Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/krwPzjnTtCEOQgP9EXp1WO-kgx0.roa
File:                     krwPzjnTtCEOQgP9EXp1WO-kgx0.roa (raw, json)
Hash identifier:          Jq2f8YMj3fJWLcxBtjZ9CHuZ6W1PxUoBmS3CD2sax2Q=
Subject key identifier:   92:BC:0F:CE:39:D3:B4:21:0E:42:03:FD:11:7A:75:58:EF:A4:83:1D
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       01982924F99D7E65E4D4D391A683148EBFA6
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/krwPzjnTtCEOQgP9EXp1WO-kgx0.roa
Signing time:             Sun 20 Jul 2025 18:42:25 +0000
ROA not before:           Sun 20 Jul 2025 18:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212558
IP address blocks:        78.108.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:29:24:f9:9d:7e:65:e4:d4:d3:91:a6:83:14:8e:bf:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jul 20 18:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92bc0fce39d3b4210e4203fd117a7558efa4831d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7d:03:ce:43:0a:cf:6e:b8:cd:9c:5c:6f:3b:
                    e3:b9:58:20:4b:99:31:11:ec:52:c6:6f:d3:dd:41:
                    03:b1:c0:d5:d4:fa:89:17:42:5b:23:a8:8a:97:da:
                    ee:b2:e1:1c:88:28:e5:9b:70:5b:a1:1f:be:f4:dc:
                    e5:54:b2:4b:51:ed:7d:20:bc:3f:92:2d:6c:65:f2:
                    80:c9:f7:0b:f2:c9:8a:07:e2:8a:82:9f:06:36:5d:
                    7b:5c:98:af:db:af:a3:ba:12:50:d3:6b:51:7b:68:
                    86:18:85:56:37:74:41:2d:eb:90:5f:68:a8:d2:fa:
                    52:c8:15:83:43:ec:37:42:12:e1:3b:d0:50:16:6b:
                    c8:46:14:d8:1a:f1:5f:b4:03:d7:fb:6c:8a:f8:ae:
                    2c:96:1e:80:0f:aa:0d:8b:0c:e3:32:c9:33:1e:dc:
                    1e:28:7a:cb:b5:7e:6e:f0:4d:e1:1d:f2:6e:0a:a8:
                    05:69:95:a8:73:be:05:0e:67:aa:64:12:41:f2:7c:
                    92:86:96:36:32:59:77:fa:77:c7:94:3c:7f:80:0d:
                    d3:bc:ab:cc:ec:4f:19:09:2b:24:ee:38:fd:70:bd:
                    9d:13:9f:d9:af:88:88:d3:2f:d7:65:3b:2e:d0:69:
                    5d:e3:a8:77:77:a4:f9:d4:de:cc:df:76:3d:06:3e:
                    98:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:BC:0F:CE:39:D3:B4:21:0E:42:03:FD:11:7A:75:58:EF:A4:83:1D
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/krwPzjnTtCEOQgP9EXp1WO-kgx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:28:af:63:f1:66:e7:dd:46:ae:e3:be:26:c2:39:b4:a5:bc:
         bb:05:a4:03:36:78:56:90:fe:99:8f:7a:32:23:76:80:80:ff:
         81:1c:47:da:c4:44:46:04:9e:dc:56:4f:f9:8e:fe:3f:1a:64:
         96:4c:de:48:7a:39:05:7a:56:dc:44:35:b0:fc:d7:fc:6d:3b:
         ca:a0:2c:18:23:df:0f:bc:c0:b3:bc:b1:87:f8:5a:18:72:04:
         fa:d8:8d:07:17:59:99:d8:1e:16:51:09:02:f6:87:4f:ac:67:
         f7:25:45:7a:db:c5:e1:ee:81:11:24:ea:44:22:a3:17:9c:04:
         7c:d7:b5:09:f1:20:65:29:d4:85:f3:53:dd:98:31:8c:40:1a:
         f8:6d:4e:46:50:54:04:41:8e:28:60:5e:71:15:44:04:b2:1a:
         19:13:19:5f:34:42:fb:27:4e:b2:ff:f4:44:6b:95:69:fd:99:
         ce:c1:cd:b2:ed:d8:fc:a1:8c:88:92:9f:84:23:03:2f:ba:b2:
         36:b6:b3:6f:c4:f0:6a:b7:e2:4e:9f:62:b1:61:58:55:ad:0f:
         5f:9f:79:a0:31:9e:08:22:51:d0:11:ac:ad:69:c9:1c:40:c9:
         b8:85:15:8f:50:6e:63:09:02:cb:28:90:d9:57:16:f4:5c:cb:
         f3:7a:8c:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgpJPmdfmXk1NORpoMUjr+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNzIwMTg0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmJjMGZjZTM5ZDNiNDIxMGU0MjAzZmQxMTdhNzU1OGVmYTQ4MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn0DzkMKz264zZxcbzvjuVggS5kx
EexSxm/T3UEDscDV1PqJF0JbI6iKl9rusuEciCjlm3BboR++9NzlVLJLUe19ILw/
ki1sZfKAyfcL8smKB+KKgp8GNl17XJiv26+juhJQ02tRe2iGGIVWN3RBLeuQX2io
0vpSyBWDQ+w3QhLhO9BQFmvIRhTYGvFftAPX+2yK+K4slh6AD6oNiwzjMskzHtwe
KHrLtX5u8E3hHfJuCqgFaZWoc74FDmeqZBJB8nyShpY2Mll3+nfHlDx/gA3TvKvM
7E8ZCSsk7jj9cL2dE5/Zr4iI0y/XZTsu0Gld46h3d6T51N7M33Y9Bj6YHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJK8D84507QhDkID/RF6dVjvpIMdMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEva3J3UHpqblR0Q0VPUWdQOUVYcDFXTy1rZ3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw5MA0G
CSqGSIb3DQEBCwUAA4IBAQA3KK9j8Wbn3Uau474mwjm0pby7BaQDNnhWkP6Zj3oy
I3aAgP+BHEfaxERGBJ7cVk/5jv4/GmSWTN5IejkFelbcRDWw/Nf8bTvKoCwYI98P
vMCzvLGH+FoYcgT62I0HF1mZ2B4WUQkC9odPrGf3JUV628Xh7oERJOpEIqMXnAR8
17UJ8SBlKdSF81PdmDGMQBr4bU5GUFQEQY4oYF5xFUQEshoZExlfNEL7J06y//RE
a5Vp/ZnOwc2y7dj8oYyIkp+EIwMvurI2trNvxPBqt+JOn2KxYVhVrQ9fn3mgMZ4I
IlHQEaytackcQMm4hRWPUG5jCQLLKJDZVxb0XMvzeow0
-----END CERTIFICATE-----