Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/Bm-yeKhkQAEjp4VlYTX3m2LhnLo.roa
File:                     Bm-yeKhkQAEjp4VlYTX3m2LhnLo.roa (raw, json)
Hash identifier:          TwqouuCQy7PK4D3jmO1+H6jT8wpU0AIGnYWid1a3dN4=
Subject key identifier:   06:6F:B2:78:A8:64:40:01:23:A7:85:65:61:35:F7:9B:62:E1:9C:BA
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019CF2E0E07932C0E8F419D652F5AA4F9603
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/Bm-yeKhkQAEjp4VlYTX3m2LhnLo.roa
Signing time:             Sun 15 Mar 2026 19:02:29 +0000
ROA not before:           Sun 15 Mar 2026 19:02:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f2:e0:e0:79:32:c0:e8:f4:19:d6:52:f5:aa:4f:96:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Mar 15 19:02:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=066fb278a864400123a785656135f79b62e19cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:6f:57:e0:a7:98:26:12:27:e3:9f:be:2e:e9:
                    e3:3f:9b:92:c8:20:9d:d4:ed:6c:9f:96:25:47:91:
                    48:2f:9e:b9:42:d9:91:50:e2:a0:54:54:f5:46:c3:
                    d2:14:b9:38:e6:9d:86:ee:16:6e:e1:76:04:c4:9f:
                    4b:8c:8d:82:5d:74:68:15:fe:18:1f:1f:c4:a9:b5:
                    65:df:ea:f7:e3:36:08:38:3b:97:62:02:5a:c1:c2:
                    94:66:6b:23:6e:df:02:40:38:a7:da:9c:65:ef:39:
                    f6:15:e8:60:44:dc:54:c4:81:18:6e:41:18:7b:1e:
                    30:cd:af:13:4c:1f:02:65:65:61:76:89:81:be:fb:
                    3f:98:76:e0:ec:4b:73:b5:cc:e6:19:2e:24:a6:00:
                    91:2c:44:d9:94:31:60:45:4c:1d:b8:b3:28:0a:6f:
                    af:3d:bf:1d:82:81:8e:db:c0:92:85:e5:4a:d2:8b:
                    71:e4:08:91:58:69:2d:aa:57:1a:2a:36:a8:9f:50:
                    1c:da:71:e1:e0:90:c0:ab:15:ea:c2:cf:38:47:ef:
                    a5:fc:5d:0e:6c:2a:13:d0:f8:65:95:3b:29:73:53:
                    a8:26:59:a6:35:a7:6f:e3:b3:9a:fe:76:e5:04:3c:
                    49:e7:d7:5a:ef:93:b1:ae:47:97:be:4b:c3:02:bd:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6F:B2:78:A8:64:40:01:23:A7:85:65:61:35:F7:9B:62:E1:9C:BA
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/Bm-yeKhkQAEjp4VlYTX3m2LhnLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e8:9f:6e:36:7a:b5:bc:04:3b:c6:5b:59:27:9e:fa:44:06:
         29:45:48:17:19:7a:02:53:1e:9a:0d:d9:2f:78:9d:4a:f5:25:
         3e:df:1d:6e:e9:c2:9b:a6:ba:fe:94:68:05:54:d2:84:6c:37:
         25:ee:01:13:03:bd:92:c7:85:c1:96:92:76:41:d0:f9:3c:3e:
         7d:58:c8:81:89:93:b5:9f:c0:72:7c:61:d8:88:46:ed:c9:05:
         96:91:e9:9f:63:94:56:f9:dc:05:46:03:da:9a:9e:cd:53:07:
         b4:12:9c:d6:ed:85:0c:ac:75:be:f3:9d:64:77:52:f1:9f:d9:
         64:1d:20:67:73:20:a8:08:d7:77:de:fc:7a:c3:8a:1d:c0:66:
         30:6a:6d:73:db:86:d0:8a:b4:42:22:bd:e0:72:af:4a:bf:6b:
         38:fc:6c:db:04:c7:64:49:66:72:25:ed:77:6a:b8:4c:24:51:
         94:5a:fe:54:a1:c2:6e:00:82:88:eb:99:34:7a:55:d7:5b:b8:
         15:4a:59:23:ab:f8:bd:d2:90:87:55:1c:c7:7f:55:04:4f:ac:
         47:3e:83:df:77:d3:1d:17:72:4f:6c:12:c8:49:90:09:ae:90:
         35:87:21:9e:c9:a2:1a:8c:a4:cd:ae:84:9a:1a:2e:f5:e7:6c:
         5b:07:f4:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzy4OB5MsDo9BnWUvWqT5YDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwMzE1MTkwMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZmYjI3OGE4NjQ0MDAxMjNhNzg1NjU2MTM1Zjc5YjYyZTE5Y2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA529X4KeYJhIn45++LunjP5uSyCCd
1O1sn5YlR5FIL565QtmRUOKgVFT1RsPSFLk45p2G7hZu4XYExJ9LjI2CXXRoFf4Y
Hx/EqbVl3+r34zYIODuXYgJawcKUZmsjbt8CQDin2pxl7zn2FehgRNxUxIEYbkEY
ex4wza8TTB8CZWVhdomBvvs/mHbg7EtztczmGS4kpgCRLETZlDFgRUwduLMoCm+v
Pb8dgoGO28CSheVK0otx5AiRWGktqlcaKjaon1Ac2nHh4JDAqxXqws84R++l/F0O
bCoT0PhllTspc1OoJlmmNadv47Oa/nblBDxJ59da75OxrkeXvkvDAr1NYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZvsnioZEABI6eFZWE195ti4Zy6MB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvQm0teWVLaGtRQUVqcDRWbFlUWDNtMkxobkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQBv6J9uNnq1vAQ7xltZJ576RAYpRUgXGXoCUx6aDdkv
eJ1K9SU+3x1u6cKbprr+lGgFVNKEbDcl7gETA72Sx4XBlpJ2QdD5PD59WMiBiZO1
n8ByfGHYiEbtyQWWkemfY5RW+dwFRgPamp7NUwe0EpzW7YUMrHW+851kd1Lxn9lk
HSBncyCoCNd33vx6w4odwGYwam1z24bQirRCIr3gcq9Kv2s4/GzbBMdkSWZyJe13
arhMJFGUWv5UocJuAIKI65k0elXXW7gVSlkjq/i90pCHVRzHf1UET6xHPoPfd9Md
F3JPbBLISZAJrpA1hyGeyaIajKTNroSaGi7152xbB/SR
-----END CERTIFICATE-----