c:8a:42:0a:25:33:59:cb:b9:85:be:c8:c0:8f:
         f0:68:5c:f9:75:9e:cb:82:69:64:4f:5d:df:fa:5e:46:93:c6:
         aa:96:4e:08:d7:ec:02:6e:d2:4a:07:e0:57:4e:b8:d0:7f:ac:
         07:8b:4e:e2:b3:b9:e8:ea:64:da:0c:fb:59:32:0b:81:0c:23:
         80:c1:58:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4XMVJ0w1QNcHPTJpUQ/6fnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNTExMTMxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VlMDJhOTIxNjRlZmFjNzdkYmFjMzI1MTUzOTExMWJmOTk2Mzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rECn7xNjMvUIUK9e+IMQ8umnW25
z+X0aG4ukRsePdnpiWWFmPfu0MY9Z17o11Mp9ndpWQzTi+fUjqq4t53XYcdKAr8Q
xNPwNK2iTKtFKgkgxgnajP1/IDpAWhUBqKwnrt1A1V0n8m8RuEcB7XRTmywYu4BJ
jX7MJq+DjBpUM0sQ1KQxoUJA7t6UEUkh7aes1gJjvl+H+mIQdySx97JD+vcu7Ea4
sovSsBZ+9VcJHeugqB4Q8gQatnNSXaRCrrjXuIAr1XBU9w78HVGn/TAVENrWU4ye
A2fxtXtEt1Ji0ZqQ3pxQM1A4MKgOdjyEUOIaT6wu/MsFLFLAUz8RRRkH9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzuAqkhZO+sd9usMlFTkRG/mWOZMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvck80Q3FTRms3NngzMjZ3eVVWT1JFYi1aWTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk1rqMA0G
CSqGSIb3DQEBCwUAA4IBAQCTG9pxzVmv+jrmma8kNq5PiWdsktmy8koCdMlSWWV2
XV0P/ouPz6TYVgGnatRd4QbVQS0DjmJ1pEbj6r3hP9hfa7EDbG4D6lWDisSQrClq
IUIWoWOEtwwso1hiw4g7wBJDrrGsKSPLSV6p5qCQ1ZuyNfffBbNX9V+FuuGD3ksr
Z3PqRCImASCimk/b5JIJ97kv/Ghz6dvtzTz2ZydMh6V1oVPqGxcCd8jbygZY0rYz
LxqBwU1YN1nQPIpCCiUzWcu5hb7IwI/waFz5dZ7LgmlkT13f+l5Gk8aqlk4I1+wC
btJKB+BXTrjQf6wHi07is7no6mTaDPtZMguBDCOAwVhW
-----END CERTIFICATE-----