Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/XMNcoWXaf4vnDHCArQ-gu1Y3zL0.roa
File:                     XMNcoWXaf4vnDHCArQ-gu1Y3zL0.roa (raw, json)
Hash identifier:          c50mTMfPFSVXbnJgASutbtpma/sfEHT1BH/nlXtX2qk=
Subject key identifier:   5C:C3:5C:A1:65:DA:7F:8B:E7:0C:70:80:AD:0F:A0:BB:56:37:CC:BD
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019814594B01DE948B1DA0E5E7BD0E9A1A3A
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/XMNcoWXaf4vnDHCArQ-gu1Y3zL0.roa
Signing time:             Wed 16 Jul 2025 17:47:32 +0000
ROA not before:           Wed 16 Jul 2025 17:47:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 05:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:14:59:4b:01:de:94:8b:1d:a0:e5:e7:bd:0e:9a:1a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Jul 16 17:47:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cc35ca165da7f8be70c7080ad0fa0bb5637ccbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:63:fb:79:2c:3c:94:43:50:1e:54:e1:cb:34:
                    eb:82:1f:72:38:b1:c4:c1:cb:0a:0c:9a:f1:90:6a:
                    17:23:07:4d:d3:30:c1:35:fb:21:3d:76:2f:44:7c:
                    3b:36:62:f2:f1:8c:56:4a:d0:20:fb:9e:8a:dd:0c:
                    44:18:1f:f8:31:4c:5b:02:a2:ee:14:e0:dc:3c:8e:
                    76:cd:2f:b4:04:94:24:1f:86:dc:06:77:9f:14:99:
                    44:51:c9:cd:78:8e:dd:0f:60:46:28:4c:d1:f9:b3:
                    da:95:f4:0f:16:af:37:53:7f:4f:b0:19:80:c4:68:
                    4a:c7:26:87:12:7a:ee:c7:e1:c2:9b:3d:85:22:50:
                    42:37:1b:8c:c5:80:a8:92:6c:54:b9:a3:00:10:ba:
                    85:5d:1c:de:af:6b:47:b1:47:4d:40:51:ce:81:db:
                    bd:53:17:1c:c7:1d:18:db:2c:f9:97:16:22:1f:d9:
                    9f:de:ee:25:80:31:9d:a9:53:0e:fd:01:da:b7:da:
                    a7:42:33:14:0c:5e:10:98:76:3c:50:51:02:27:4a:
                    70:68:5d:df:99:3e:8e:33:7c:62:65:e3:c6:0c:b9:
                    3a:6f:a4:a6:64:57:2a:88:fe:4c:50:87:b3:4c:08:
                    ef:e8:36:9b:17:87:64:f2:a8:b3:11:12:e7:fa:93:
                    a6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C3:5C:A1:65:DA:7F:8B:E7:0C:70:80:AD:0F:A0:BB:56:37:CC:BD
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/XMNcoWXaf4vnDHCArQ-gu1Y3zL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:1e:e1:86:20:e4:a2:c6:2f:98:ef:c9:56:a4:4e:50:ed:af:
         ba:86:06:83:7c:75:c1:00:15:72:19:3c:8a:63:2f:a0:b2:3b:
         fd:49:14:06:7b:8c:ad:05:3c:aa:ee:a7:81:83:e4:39:ce:0e:
         8b:63:22:77:e3:e4:d6:b2:72:70:81:63:dc:6c:b6:92:48:ce:
         9f:52:6d:35:af:03:1e:d6:e1:07:21:1f:e0:20:57:6d:73:5b:
         23:59:b5:f4:c3:c9:6d:49:a6:64:af:2d:ee:87:7d:f9:7e:95:
         03:f8:94:d0:10:4e:87:e3:a7:a3:2e:66:4a:b2:ea:c4:90:c9:
         5f:84:9c:2a:93:c2:1e:00:c9:3e:e0:c5:5c:c0:46:aa:93:ec:
         ef:d4:ca:9f:66:59:d6:92:b9:03:af:00:ca:86:48:9b:43:e8:
         a9:d2:07:32:34:07:aa:9d:d3:17:07:aa:39:e7:2e:0e:f4:d6:
         eb:53:b2:eb:b2:28:f9:c7:0f:e8:eb:53:52:3d:f1:9b:47:b9:
         52:a4:43:03:4a:b9:29:e6:e7:82:31:36:12:b7:6b:c8:f9:cf:
         7f:5c:42:77:48:5c:94:5f:6b:d3:af:62:47:72:42:c5:4b:b7:
         95:23:92:77:c8:fa:df:d8:40:ef:da:88:24:01:46:70:5f:93:
         77:6d:e3:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgUWUsB3pSLHaDl570Omho6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjUwNzE2MTc0NzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2MzNWNhMTY1ZGE3ZjhiZTcwYzcwODBhZDBmYTBiYjU2MzdjY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2P7eSw8lENQHlThyzTrgh9yOLHE
wcsKDJrxkGoXIwdN0zDBNfshPXYvRHw7NmLy8YxWStAg+56K3QxEGB/4MUxbAqLu
FODcPI52zS+0BJQkH4bcBnefFJlEUcnNeI7dD2BGKEzR+bPalfQPFq83U39PsBmA
xGhKxyaHEnrux+HCmz2FIlBCNxuMxYCokmxUuaMAELqFXRzer2tHsUdNQFHOgdu9
Uxccxx0Y2yz5lxYiH9mf3u4lgDGdqVMO/QHat9qnQjMUDF4QmHY8UFECJ0pwaF3f
mT6OM3xiZePGDLk6b6SmZFcqiP5MUIezTAjv6DabF4dk8qizERLn+pOmCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzDXKFl2n+L5wxwgK0PoLtWN8y9MB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvWE1OY29XWGFmNHZuREhDQXJRLWd1MVkzekwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQB8HuGGIOSixi+Y78lWpE5Q7a+6hgaDfHXBABVyGTyK
Yy+gsjv9SRQGe4ytBTyq7qeBg+Q5zg6LYyJ34+TWsnJwgWPcbLaSSM6fUm01rwMe
1uEHIR/gIFdtc1sjWbX0w8ltSaZkry3uh335fpUD+JTQEE6H46ejLmZKsurEkMlf
hJwqk8IeAMk+4MVcwEaqk+zv1MqfZlnWkrkDrwDKhkibQ+ip0gcyNAeqndMXB6o5
5y4O9NbrU7Lrsij5xw/o61NSPfGbR7lSpEMDSrkp5ueCMTYSt2vI+c9/XEJ3SFyU
X2vTr2JHckLFS7eVI5J3yPrf2EDv2ogkAUZwX5N3beOW
-----END CERTIFICATE-----