Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/3DdGyZ0sJgCFJ_ULmwJJ2lo2rx0.roa
File:                     3DdGyZ0sJgCFJ_ULmwJJ2lo2rx0.roa (raw, json)
Hash identifier:          5TUTGezCbgzJ7wN19EdaLXS+J99Zo28HoH4eIqxrvxk=
Subject key identifier:   DC:37:46:C9:9D:2C:26:00:85:27:F5:0B:9B:02:49:DA:5A:36:AF:1D
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       01980872F72407C84624EAB30095B94E0AF0
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/3DdGyZ0sJgCFJ_ULmwJJ2lo2rx0.roa
Signing time:             Mon 14 Jul 2025 10:20:08 +0000
ROA not before:           Mon 14 Jul 2025 10:20:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        78.108.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:72:f7:24:07:c8:46:24:ea:b3:00:95:b9:4e:0a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jul 14 10:20:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc3746c99d2c26008527f50b9b0249da5a36af1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ac:61:74:e3:07:5a:6a:ee:07:f8:fc:dc:e7:
                    f1:62:2f:06:47:8a:78:af:1b:5e:84:fb:a9:a7:95:
                    73:31:08:8c:49:36:64:10:8b:18:b3:c2:af:71:26:
                    ef:99:67:8f:1a:cc:05:dd:d0:4b:0f:8e:5f:c1:e7:
                    61:4d:d3:38:0f:53:80:56:0e:93:62:d3:fa:53:22:
                    eb:6c:38:f2:5c:31:fc:50:21:8b:ed:4a:91:15:1d:
                    8c:89:07:9a:53:af:ac:7b:03:73:b2:b4:47:a2:aa:
                    43:30:0e:c9:da:dc:87:dd:e3:3c:5a:88:d2:eb:08:
                    9f:72:7f:4f:9b:81:bd:2b:28:8d:8c:7f:9a:a4:1f:
                    b9:b0:07:fe:4e:6e:d3:1b:97:bd:1a:a7:4c:33:05:
                    c8:e4:d8:e3:6a:49:30:1c:6f:a5:3a:74:cb:fe:af:
                    63:ce:11:8f:40:56:c1:74:a2:83:5f:4c:49:11:88:
                    ca:2e:6e:52:b2:ce:74:74:d8:bc:f1:cc:aa:42:57:
                    00:81:5e:ed:81:84:3f:d4:6a:44:c6:19:c7:13:a5:
                    06:e1:d1:fe:eb:38:18:69:b5:d8:27:3a:5a:d7:12:
                    ac:95:3f:e2:3f:ed:a5:0b:a1:d8:1d:ff:48:75:3b:
                    0c:b9:92:2e:f8:e9:e6:fb:08:ce:f4:9b:cf:ef:d8:
                    0a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:37:46:C9:9D:2C:26:00:85:27:F5:0B:9B:02:49:DA:5A:36:AF:1D
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/3DdGyZ0sJgCFJ_ULmwJJ2lo2rx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:06:79:13:c0:f5:dd:6d:c3:3a:92:0d:1f:77:dc:7b:82:18:
         de:37:2e:98:f0:3b:ec:57:a6:cd:43:c2:d6:3c:4c:39:b0:82:
         80:bb:43:4b:03:a1:2d:7a:cb:3d:b0:82:f7:fd:32:5b:d0:50:
         52:15:3d:9d:82:35:4a:7c:83:ac:ab:58:4c:e6:7c:b8:53:93:
         17:54:a0:e2:9f:49:90:00:3d:c3:4b:37:f5:e7:8a:df:17:27:
         12:85:01:5d:5a:84:73:e4:79:20:c9:ee:65:4a:d6:c9:c7:d2:
         95:68:68:25:26:28:ee:bf:37:30:90:92:fc:f9:c2:b7:e0:ce:
         7f:c4:e9:f8:2a:86:c6:0c:35:cf:7a:5c:1c:4a:f7:10:de:98:
         88:6f:fe:f0:86:1f:0f:10:a3:ef:9d:ea:04:dd:7b:2c:75:a9:
         2d:8a:82:da:b9:11:7c:a6:f4:35:f3:84:75:20:18:51:20:61:
         a9:25:12:f9:cf:97:bb:1d:66:96:a4:b3:01:d8:df:d3:6a:60:
         07:39:41:ff:82:e0:7a:d5:1d:25:1d:5a:70:4f:de:57:a3:3b:
         71:0b:34:5d:28:65:cf:c9:c3:61:ce:91:df:0e:ee:36:7a:3b:
         ff:02:1f:3e:c4:94:2d:b0:aa:af:15:4e:21:28:1a:03:b4:32:
         c0:f6:ea:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIcvckB8hGJOqzAJW5TgrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNzE0MTAyMDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM3NDZjOTlkMmMyNjAwODUyN2Y1MGI5YjAyNDlkYTVhMzZhZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqxhdOMHWmruB/j83OfxYi8GR4p4
rxtehPupp5VzMQiMSTZkEIsYs8KvcSbvmWePGswF3dBLD45fwedhTdM4D1OAVg6T
YtP6UyLrbDjyXDH8UCGL7UqRFR2MiQeaU6+sewNzsrRHoqpDMA7J2tyH3eM8WojS
6wifcn9Pm4G9KyiNjH+apB+5sAf+Tm7TG5e9GqdMMwXI5NjjakkwHG+lOnTL/q9j
zhGPQFbBdKKDX0xJEYjKLm5Sss50dNi88cyqQlcAgV7tgYQ/1GpExhnHE6UG4dH+
6zgYabXYJzpa1xKslT/iP+2lC6HYHf9IdTsMuZIu+Onm+wjO9JvP79gKmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNw3RsmdLCYAhSf1C5sCSdpaNq8dMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvM0RkR3laMHNKZ0NGSl9VTG13SkoybG8ycngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw7MA0G
CSqGSIb3DQEBCwUAA4IBAQBoBnkTwPXdbcM6kg0fd9x7ghjeNy6Y8DvsV6bNQ8LW
PEw5sIKAu0NLA6Etess9sIL3/TJb0FBSFT2dgjVKfIOsq1hM5ny4U5MXVKDin0mQ
AD3DSzf154rfFycShQFdWoRz5Hkgye5lStbJx9KVaGglJijuvzcwkJL8+cK34M5/
xOn4KobGDDXPelwcSvcQ3piIb/7whh8PEKPvneoE3XssdaktioLauRF8pvQ184R1
IBhRIGGpJRL5z5e7HWaWpLMB2N/TamAHOUH/guB61R0lHVpwT95XoztxCzRdKGXP
ycNhzpHfDu42ejv/Ah8+xJQtsKqvFU4hKBoDtDLA9uq7
-----END CERTIFICATE-----