Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/kF7yRNemd2RBpVB4tNvg1ox66M0.roa
File:                     kF7yRNemd2RBpVB4tNvg1ox66M0.roa (raw, json)
Hash identifier:          k/T/DHJ19w01mKBdPh3Uc+ipYtTrwox3NQlt6Vnn8WA=
Subject key identifier:   90:5E:F2:44:D7:A6:77:64:41:A5:50:78:B4:DB:E0:D6:8C:7A:E8:CD
Certificate issuer:       /CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
Certificate serial:       019D588F177439E1939413A7530F3CE6CC67
Authority key identifier: CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/kF7yRNemd2RBpVB4tNvg1ox66M0.roa
Signing time:             Sat 04 Apr 2026 12:54:25 +0000
ROA not before:           Sat 04 Apr 2026 12:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200436
IP address blocks:        176.117.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:58:8f:17:74:39:e1:93:94:13:a7:53:0f:3c:e6:cc:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca61478e4d659bece8203c5e8ba8e8f82f0470d7
        Validity
            Not Before: Apr  4 12:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=905ef244d7a6776441a55078b4dbe0d68c7ae8cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:84:78:6f:b2:9e:fe:73:36:99:6b:70:38:db:
                    c9:08:2f:5e:6a:fa:05:e6:cb:55:74:c9:c6:05:f7:
                    08:b8:7a:af:d7:7c:83:f3:19:89:3d:bb:e6:50:44:
                    19:16:b7:3c:13:4f:d4:32:32:86:b3:23:f1:b6:c7:
                    95:69:4f:32:43:29:ee:5f:c7:e7:f2:6a:ca:62:a6:
                    c8:33:2a:0b:c1:6b:4b:bd:d4:f0:ac:8c:9b:a8:ec:
                    b7:5d:70:cf:0e:8a:d5:e1:e2:32:17:4b:94:78:3f:
                    70:1c:cf:2f:43:d2:e4:e5:3d:2f:68:ae:70:3a:5e:
                    1d:62:b0:48:e6:92:8e:b6:f5:15:13:5c:d4:72:9b:
                    92:f5:65:ae:a9:2d:92:ed:a0:47:7b:26:28:3b:f5:
                    2d:51:21:0d:25:db:1b:cb:73:47:99:d9:3e:8d:6d:
                    ef:eb:a5:36:b0:50:5c:3c:2c:89:eb:24:96:f6:58:
                    f5:ac:06:70:2b:81:ae:c5:f1:70:18:8a:60:87:9c:
                    31:53:ce:41:9b:b5:97:df:08:8f:ed:7c:b0:6d:c6:
                    53:f1:d2:b8:1a:ec:8f:c9:c8:8b:da:fe:34:2e:72:
                    64:38:ef:f6:3d:63:93:2d:dc:2d:04:41:f0:bc:d8:
                    db:df:3e:5d:d1:97:09:00:80:11:e0:8c:cc:59:3b:
                    3d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5E:F2:44:D7:A6:77:64:41:A5:50:78:B4:DB:E0:D6:8C:7A:E8:CD
            X509v3 Authority Key Identifier:
                keyid:CA:61:47:8E:4D:65:9B:EC:E8:20:3C:5E:8B:A8:E8:F8:2F:04:70:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymFHjk1lm-zoIDxei6jo-C8EcNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/kF7yRNemd2RBpVB4tNvg1ox66M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/279b66-38f1-41a5-90e2-946da5f5efbb/1/ymFHjk1lm-zoIDxei6jo-C8EcNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:94:3e:11:35:fd:76:12:6b:00:31:6a:d1:34:5e:df:df:19:
         13:6c:ad:1f:45:f6:a9:58:48:36:a0:f5:b3:1e:80:54:8c:44:
         3c:04:a7:26:93:84:86:aa:62:57:52:c3:90:c4:60:99:3e:0d:
         7c:88:83:72:ec:76:79:4d:54:c7:9b:12:a9:c0:e3:d3:03:52:
         e6:24:a9:ac:e6:f9:5d:17:37:bb:23:29:ce:02:b3:9a:de:48:
         25:99:aa:5b:29:62:a7:64:82:7d:f2:ac:81:1c:a6:5f:3a:2e:
         2f:0d:2a:f7:dc:cf:da:07:4e:cf:57:be:05:24:9e:ce:73:1e:
         f5:a9:ea:df:64:34:9d:51:6b:c6:ca:d1:d3:bd:ee:83:8b:58:
         2a:0f:07:92:db:0a:4e:10:6b:cc:a1:0d:89:85:de:55:88:6a:
         88:9c:29:5e:b7:b9:70:3c:94:b2:63:79:9f:9a:1d:04:45:fe:
         48:95:cd:15:0a:01:88:4d:fd:cb:8f:80:61:45:91:6e:1c:9b:
         7c:c6:01:5d:c2:ae:b1:8d:e7:9c:9e:02:cc:f2:4b:32:4a:8f:
         d5:c0:f6:03:54:53:37:5c:f0:45:76:0c:86:21:d9:ca:56:90:
         ac:5a:2d:9f:55:8c:59:69:71:0e:fc:c9:bf:70:f6:47:11:33:
         b1:c4:62:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Yjxd0OeGTlBOnUw885sxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjE0NzhlNGQ2NTliZWNlODIwM2M1ZThiYThlOGY4MmYw
NDcwZDcwHhcNMjYwNDA0MTI1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVlZjI0NGQ3YTY3NzY0NDFhNTUwNzhiNGRiZTBkNjhjN2FlOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84R4b7Ke/nM2mWtwONvJCC9eavoF
5stVdMnGBfcIuHqv13yD8xmJPbvmUEQZFrc8E0/UMjKGsyPxtseVaU8yQynuX8fn
8mrKYqbIMyoLwWtLvdTwrIybqOy3XXDPDorV4eIyF0uUeD9wHM8vQ9Lk5T0vaK5w
Ol4dYrBI5pKOtvUVE1zUcpuS9WWuqS2S7aBHeyYoO/UtUSENJdsby3NHmdk+jW3v
66U2sFBcPCyJ6ySW9lj1rAZwK4GuxfFwGIpgh5wxU85Bm7WX3wiP7XywbcZT8dK4
GuyPyciL2v40LnJkOO/2PWOTLdwtBEHwvNjb3z5d0ZcJAIAR4IzMWTs9awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBe8kTXpndkQaVQeLTb4NaMeujNMB8GA1UdIwQY
MBaAFMphR45NZZvs6CA8Xouo6PgvBHDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTIt
OTQ2ZGE1ZjVlZmJiLzEva0Y3eVJOZW1kMlJCcFZCNHROdmcxb3g2Nk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNzliNjYtMzhmMS00MWE1LTkwZTItOTQ2ZGE1ZjVlZmJi
LzEveW1GSGprMWxtLXpvSUR4ZWk2am8tQzhFY05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVrMA0G
CSqGSIb3DQEBCwUAA4IBAQAzlD4RNf12EmsAMWrRNF7f3xkTbK0fRfapWEg2oPWz
HoBUjEQ8BKcmk4SGqmJXUsOQxGCZPg18iINy7HZ5TVTHmxKpwOPTA1LmJKms5vld
Fze7IynOArOa3kglmapbKWKnZIJ98qyBHKZfOi4vDSr33M/aB07PV74FJJ7Ocx71
qerfZDSdUWvGytHTve6Di1gqDweS2wpOEGvMoQ2Jhd5ViGqInClet7lwPJSyY3mf
mh0ERf5Ilc0VCgGITf3Lj4BhRZFuHJt8xgFdwq6xjeecngLM8ksySo/VwPYDVFM3
XPBFdgyGIdnKVpCsWi2fVYxZaXEO/Mm/cPZHETOxxGLA
-----END CERTIFICATE-----