Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/cylBs9hX244JxIJss9IZO8Y5ahU.roa
File:                     cylBs9hX244JxIJss9IZO8Y5ahU.roa (raw, json)
Hash identifier:          N8vVmGhTlsHVeElGNqxjMZrSlTMo0IzOn9T5z0PxRmA=
Subject key identifier:   73:29:41:B3:D8:57:DB:8E:09:C4:82:6C:B3:D2:19:3B:C6:39:6A:15
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01984BCDF3931C8D420BD22C7D26A1DB7E46
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/cylBs9hX244JxIJss9IZO8Y5ahU.roa
Signing time:             Sun 27 Jul 2025 12:14:05 +0000
ROA not before:           Sun 27 Jul 2025 12:14:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44714
IP address blocks:        78.135.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:cd:f3:93:1c:8d:42:0b:d2:2c:7d:26:a1:db:7e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jul 27 12:14:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=732941b3d857db8e09c4826cb3d2193bc6396a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d9:57:3f:b8:7f:1d:9c:7c:cf:ff:96:80:7f:
                    70:8a:97:9e:82:ab:ce:2f:bd:02:49:1c:21:50:57:
                    38:a4:69:b5:b1:ea:d8:c6:a4:3d:d9:f3:ed:6e:e5:
                    b7:c9:e2:57:7e:96:f5:ec:83:b6:32:32:4b:c7:17:
                    e1:60:b4:be:6a:89:cb:75:24:76:3e:55:6f:07:50:
                    31:e0:01:e0:67:e8:b5:b6:05:81:78:28:0e:e9:f9:
                    17:58:2e:00:09:fe:45:01:82:33:ed:ff:bd:d1:56:
                    01:9e:19:f9:cc:25:c8:55:ac:da:d1:dc:07:b4:d8:
                    35:12:d0:ae:cc:f0:6a:bc:a8:75:95:36:4e:10:0c:
                    80:fc:ca:c2:89:b4:5f:17:e6:08:20:66:c8:32:20:
                    22:0a:de:24:28:8b:4b:25:7a:9f:80:5b:2d:73:ff:
                    11:86:47:2b:d4:9f:4d:e3:4f:43:33:aa:3e:dd:d3:
                    2b:f3:e2:68:c5:fa:f1:9b:83:1a:5d:2d:d3:96:09:
                    1b:f2:79:4f:4e:ba:27:b7:e8:32:c6:3f:bb:53:0e:
                    ae:2a:8d:32:40:c0:92:3a:e8:72:ff:9c:b3:cb:03:
                    f2:f7:33:70:4c:78:da:20:7b:12:9c:c8:6c:c5:87:
                    39:a3:99:34:46:d5:f7:08:48:fd:9c:0a:1d:b3:89:
                    dd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:29:41:B3:D8:57:DB:8E:09:C4:82:6C:B3:D2:19:3B:C6:39:6A:15
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/cylBs9hX244JxIJss9IZO8Y5ahU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:95:91:bc:c7:db:d0:2b:e6:ed:18:cf:1d:47:14:cd:b9:c9:
         ea:af:18:3f:fb:1f:59:d1:82:7b:bb:3d:e3:ed:06:39:1a:da:
         55:53:7a:e6:74:36:51:22:51:36:d3:e4:87:7f:7c:78:cc:c5:
         7d:f8:65:61:9f:56:a8:fa:57:79:36:94:fe:80:f4:ed:47:57:
         8d:3f:94:1b:8c:70:30:6d:5a:1d:6c:c8:7e:bd:28:8d:13:f4:
         b5:f3:95:51:0e:64:22:36:d0:ef:76:77:b6:16:69:de:7c:c9:
         19:b4:d3:68:00:e7:c4:c1:2d:c7:e2:58:2a:a3:45:39:14:76:
         f6:9f:65:45:7c:6e:c3:45:f0:54:2c:2d:bd:44:15:08:23:28:
         57:fc:16:6f:4c:ba:2e:f0:9a:93:4f:9b:80:14:d7:38:52:a3:
         e2:41:09:ba:40:2d:25:50:97:49:7c:26:6c:00:2b:74:9d:7e:
         5a:71:2a:13:9a:f2:25:17:2e:85:c6:ab:aa:ea:36:db:93:cc:
         af:7b:af:f6:62:69:d8:08:c4:12:bf:eb:0e:22:92:c8:9c:00:
         e7:28:c5:e0:a0:8f:84:24:43:d2:25:40:de:57:c7:29:d9:d8:
         b4:e0:3b:db:13:11:22:83:aa:7f:61:a3:37:19:32:36:85:ba:
         50:d1:9c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhLzfOTHI1CC9IsfSah235GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwNzI3MTIxNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzI5NDFiM2Q4NTdkYjhlMDljNDgyNmNiM2QyMTkzYmM2Mzk2YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9lXP7h/HZx8z/+WgH9wipeegqvO
L70CSRwhUFc4pGm1serYxqQ92fPtbuW3yeJXfpb17IO2MjJLxxfhYLS+aonLdSR2
PlVvB1Ax4AHgZ+i1tgWBeCgO6fkXWC4ACf5FAYIz7f+90VYBnhn5zCXIVaza0dwH
tNg1EtCuzPBqvKh1lTZOEAyA/MrCibRfF+YIIGbIMiAiCt4kKItLJXqfgFstc/8R
hkcr1J9N409DM6o+3dMr8+Joxfrxm4MaXS3Tlgkb8nlPTront+gyxj+7Uw6uKo0y
QMCSOuhy/5yzywPy9zNwTHjaIHsSnMhsxYc5o5k0RtX3CEj9nAods4ndbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMpQbPYV9uOCcSCbLPSGTvGOWoVMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvY3lsQnM5aFgyNDRKeElKc3M5SVpPOFk1YWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodRMA0G
CSqGSIb3DQEBCwUAA4IBAQAVlZG8x9vQK+btGM8dRxTNucnqrxg/+x9Z0YJ7uz3j
7QY5GtpVU3rmdDZRIlE20+SHf3x4zMV9+GVhn1ao+ld5NpT+gPTtR1eNP5QbjHAw
bVodbMh+vSiNE/S185VRDmQiNtDvdne2FmnefMkZtNNoAOfEwS3H4lgqo0U5FHb2
n2VFfG7DRfBULC29RBUIIyhX/BZvTLou8JqTT5uAFNc4UqPiQQm6QC0lUJdJfCZs
ACt0nX5acSoTmvIlFy6Fxquq6jbbk8yve6/2YmnYCMQSv+sOIpLInADnKMXgoI+E
JEPSJUDeV8cp2di04DvbExEig6p/YaM3GTI2hbpQ0ZxC
-----END CERTIFICATE-----