Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/LtqN1TUJWjtRsIzTnBaO3Vy0_30.roa
File:                     LtqN1TUJWjtRsIzTnBaO3Vy0_30.roa (raw, json)
Hash identifier:          moOHHaYDxLgiw4w8eIKhJqNfIhQhI68nRIqz1BJcNe8=
Subject key identifier:   2E:DA:8D:D5:35:09:5A:3B:51:B0:8C:D3:9C:16:8E:DD:5C:B4:FF:7D
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019C8BC719645AE3CCD57B8EA2DC94D0FE72
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/LtqN1TUJWjtRsIzTnBaO3Vy0_30.roa
Signing time:             Mon 23 Feb 2026 18:33:26 +0000
ROA not before:           Mon 23 Feb 2026 18:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36680
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:c7:19:64:5a:e3:cc:d5:7b:8e:a2:dc:94:d0:fe:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Feb 23 18:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2eda8dd535095a3b51b08cd39c168edd5cb4ff7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ef:35:1f:88:67:2f:76:15:8b:5e:58:e7:91:
                    aa:8d:7e:df:db:92:89:5d:be:f4:75:fb:54:de:5a:
                    bc:25:99:03:84:2d:b9:f8:12:cc:4c:d3:8c:98:dc:
                    ec:52:80:d8:27:0c:10:c4:a1:5f:c9:f0:2c:c4:6b:
                    9b:f1:95:97:dc:54:0d:97:a4:f9:25:8d:34:0d:d9:
                    e5:b9:dc:bb:db:f7:da:af:c3:ab:10:76:87:75:77:
                    83:dc:6e:a4:94:96:e0:37:50:07:13:f5:43:31:58:
                    0c:c9:39:48:cc:47:43:65:0b:51:e0:5a:17:59:1f:
                    b3:ae:26:22:07:5c:6e:4b:5a:45:ac:13:d3:fe:c0:
                    7f:b3:bd:71:9b:da:43:1e:1a:44:a7:a5:c9:1b:83:
                    76:23:83:d2:90:eb:71:6e:6b:96:23:74:ec:ff:40:
                    ea:9a:57:c3:74:e0:c9:cc:8c:92:83:73:b5:1f:ab:
                    6d:37:f3:89:99:27:f1:69:c8:76:c5:75:89:b1:d6:
                    cd:18:a4:51:3b:4b:32:7d:13:b8:c3:23:2d:af:de:
                    97:04:46:6c:f2:81:4b:e4:22:3b:5c:27:7e:c9:91:
                    b9:a7:50:7c:a3:c9:01:d4:fd:1b:ff:0f:ed:2a:62:
                    2f:52:fc:a4:61:4e:fb:6e:f8:87:d8:e1:1d:46:91:
                    e1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DA:8D:D5:35:09:5A:3B:51:B0:8C:D3:9C:16:8E:DD:5C:B4:FF:7D
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/LtqN1TUJWjtRsIzTnBaO3Vy0_30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:af:10:b1:52:a7:e2:ca:86:ff:dd:9d:0a:41:54:68:65:1d:
         1b:75:2e:5e:b6:1c:5a:c5:14:ac:f4:77:44:10:92:40:67:da:
         41:40:dd:5a:11:e6:a9:74:a5:11:f7:79:b8:af:e1:29:3c:f0:
         24:0d:19:10:b8:c0:d5:95:27:8b:8e:1b:c5:a4:e5:10:24:cd:
         8a:cd:fa:5a:2d:3c:46:43:3c:b6:0d:cf:a0:ce:cc:d2:9a:dc:
         36:4f:3b:c2:75:20:d3:c4:51:93:f3:8a:93:21:8d:38:50:ce:
         13:2b:61:b7:a7:90:a8:88:6a:ca:bf:f8:72:31:e5:27:9a:57:
         84:04:ae:7b:e2:53:bf:2f:ee:98:04:0e:41:8a:f4:5f:8c:c2:
         ca:03:fe:87:87:b5:ce:b5:67:70:9d:5d:ce:e7:72:56:e8:8a:
         75:62:95:33:a3:c8:f4:6e:0c:51:7b:df:c7:7e:7c:60:55:fe:
         6e:c2:ed:18:fc:3d:b3:9d:89:d6:7e:7c:a9:65:b2:1d:97:fb:
         0e:5d:ab:85:15:4e:74:26:47:0f:29:b5:36:38:a7:2c:fb:d2:
         14:12:e3:a0:67:6f:24:25:48:b9:fc:db:94:1a:10:0e:df:11:
         f5:f0:33:a5:51:c8:f3:cf:2e:9b:20:0c:52:19:ef:f6:4b:d0:
         f1:00:c0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyLxxlkWuPM1XuOotyU0P5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwMjIzMTgzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRhOGRkNTM1MDk1YTNiNTFiMDhjZDM5YzE2OGVkZDVjYjRmZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4e81H4hnL3YVi15Y55GqjX7f25KJ
Xb70dftU3lq8JZkDhC25+BLMTNOMmNzsUoDYJwwQxKFfyfAsxGub8ZWX3FQNl6T5
JY00Ddnludy72/far8OrEHaHdXeD3G6klJbgN1AHE/VDMVgMyTlIzEdDZQtR4FoX
WR+zriYiB1xuS1pFrBPT/sB/s71xm9pDHhpEp6XJG4N2I4PSkOtxbmuWI3Ts/0Dq
mlfDdODJzIySg3O1H6ttN/OJmSfxach2xXWJsdbNGKRRO0syfRO4wyMtr96XBEZs
8oFL5CI7XCd+yZG5p1B8o8kB1P0b/w/tKmIvUvykYU77bviH2OEdRpHh5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7ajdU1CVo7UbCM05wWjt1ctP99MB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEvTHRxTjFUVUpXanRSc0l6VG5CYU8zVnkwXzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQBZrxCxUqfiyob/3Z0KQVRoZR0bdS5ethxaxRSs9HdE
EJJAZ9pBQN1aEeapdKUR93m4r+EpPPAkDRkQuMDVlSeLjhvFpOUQJM2KzfpaLTxG
Qzy2Dc+gzszSmtw2TzvCdSDTxFGT84qTIY04UM4TK2G3p5CoiGrKv/hyMeUnmleE
BK574lO/L+6YBA5BivRfjMLKA/6Hh7XOtWdwnV3O53JW6Ip1YpUzo8j0bgxRe9/H
fnxgVf5uwu0Y/D2znYnWfnypZbIdl/sOXauFFU50JkcPKbU2OKcs+9IUEuOgZ28k
JUi5/NuUGhAO3xH18DOlUcjzzy6bIAxSGe/2S9DxAMDj
-----END CERTIFICATE-----