Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/lacBnbv4mntHSEdFnQ8b2vYaqgw.roa
File:                     lacBnbv4mntHSEdFnQ8b2vYaqgw.roa (raw, json)
Hash identifier:          98OiE5s/KYdQjxOOYJejKPuOLPfdrqp1dCWI1IBfpRk=
Subject key identifier:   95:A7:01:9D:BB:F8:9A:7B:47:48:47:45:9D:0F:1B:DA:F6:1A:AA:0C
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019D33963F42233B5D56DA31EA4992B40971
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/lacBnbv4mntHSEdFnQ8b2vYaqgw.roa
Signing time:             Sat 28 Mar 2026 08:36:17 +0000
ROA not before:           Sat 28 Mar 2026 08:36:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 08:48:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:96:3f:42:23:3b:5d:56:da:31:ea:49:92:b4:09:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Mar 28 08:36:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95a7019dbbf89a7b474847459d0f1bdaf61aaa0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:64:04:b2:cb:2d:99:a9:12:f5:00:4e:6b:7e:
                    38:8e:6d:a5:1b:44:2c:1a:ff:c4:47:e4:fb:e3:06:
                    f4:f5:d1:d7:b6:27:03:43:37:8a:aa:9d:ec:1b:bd:
                    f3:9a:ca:51:fc:39:41:3c:dc:c5:6b:d4:4e:9e:94:
                    5e:13:3c:34:e0:ce:86:db:ac:9f:23:d6:ca:6d:ab:
                    dc:6a:71:ca:b6:79:a7:f6:7a:80:c5:e0:95:3d:72:
                    cb:57:34:78:7d:53:55:25:04:31:6a:a6:fd:f1:97:
                    41:11:c4:57:8e:2b:fd:1d:1e:08:cb:5e:24:05:4a:
                    cb:df:19:4c:86:11:54:89:04:50:85:19:06:7b:44:
                    e9:53:6f:55:07:1f:09:95:af:d1:2d:ee:a9:d8:cb:
                    b4:d2:29:e5:3a:2c:34:c1:27:79:df:3d:f7:84:3c:
                    7a:33:b0:ca:67:b0:1b:e5:38:58:45:05:f7:8e:8c:
                    15:cf:a2:42:c3:1e:c5:76:73:8d:db:b8:1c:15:8e:
                    db:92:9d:fb:5b:cc:52:8b:04:2c:93:d9:67:47:28:
                    15:7b:ea:9b:11:48:cb:4a:7d:aa:59:b3:d1:f5:7d:
                    46:70:a0:f7:83:9b:52:68:5b:e9:5d:f3:70:8c:ba:
                    6e:17:d2:d0:0e:a0:6d:6f:54:ba:c4:77:2e:43:1c:
                    d6:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A7:01:9D:BB:F8:9A:7B:47:48:47:45:9D:0F:1B:DA:F6:1A:AA:0C
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/lacBnbv4mntHSEdFnQ8b2vYaqgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:dd:21:48:67:a0:b7:5c:68:36:1a:02:e8:66:d3:de:5e:fa:
         f2:2b:8d:80:d0:c7:4d:a8:7b:79:19:34:4e:53:80:f5:4a:eb:
         9d:77:bb:b2:44:62:0b:7a:a0:8f:a4:68:a8:ee:a0:e1:29:8d:
         b7:cf:29:e5:33:ec:cb:39:70:2e:be:32:7e:a4:2c:d0:3d:ec:
         66:ec:07:9a:1b:72:e7:46:98:47:23:51:3e:aa:61:f3:88:e1:
         fc:cc:3b:ac:72:e8:9c:d1:a6:bb:dc:ae:85:ba:d3:96:36:90:
         07:85:83:73:82:8d:1c:b3:8b:87:35:31:41:cd:ae:ed:66:ba:
         34:e1:7e:91:91:40:a4:0e:a6:eb:90:e0:c4:ff:2f:28:f2:5c:
         d8:4e:ca:60:ab:c6:d6:a0:a7:f1:c5:d1:70:29:7c:92:fd:7f:
         a5:ec:d7:8e:91:6c:ee:ac:03:13:37:19:9f:e4:4c:0a:9c:4a:
         23:20:6d:5b:67:76:7f:9b:36:82:d6:4a:7a:83:de:16:9e:83:
         e9:60:3c:b4:d8:30:2e:52:f2:07:9d:b2:42:05:7a:10:b4:e6:
         72:7d:60:55:0a:a3:de:7f:9c:0d:24:db:07:39:53:16:76:a5:
         1e:6c:9d:fe:26:1b:c1:8b:15:25:f0:bc:5a:91:52:1d:50:11:
         ac:09:97:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0zlj9CIztdVtox6kmStAlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwMzI4MDgzNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWE3MDE5ZGJiZjg5YTdiNDc0ODQ3NDU5ZDBmMWJkYWY2MWFhYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QEssstmakS9QBOa344jm2lG0Qs
Gv/ER+T74wb09dHXticDQzeKqp3sG73zmspR/DlBPNzFa9ROnpReEzw04M6G26yf
I9bKbavcanHKtnmn9nqAxeCVPXLLVzR4fVNVJQQxaqb98ZdBEcRXjiv9HR4Iy14k
BUrL3xlMhhFUiQRQhRkGe0TpU29VBx8Jla/RLe6p2Mu00inlOiw0wSd53z33hDx6
M7DKZ7Ab5ThYRQX3jowVz6JCwx7FdnON27gcFY7bkp37W8xSiwQsk9lnRygVe+qb
EUjLSn2qWbPR9X1GcKD3g5tSaFvpXfNwjLpuF9LQDqBtb1S6xHcuQxzWKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWnAZ27+Jp7R0hHRZ0PG9r2GqoMMB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvbGFjQm5idjRtbnRIU0VkRm5ROGIydllhcWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQAn3SFIZ6C3XGg2GgLoZtPeXvryK42A0MdNqHt5GTRO
U4D1Suudd7uyRGILeqCPpGio7qDhKY23zynlM+zLOXAuvjJ+pCzQPexm7AeaG3Ln
RphHI1E+qmHziOH8zDuscuic0aa73K6FutOWNpAHhYNzgo0cs4uHNTFBza7tZro0
4X6RkUCkDqbrkODE/y8o8lzYTspgq8bWoKfxxdFwKXyS/X+l7NeOkWzurAMTNxmf
5EwKnEojIG1bZ3Z/mzaC1kp6g94WnoPpYDy02DAuUvIHnbJCBXoQtOZyfWBVCqPe
f5wNJNsHOVMWdqUebJ3+JhvBixUl8LxakVIdUBGsCZdU
-----END CERTIFICATE-----