Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/B27nWL7f9vpF233InTtbaWdT1gY.roa
File:                     B27nWL7f9vpF233InTtbaWdT1gY.roa (raw, json)
Hash identifier:          K0asGHISIlJb0z9vg2XL1HxPcsZDl9Isvqzrusz0DAM=
Subject key identifier:   07:6E:E7:58:BE:DF:F6:FA:45:DB:7D:C8:9D:3B:5B:69:67:53:D6:06
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       019EBBDACA0EADD1DDE207893D1E9EF7E3E6
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/B27nWL7f9vpF233InTtbaWdT1gY.roa
Signing time:             Fri 12 Jun 2026 12:42:18 +0000
ROA not before:           Fri 12 Jun 2026 12:42:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206754
IP address blocks:        176.117.108.0/24 maxlen: 24
                          2a0a:4a40::/29 maxlen: 29
                          2a14:5340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:da:ca:0e:ad:d1:dd:e2:07:89:3d:1e:9e:f7:e3:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Jun 12 12:42:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=076ee758bedff6fa45db7dc89d3b5b696753d606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4a:ec:44:d3:b7:a3:31:99:fe:d2:bb:8c:48:
                    2d:f3:e2:ed:5f:c5:15:2e:c5:f4:d8:b6:39:62:12:
                    e0:21:ef:8f:e0:e1:a2:e4:fb:67:26:9e:fe:92:0e:
                    0c:90:08:3a:b4:d8:73:20:ec:fe:a3:d6:45:59:cc:
                    f9:4c:d1:1d:ac:a3:b7:a6:cf:cb:1b:ca:31:1e:27:
                    96:37:06:ef:c9:31:eb:ef:e2:50:09:e2:83:ff:ce:
                    06:ab:4e:61:31:b0:e5:f1:80:9b:2a:e1:e2:71:2f:
                    01:84:60:11:fb:92:52:c8:e2:07:91:7c:32:6f:5d:
                    21:72:7a:38:f8:f1:7c:85:9b:db:5f:f4:20:4b:b8:
                    e0:73:6a:6c:5b:c9:3a:89:e0:a9:7a:44:e8:1f:46:
                    0c:2f:69:04:b3:12:a8:3b:8c:45:a4:22:41:e6:be:
                    dd:a6:96:87:2f:e5:0b:e0:b6:30:7b:51:b9:ff:30:
                    17:04:c4:31:60:f7:1f:89:b4:56:0b:e8:b5:92:80:
                    45:fa:b4:67:3b:99:86:f1:c2:a9:d0:b3:55:b0:c1:
                    d9:9a:29:74:97:50:76:35:dc:ff:52:e7:46:7f:ee:
                    5b:8c:ae:76:3d:e2:0b:92:f9:81:85:64:24:27:87:
                    bd:71:c0:f9:79:71:c3:a3:b5:6a:48:7b:22:88:8a:
                    30:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:6E:E7:58:BE:DF:F6:FA:45:DB:7D:C8:9D:3B:5B:69:67:53:D6:06
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/B27nWL7f9vpF233InTtbaWdT1gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.108.0/24
                IPv6:
                  2a0a:4a40::/29
                  2a14:5340::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:cb:b5:9f:c6:d5:00:b1:db:28:37:0c:9d:b7:72:77:97:50:
         f4:cf:08:47:f4:bf:93:52:22:a0:c2:cf:f1:da:c7:f5:d8:41:
         9d:3f:bd:ac:67:31:44:3c:ad:1d:00:ba:10:68:2a:49:55:ea:
         0b:3d:32:ff:75:54:ed:da:b3:19:fc:14:92:2b:cf:6c:36:e7:
         c0:b6:92:e6:fe:56:ae:99:cc:1d:e0:28:2f:95:9d:2f:0f:fc:
         f3:5c:5d:d0:8e:ef:e8:4c:81:a3:c8:1f:c7:9b:a5:6e:6e:00:
         c2:7b:00:66:23:36:1f:1d:d0:70:94:74:3f:ca:de:8c:68:52:
         d3:18:f6:ad:73:1a:28:0c:20:78:c4:04:3b:5f:a0:a2:04:64:
         2e:ba:b3:fc:a5:44:02:f9:4f:a0:27:27:4b:7c:51:bd:eb:ce:
         d5:59:72:23:2f:f5:85:28:19:5c:db:c9:d8:7c:92:24:fa:71:
         54:91:84:75:f0:9a:de:02:42:70:a8:b8:48:33:1b:a1:3c:e4:
         83:b7:33:d8:e8:53:d1:fc:d4:28:28:a6:e1:70:59:8e:99:56:
         9e:bb:12:06:18:29:e8:4f:be:7b:23:a2:94:c7:21:be:c4:d2:
         f5:22:7a:60:c4:2b:9b:ac:12:cb:98:4c:4d:d5:8b:f7:75:f2:
         b4:68:40:3b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZ672soOrdHd4geJPR6e9+PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjYwNjEyMTI0MjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzZlZTc1OGJlZGZmNmZhNDVkYjdkYzg5ZDNiNWI2OTY3NTNkNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0rsRNO3ozGZ/tK7jEgt8+LtX8UV
LsX02LY5YhLgIe+P4OGi5PtnJp7+kg4MkAg6tNhzIOz+o9ZFWcz5TNEdrKO3ps/L
G8oxHieWNwbvyTHr7+JQCeKD/84Gq05hMbDl8YCbKuHicS8BhGAR+5JSyOIHkXwy
b10hcno4+PF8hZvbX/QgS7jgc2psW8k6ieCpekToH0YML2kEsxKoO4xFpCJB5r7d
ppaHL+UL4LYwe1G5/zAXBMQxYPcfibRWC+i1koBF+rRnO5mG8cKp0LNVsMHZmil0
l1B2Ndz/UudGf+5bjK52PeILkvmBhWQkJ4e9ccD5eXHDo7VqSHsiiIowmQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFAdu51i+3/b6Rdt9yJ07W2lnU9YGMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvQjI3bldMN2Y5dnBGMjMzSW5UdGJhV2RUMWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAsHVsMBQE
AgACMA4DBQMqCkpAAwUDKhRTQDANBgkqhkiG9w0BAQsFAAOCAQEAF8u1n8bVALHb
KDcMnbdyd5dQ9M8IR/S/k1IioMLP8drH9dhBnT+9rGcxRDytHQC6EGgqSVXqCz0y
/3VU7dqzGfwUkivPbDbnwLaS5v5WrpnMHeAoL5WdLw/881xd0I7v6EyBo8gfx5ul
bm4AwnsAZiM2Hx3QcJR0P8rejGhS0xj2rXMaKAwgeMQEO1+gogRkLrqz/KVEAvlP
oCcnS3xRvevO1VlyIy/1hSgZXNvJ2HySJPpxVJGEdfCa3gJCcKi4SDMboTzkg7cz
2OhT0fzUKCim4XBZjplWnrsSBhgp6E++eyOilMchvsTS9SJ6YMQrm6wSy5hMTdWL
93XytGhAOw==
-----END CERTIFICATE-----