Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B3t-6X6XU0JVYKwJz8seK0blFAc.roa
File:                     B3t-6X6XU0JVYKwJz8seK0blFAc.roa (raw, json)
Hash identifier:          r6RYxxeS+Jl0RixNwhF6QQwsP+EbRbqYEz66zRwCeR4=
Subject key identifier:   07:7B:7E:E9:7E:97:53:42:55:60:AC:09:CF:CB:1E:2B:46:E5:14:07
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019D6925398DC02FBC7D8175F2EE42A9E8B2
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B3t-6X6XU0JVYKwJz8seK0blFAc.roa
Signing time:             Tue 07 Apr 2026 18:12:20 +0000
ROA not before:           Tue 07 Apr 2026 18:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60542
IP address blocks:        85.208.107.0/24 maxlen: 24
                          193.168.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:25:39:8d:c0:2f:bc:7d:81:75:f2:ee:42:a9:e8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr  7 18:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=077b7ee97e9753425560ac09cfcb1e2b46e51407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b9:2b:c0:b4:74:22:6f:d7:18:45:b9:60:9b:
                    28:41:9d:d6:d4:6f:b4:2b:2d:a6:c1:69:b0:c1:99:
                    86:d5:03:2e:6a:28:a7:ce:6a:cd:c6:12:e6:00:35:
                    cd:e5:b7:79:24:8b:4d:99:bc:ca:1f:90:64:75:5b:
                    cb:86:b5:35:5e:98:be:69:ec:58:54:a9:87:4d:2b:
                    0b:53:84:47:00:52:ce:a4:42:bb:eb:bd:45:3a:8d:
                    cf:26:f4:ba:62:25:fc:89:a9:af:ac:70:22:c0:16:
                    cb:21:6f:b9:f7:18:19:c0:4d:ef:70:93:f8:67:52:
                    e2:88:3f:08:f3:d5:98:d6:d3:be:73:4a:f4:d9:af:
                    16:95:74:6e:66:2c:24:54:7c:85:56:d2:85:0f:a8:
                    c4:c6:9a:8b:cf:51:39:8e:f8:75:46:27:92:f1:2b:
                    f3:a1:64:83:54:e5:77:ec:65:fa:96:89:75:a0:db:
                    45:35:98:82:fd:76:63:0e:eb:71:3e:a7:d5:9f:ba:
                    38:1c:66:6e:b5:25:40:eb:43:fe:0f:de:b0:77:61:
                    d2:70:fc:54:27:a6:2b:04:3c:f2:a5:f4:19:ae:fa:
                    c1:84:82:6e:75:91:5f:ec:8a:e9:91:1b:f1:b1:7e:
                    b9:2f:6a:e4:f1:46:f2:97:a2:53:c0:d7:93:bb:47:
                    60:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:7B:7E:E9:7E:97:53:42:55:60:AC:09:CF:CB:1E:2B:46:E5:14:07
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/B3t-6X6XU0JVYKwJz8seK0blFAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.107.0/24
                  193.168.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:19:73:9b:26:5b:0a:fc:70:8b:96:39:82:8b:71:83:bb:ad:
         6c:d1:2e:d1:45:4e:32:38:27:49:c5:22:ed:60:96:75:f3:72:
         62:7a:df:cb:3d:75:d9:8c:8d:23:e6:69:b7:8d:2f:1c:32:21:
         14:49:d9:7f:79:38:a7:d3:26:7e:46:da:32:8b:07:21:b7:cb:
         d8:42:05:d7:7b:37:c7:5e:37:f6:a6:68:7d:00:f3:73:6b:98:
         3c:ee:a2:69:32:2f:68:0c:fc:35:85:ed:3c:7a:78:7f:1a:cd:
         91:83:0c:0a:53:b2:e7:d8:7b:b6:d7:3f:7a:bf:98:cd:d7:b3:
         77:7e:59:3d:3d:7b:b5:fc:98:44:ef:ae:78:d4:84:5e:15:30:
         a0:85:9c:ae:4b:ac:ac:41:6e:bb:ad:6d:c0:57:e0:65:5f:15:
         9d:7d:14:d5:3c:8a:33:6b:9b:37:4e:8a:3d:d3:c5:6c:cd:30:
         b7:bc:2e:78:44:40:1f:98:2b:32:b2:18:8c:45:ad:4f:f4:b8:
         9a:b7:9c:1a:8f:43:35:da:79:30:d8:22:47:11:5c:bc:05:1b:
         4a:86:c1:85:25:52:38:b3:56:9c:5d:d3:c1:95:24:fe:dc:50:
         23:ea:9f:7f:ca:f1:0d:0c:ac:75:9b:dd:e9:a2:95:bb:7e:d5:
         d3:05:85:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1pJTmNwC+8fYF18u5CqeiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDA3MTgxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzdiN2VlOTdlOTc1MzQyNTU2MGFjMDljZmNiMWUyYjQ2ZTUxNDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbkrwLR0Im/XGEW5YJsoQZ3W1G+0
Ky2mwWmwwZmG1QMuaiinzmrNxhLmADXN5bd5JItNmbzKH5BkdVvLhrU1Xpi+aexY
VKmHTSsLU4RHAFLOpEK7671FOo3PJvS6YiX8iamvrHAiwBbLIW+59xgZwE3vcJP4
Z1LiiD8I89WY1tO+c0r02a8WlXRuZiwkVHyFVtKFD6jExpqLz1E5jvh1RieS8Svz
oWSDVOV37GX6lol1oNtFNZiC/XZjDutxPqfVn7o4HGZutSVA60P+D96wd2HScPxU
J6YrBDzypfQZrvrBhIJudZFf7IrpkRvxsX65L2rk8Ubyl6JTwNeTu0dgVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAd7ful+l1NCVWCsCc/LHitG5RQHMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQjN0LTZYNlhVMEpWWUt3Sno4c2VLMGJsRkFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVdBrAwQA
wajRMA0GCSqGSIb3DQEBCwUAA4IBAQBdGXObJlsK/HCLljmCi3GDu61s0S7RRU4y
OCdJxSLtYJZ183Jiet/LPXXZjI0j5mm3jS8cMiEUSdl/eTin0yZ+Rtoyiwcht8vY
QgXXezfHXjf2pmh9APNza5g87qJpMi9oDPw1he08enh/Gs2RgwwKU7Ln2Hu21z96
v5jN17N3flk9PXu1/JhE76541IReFTCghZyuS6ysQW67rW3AV+BlXxWdfRTVPIoz
a5s3Too908VszTC3vC54REAfmCsyshiMRa1P9Liat5waj0M12nkw2CJHEVy8BRtK
hsGFJVI4s1acXdPBlST+3FAj6p9/yvENDKx1m93popW7ftXTBYX4
-----END CERTIFICATE-----