Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/66T0YNAXQ0yGiACN4m_1DDLExJM.roa
File:                     66T0YNAXQ0yGiACN4m_1DDLExJM.roa (raw, json)
Hash identifier:          +MK2glFCZyise5yAnI2gK9ho4rHuLufwbhk4BcMPVz8=
Subject key identifier:   EB:A4:F4:60:D0:17:43:4C:86:88:00:8D:E2:6F:F5:0C:32:C4:C4:93
Certificate issuer:       /CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
Certificate serial:       019DF1E683B2EC75E0D58390850444BCB96F
Authority key identifier: 48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/66T0YNAXQ0yGiACN4m_1DDLExJM.roa
Signing time:             Mon 04 May 2026 07:31:49 +0000
ROA not before:           Mon 04 May 2026 07:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15681
IP address blocks:        83.150.208.0/22 maxlen: 22
                          83.150.208.0/24 maxlen: 24
                          83.150.209.0/24 maxlen: 24
                          83.150.210.0/24 maxlen: 24
                          83.150.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:e6:83:b2:ec:75:e0:d5:83:90:85:04:44:bc:b9:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
        Validity
            Not Before: May  4 07:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eba4f460d017434c8688008de26ff50c32c4c493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3a:be:6e:52:ea:72:36:b0:4f:86:38:9f:d9:
                    4d:dd:2a:60:9a:76:de:ee:6f:9a:c0:70:4e:79:b8:
                    f5:c7:f0:f1:18:0c:db:0a:2f:51:19:bf:7b:54:e7:
                    98:61:93:93:49:e9:68:24:f6:ec:c7:dc:03:42:38:
                    b5:8e:05:c3:d6:c2:f1:0b:15:c9:e5:39:76:da:df:
                    af:b6:67:df:d3:80:fd:90:b8:4a:99:c0:a5:2a:77:
                    78:d5:6f:29:3c:9b:3a:59:f5:63:2e:bc:2a:04:1c:
                    f0:29:be:9c:fa:ba:aa:62:66:32:a3:5f:6c:6f:8d:
                    1c:9d:15:f3:a0:9c:be:c9:c4:11:92:e6:87:5c:eb:
                    41:6f:98:b2:65:d9:49:e2:d4:34:89:ac:9c:ac:9c:
                    ef:d3:03:6f:63:e2:06:40:eb:4b:f7:b2:aa:84:3c:
                    31:35:74:79:78:ee:db:f4:ed:1d:f1:5e:0b:a6:6a:
                    6b:e6:7b:c9:86:7e:8f:8d:7b:fd:31:8e:bf:fe:ab:
                    a3:36:6b:28:e8:d0:5a:46:2c:e7:3b:c1:26:44:8e:
                    0b:07:e1:27:20:82:e3:1e:36:b6:81:78:7a:d6:ed:
                    14:8a:59:8a:4a:05:3d:7d:78:d9:6c:6c:96:99:c9:
                    c9:9b:6f:d3:9f:c6:29:f8:50:3d:00:e0:62:43:78:
                    48:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A4:F4:60:D0:17:43:4C:86:88:00:8D:E2:6F:F5:0C:32:C4:C4:93
            X509v3 Authority Key Identifier:
                keyid:48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/66T0YNAXQ0yGiACN4m_1DDLExJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:cd:8a:25:1b:bb:9d:ec:dd:93:b5:3f:a1:bf:e6:e7:8c:86:
         1f:9c:bd:f5:61:3f:9a:01:e4:e7:4e:24:cf:56:72:70:54:da:
         18:73:29:8c:c5:54:99:01:99:9a:bc:bd:3e:6d:9b:8a:02:0e:
         1d:c3:84:12:f3:c4:9c:e6:58:ab:93:5f:54:53:ff:2d:4e:78:
         02:4a:4a:99:75:59:d5:07:40:0d:be:ed:57:a2:75:69:22:8b:
         72:23:f0:64:29:31:e3:36:47:1c:1f:b8:3a:a2:8c:fa:31:b3:
         35:97:9b:06:75:27:9e:b3:45:83:49:b8:d7:ef:8d:ed:00:dc:
         69:d5:ef:d4:c4:cb:62:85:27:bd:cd:f6:f5:e8:d2:af:bc:7e:
         e5:4f:17:39:5f:f8:ab:41:ef:b7:6a:a0:aa:6b:f4:08:a7:f8:
         2a:e1:0e:50:73:55:a1:6d:51:dd:e0:d5:c9:3a:fe:3a:60:d0:
         7b:6a:87:c9:bf:d2:c9:86:67:61:a5:06:93:12:97:3f:ed:81:
         69:ea:15:c1:81:bc:51:6e:2d:39:c6:66:ad:bb:24:d9:bd:36:
         2b:a9:bd:f0:be:4a:9b:01:f5:ad:8e:ec:16:3d:26:59:78:da:
         6a:12:85:0e:2a:82:8c:ad:48:0a:58:3c:db:65:04:96:5b:f9:
         5a:55:89:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3x5oOy7HXg1YOQhQREvLlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTQ2OTNiMWRjY2M0OWVlNjYwNWE3ZDMzOWUxZDg0N2Vm
MGFkOGIwHhcNMjYwNTA0MDczMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmE0ZjQ2MGQwMTc0MzRjODY4ODAwOGRlMjZmZjUwYzMyYzRjNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Tq+blLqcjawT4Y4n9lN3Spgmnbe
7m+awHBOebj1x/DxGAzbCi9RGb97VOeYYZOTSeloJPbsx9wDQji1jgXD1sLxCxXJ
5Tl22t+vtmff04D9kLhKmcClKnd41W8pPJs6WfVjLrwqBBzwKb6c+rqqYmYyo19s
b40cnRXzoJy+ycQRkuaHXOtBb5iyZdlJ4tQ0iaycrJzv0wNvY+IGQOtL97KqhDwx
NXR5eO7b9O0d8V4Lpmpr5nvJhn6PjXv9MY6//qujNmso6NBaRiznO8EmRI4LB+En
IILjHja2gXh61u0UilmKSgU9fXjZbGyWmcnJm2/Tn8Yp+FA9AOBiQ3hIOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuk9GDQF0NMhogAjeJv9QwyxMSTMB8GA1UdIwQY
MBaAFEikaTsdzMSe5mBafTOeHYR+8K2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4Yjct
YmUzYmI2Y2QyZDUxLzEvNjZUMFlOQVhRMHlHaUFDTjRtXzFERExFeEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4YjctYmUzYmI2Y2QyZDUx
LzEvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5bQMA0G
CSqGSIb3DQEBCwUAA4IBAQBdzYolG7ud7N2TtT+hv+bnjIYfnL31YT+aAeTnTiTP
VnJwVNoYcymMxVSZAZmavL0+bZuKAg4dw4QS88Sc5lirk19UU/8tTngCSkqZdVnV
B0ANvu1XonVpIotyI/BkKTHjNkccH7g6ooz6MbM1l5sGdSees0WDSbjX743tANxp
1e/UxMtihSe9zfb16NKvvH7lTxc5X/irQe+3aqCqa/QIp/gq4Q5Qc1WhbVHd4NXJ
Ov46YNB7aofJv9LJhmdhpQaTEpc/7YFp6hXBgbxRbi05xmatuyTZvTYrqb3wvkqb
AfWtjuwWPSZZeNpqEoUOKoKMrUgKWDzbZQSWW/laVYki
-----END CERTIFICATE-----