Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/9vsi3nCV1gkad2D_R9PGQ4_aUds.roa
File:                     9vsi3nCV1gkad2D_R9PGQ4_aUds.roa (raw, json)
Hash identifier:          WlJCdNUrXcUzq+V2kFSnXZd+7HPYbq2YI6LmfD3u5nQ=
Subject key identifier:   F6:FB:22:DE:70:95:D6:09:1A:77:60:FF:47:D3:C6:43:8F:DA:51:DB
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019DF42576DD2CE5563B04B32A001C97385A
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/9vsi3nCV1gkad2D_R9PGQ4_aUds.roa
Signing time:             Mon 04 May 2026 17:59:49 +0000
ROA not before:           Mon 04 May 2026 17:59:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205196
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:25:76:dd:2c:e5:56:3b:04:b3:2a:00:1c:97:38:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: May  4 17:59:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6fb22de7095d6091a7760ff47d3c6438fda51db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c2:0b:61:b0:e3:a1:56:f6:f8:a2:17:83:95:
                    de:36:50:19:40:2c:ea:4e:73:8d:e8:a3:00:1a:a2:
                    57:69:dd:08:06:91:0d:37:2f:dd:43:9f:36:cd:9d:
                    cd:42:33:a6:0c:c4:05:6a:d3:90:48:b7:39:56:ba:
                    bb:24:fa:ae:8c:ac:c7:d4:ac:7d:90:0d:8f:be:ff:
                    a6:19:66:c9:fc:b9:a6:8e:e7:7c:08:10:74:13:0d:
                    9f:f1:c0:dc:54:a0:c8:e7:cb:c2:02:8e:56:2d:b6:
                    a6:52:d6:61:43:29:25:a9:d3:23:fe:4f:79:03:ac:
                    77:86:77:af:d7:43:0b:f7:b1:6c:1b:f8:fb:bd:68:
                    0a:c0:50:bd:8b:44:0e:6f:12:61:66:bb:45:f0:38:
                    a5:af:80:20:32:5e:c7:3a:f7:0f:37:1c:d4:94:ba:
                    2a:5a:35:c7:a8:b2:dd:99:e8:58:ac:20:6b:d5:f1:
                    bd:b9:0f:3e:3b:d6:38:0e:3e:35:9b:e3:30:68:df:
                    7a:5b:09:bd:b3:e6:6f:e1:78:ca:39:8a:dc:f0:d2:
                    54:bf:a2:3e:2d:bc:86:ee:24:28:73:c3:98:bf:ad:
                    7b:48:da:6b:0c:90:73:dc:10:57:8e:44:7b:da:d8:
                    2c:de:38:57:e9:d6:bb:0b:34:93:6e:59:3d:27:ef:
                    16:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:FB:22:DE:70:95:D6:09:1A:77:60:FF:47:D3:C6:43:8F:DA:51:DB
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/9vsi3nCV1gkad2D_R9PGQ4_aUds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:20:4f:c2:2b:01:8b:eb:70:aa:1e:ee:66:3e:c9:24:b1:47:
         cb:0d:c7:4f:a6:16:8f:c3:c2:d6:72:f1:4c:96:e2:9f:04:fb:
         21:99:80:96:bd:a1:99:54:08:03:0a:e1:d9:9f:ac:ac:3b:26:
         16:eb:42:cc:a0:8a:74:38:75:8d:8d:fb:b9:2e:62:27:f7:13:
         e0:0d:4a:ab:34:ce:50:8f:c7:b8:fb:83:ef:0a:4c:3c:07:57:
         23:29:76:6b:33:a8:d3:bd:83:c0:8c:25:de:8a:36:72:d3:c3:
         68:f9:d2:80:88:e2:19:2f:44:dc:a8:41:34:6d:05:f5:94:02:
         b0:02:43:28:ea:96:f1:e1:d1:9a:8e:2a:7e:1b:05:27:5f:63:
         3b:4d:96:5a:d8:51:1f:3e:1a:94:ad:d2:41:df:32:1d:36:e2:
         ac:33:67:81:a9:8f:19:b1:78:12:12:45:12:f2:59:a7:ad:6a:
         52:27:e7:2e:8a:14:be:a3:dd:f2:f3:0e:c4:cd:92:9f:c3:3a:
         5e:46:59:dc:d7:b9:56:fc:9a:d1:ca:27:bf:ca:d3:d5:cd:b1:
         4a:40:45:19:bb:6f:5b:5c:24:78:00:bc:db:13:c1:fd:ab:c4:
         84:b7:34:5e:d0:47:6e:5e:75:84:f3:09:74:7c:42:97:3d:30:
         5d:e9:73:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30JXbdLOVWOwSzKgAclzhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwNTA0MTc1OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmZiMjJkZTcwOTVkNjA5MWE3NzYwZmY0N2QzYzY0MzhmZGE1MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcILYbDjoVb2+KIXg5XeNlAZQCzq
TnON6KMAGqJXad0IBpENNy/dQ582zZ3NQjOmDMQFatOQSLc5Vrq7JPqujKzH1Kx9
kA2Pvv+mGWbJ/Lmmjud8CBB0Ew2f8cDcVKDI58vCAo5WLbamUtZhQyklqdMj/k95
A6x3hnev10ML97FsG/j7vWgKwFC9i0QObxJhZrtF8Dilr4AgMl7HOvcPNxzUlLoq
WjXHqLLdmehYrCBr1fG9uQ8+O9Y4Dj41m+MwaN96Wwm9s+Zv4XjKOYrc8NJUv6I+
LbyG7iQoc8OYv617SNprDJBz3BBXjkR72tgs3jhX6da7CzSTblk9J+8W9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPb7It5wldYJGndg/0fTxkOP2lHbMB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvOXZzaTNuQ1YxZ2thZDJEX1I5UEdRNF9hVWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQA7IE/CKwGL63CqHu5mPskksUfLDcdPphaPw8LWcvFM
luKfBPshmYCWvaGZVAgDCuHZn6ysOyYW60LMoIp0OHWNjfu5LmIn9xPgDUqrNM5Q
j8e4+4PvCkw8B1cjKXZrM6jTvYPAjCXeijZy08No+dKAiOIZL0TcqEE0bQX1lAKw
AkMo6pbx4dGajip+GwUnX2M7TZZa2FEfPhqUrdJB3zIdNuKsM2eBqY8ZsXgSEkUS
8lmnrWpSJ+cuihS+o93y8w7EzZKfwzpeRlnc17lW/JrRyie/ytPVzbFKQEUZu29b
XCR4ALzbE8H9q8SEtzRe0EduXnWE8wl0fEKXPTBd6XOi
-----END CERTIFICATE-----