Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/nasjAVJDsU8AYQoGkGUr76HwJrE.roa
File:                     nasjAVJDsU8AYQoGkGUr76HwJrE.roa (raw, json)
Hash identifier:          ulv6Sdisc5z+EneUBgzHGP5vhuFMcuY6hrYIBq7ACx4=
Subject key identifier:   9D:AB:23:01:52:43:B1:4F:00:61:0A:06:90:65:2B:EF:A1:F0:26:B1
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019E660A1407B65330152775B0AFFD40331A
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/nasjAVJDsU8AYQoGkGUr76HwJrE.roa
Signing time:             Tue 26 May 2026 20:46:37 +0000
ROA not before:           Tue 26 May 2026 20:46:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:66:0a:14:07:b6:53:30:15:27:75:b0:af:fd:40:33:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: May 26 20:46:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9dab23015243b14f00610a0690652befa1f026b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ee:8e:a5:f2:f0:fe:a6:dd:4b:be:33:3a:53:
                    bf:08:75:59:37:50:d5:d1:a3:54:ca:3e:0b:42:e4:
                    a5:b4:5a:38:b0:18:ff:f7:26:a2:1e:00:9a:ea:b8:
                    05:b3:8e:ec:eb:8b:6c:a6:c5:73:39:c3:ad:3c:c1:
                    2c:88:22:0c:e1:14:a0:88:10:34:ea:a6:8a:18:4a:
                    b8:8e:2b:2f:3b:69:98:86:e8:c6:44:c2:91:87:ee:
                    76:82:49:bb:73:a9:c0:07:fd:5c:6b:84:a3:5e:8f:
                    29:61:9b:28:19:c2:64:05:2e:f3:50:08:09:81:40:
                    18:6c:db:6c:47:18:54:15:0e:c9:e3:68:fd:29:1d:
                    be:ab:de:9d:46:47:bf:b2:bb:18:39:53:08:75:2f:
                    d5:c1:00:97:12:0c:5f:34:f3:80:45:5a:64:90:12:
                    05:61:e4:11:a8:f2:e3:ee:9a:88:89:9d:20:25:36:
                    f9:9b:10:58:92:2a:16:18:6b:dc:04:47:57:d8:72:
                    34:33:57:0f:e1:dc:d7:74:29:e0:c8:23:b6:c2:d2:
                    8f:b1:4c:5f:7b:b7:37:30:69:74:32:da:ac:2e:1d:
                    c1:b0:3b:a3:36:4f:16:cb:46:fa:46:30:c9:b8:fe:
                    83:da:38:e1:f3:8b:58:cd:f0:0c:de:14:74:19:0b:
                    53:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:AB:23:01:52:43:B1:4F:00:61:0A:06:90:65:2B:EF:A1:F0:26:B1
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/nasjAVJDsU8AYQoGkGUr76HwJrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4d:d0:78:d9:14:06:c7:cd:4c:ea:de:12:a0:27:3c:c7:cf:
         88:c8:40:d5:da:73:91:9f:87:76:59:fb:bd:13:98:a3:7f:3c:
         96:a6:ac:d0:bd:61:0f:ac:97:de:f3:e0:31:14:29:3d:6b:f5:
         5a:fb:bf:77:01:ac:a4:20:14:38:4f:da:24:6f:4c:be:b1:61:
         1d:2d:a2:28:aa:3e:2e:73:ae:da:40:ad:26:2f:52:fd:be:56:
         67:5e:ab:37:95:d6:94:cc:3e:5d:58:84:31:22:70:a1:ed:1f:
         a0:b3:ec:2f:be:1f:d8:31:35:da:60:a8:ad:86:1f:65:a9:05:
         65:1e:ad:54:ac:13:44:6b:1f:9d:bb:36:c9:b9:19:2c:29:90:
         04:39:cb:49:0e:22:24:86:26:cf:a3:20:02:96:74:61:dc:bf:
         e1:4c:66:d0:00:99:78:b2:77:8f:b7:94:67:a0:fb:67:a9:de:
         26:e6:67:28:72:44:84:d9:8a:ab:41:d9:c7:73:53:f2:b1:69:
         61:7a:70:06:a5:b4:3e:e4:e5:ad:64:a4:62:aa:6e:41:d9:31:
         f5:b1:74:28:ac:34:ba:5e:2b:37:21:16:38:f7:32:59:56:27:
         fb:24:51:71:0c:5a:b8:53:44:aa:94:9d:98:43:97:44:c3:db:
         de:13:99:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5mChQHtlMwFSd1sK/9QDMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwNTI2MjA0NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGFiMjMwMTUyNDNiMTRmMDA2MTBhMDY5MDY1MmJlZmExZjAyNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4O6OpfLw/qbdS74zOlO/CHVZN1DV
0aNUyj4LQuSltFo4sBj/9yaiHgCa6rgFs47s64tspsVzOcOtPMEsiCIM4RSgiBA0
6qaKGEq4jisvO2mYhujGRMKRh+52gkm7c6nAB/1ca4SjXo8pYZsoGcJkBS7zUAgJ
gUAYbNtsRxhUFQ7J42j9KR2+q96dRke/srsYOVMIdS/VwQCXEgxfNPOARVpkkBIF
YeQRqPLj7pqIiZ0gJTb5mxBYkioWGGvcBEdX2HI0M1cP4dzXdCngyCO2wtKPsUxf
e7c3MGl0MtqsLh3BsDujNk8Wy0b6RjDJuP6D2jjh84tYzfAM3hR0GQtTmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2rIwFSQ7FPAGEKBpBlK++h8CaxMB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvbmFzakFWSkRzVThBWVFvR2tHVXI3Nkh3SnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQAYTdB42RQGx81M6t4SoCc8x8+IyEDV2nORn4d2Wfu9
E5ijfzyWpqzQvWEPrJfe8+AxFCk9a/Va+793AaykIBQ4T9okb0y+sWEdLaIoqj4u
c67aQK0mL1L9vlZnXqs3ldaUzD5dWIQxInCh7R+gs+wvvh/YMTXaYKithh9lqQVl
Hq1UrBNEax+duzbJuRksKZAEOctJDiIkhibPoyAClnRh3L/hTGbQAJl4snePt5Rn
oPtnqd4m5mcockSE2YqrQdnHc1PysWlhenAGpbQ+5OWtZKRiqm5B2TH1sXQorDS6
Xis3IRY49zJZVif7JFFxDFq4U0SqlJ2YQ5dEw9veE5l8
-----END CERTIFICATE-----