Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vE6Q68G61J930TQkuh1FAmKUj5M.roa
File:                     vE6Q68G61J930TQkuh1FAmKUj5M.roa (raw, json)
Hash identifier:          Oa7/yGcxnmf40GLWHxK4NeT9cicAhTUgdd2dmXZJvb0=
Subject key identifier:   BC:4E:90:EB:C1:BA:D4:9F:77:D1:34:24:BA:1D:45:02:62:94:8F:93
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0197EF1D5F970FA8C9C3D8B155915F6A3553
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vE6Q68G61J930TQkuh1FAmKUj5M.roa
Signing time:             Wed 09 Jul 2025 12:16:08 +0000
ROA not before:           Wed 09 Jul 2025 12:16:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        78.128.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:1d:5f:97:0f:a8:c9:c3:d8:b1:55:91:5f:6a:35:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul  9 12:16:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc4e90ebc1bad49f77d13424ba1d450262948f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:71:1a:86:f3:bb:3f:6e:0e:10:0b:ce:29:94:
                    9d:8a:2e:15:d4:fa:bc:e7:18:b9:c0:08:2f:b9:bd:
                    97:7a:00:49:1b:6e:91:32:94:33:71:8c:ea:a5:c0:
                    41:75:7d:4b:b1:0c:d8:35:a3:6b:e9:05:db:c8:61:
                    bd:9e:4f:35:7c:d2:aa:37:72:db:85:fd:df:58:3c:
                    9f:5e:d1:91:49:9e:5b:04:b1:7a:95:7a:0e:e7:b5:
                    c2:34:ca:27:b5:42:87:e9:1b:ca:f9:bd:a4:87:fe:
                    7b:e4:91:e9:34:0e:3e:e8:84:4d:d3:09:68:7f:6e:
                    e0:9e:da:84:de:7d:18:2b:58:70:4d:b2:62:62:43:
                    17:a3:9e:11:c7:79:22:ab:6f:d4:cc:b9:38:47:ac:
                    e2:98:69:ae:f4:de:f5:0a:3b:db:81:bc:e0:a1:60:
                    f3:2c:71:c7:54:86:d1:15:1f:ef:bd:0f:b4:e5:dd:
                    ca:dc:d5:f4:43:9e:63:b6:ae:a2:2f:3c:d9:ca:1a:
                    e8:43:c7:b2:9f:ac:6d:a6:91:15:be:d7:45:2f:ae:
                    52:46:5a:30:eb:fd:e9:bf:fe:89:cc:ee:7f:d4:0f:
                    c9:f4:ce:b5:bb:c0:79:9f:59:8e:ee:1e:ef:47:db:
                    1e:6f:17:ba:3f:e7:ab:00:2d:67:83:82:d4:cc:74:
                    b2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4E:90:EB:C1:BA:D4:9F:77:D1:34:24:BA:1D:45:02:62:94:8F:93
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/vE6Q68G61J930TQkuh1FAmKUj5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:71:ed:c5:b3:e1:86:f4:df:7a:ef:5f:f6:37:fa:20:69:cd:
         43:c6:1d:8c:f4:4f:cb:cf:26:17:a8:75:54:97:a1:6b:fd:ee:
         7e:97:6d:28:6f:6d:65:a3:a0:a5:ca:9d:58:ae:8f:ab:fc:4b:
         f1:11:c9:3c:e7:c6:33:00:09:ad:c7:ec:5e:46:ce:ec:d4:4d:
         fb:32:63:de:8d:6a:61:e6:fe:1e:55:b8:ad:e7:43:8b:ca:5a:
         40:7f:c4:d0:a2:d3:88:1e:9d:06:c0:ba:77:d0:98:ab:bb:db:
         d0:0c:bb:cf:dc:e3:1a:78:b2:39:44:c3:0d:2e:5b:b2:84:1b:
         71:a5:e4:3e:7d:4f:d0:9f:f5:5f:1d:8d:c6:a4:56:de:f4:ba:
         e9:f8:f0:98:7e:02:fd:b3:f8:e5:3d:62:01:f1:d2:67:0f:2a:
         dc:97:16:98:00:d8:a5:0e:ff:e3:ba:85:89:47:22:5c:a2:02:
         da:32:cc:cc:ad:17:02:d5:5a:0a:8c:66:42:ed:4c:ae:94:92:
         01:21:ac:b7:bc:41:74:73:0b:0b:b7:97:fd:09:77:03:2d:35:
         de:2e:3d:5d:d3:1e:e4:18:b1:a8:05:90:85:51:de:15:e4:95:
         cf:d2:f5:78:db:28:73:9c:e6:5f:f1:63:34:9f:46:89:19:6e:
         15:a7:ed:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfvHV+XD6jJw9ixVZFfajVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNzA5MTIxNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzRlOTBlYmMxYmFkNDlmNzdkMTM0MjRiYTFkNDUwMjYyOTQ4ZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunEahvO7P24OEAvOKZSdii4V1Pq8
5xi5wAgvub2XegBJG26RMpQzcYzqpcBBdX1LsQzYNaNr6QXbyGG9nk81fNKqN3Lb
hf3fWDyfXtGRSZ5bBLF6lXoO57XCNMontUKH6RvK+b2kh/575JHpNA4+6IRN0wlo
f27gntqE3n0YK1hwTbJiYkMXo54Rx3kiq2/UzLk4R6zimGmu9N71CjvbgbzgoWDz
LHHHVIbRFR/vvQ+05d3K3NX0Q55jtq6iLzzZyhroQ8eyn6xtppEVvtdFL65SRlow
6/3pv/6JzO5/1A/J9M61u8B5n1mO7h7vR9sebxe6P+erAC1ng4LUzHSyoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxOkOvButSfd9E0JLodRQJilI+TMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdkU2UTY4RzYxSjkzMFRRa3VoMUZBbUtVajVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBToACMA0G
CSqGSIb3DQEBCwUAA4IBAQCEce3Fs+GG9N9671/2N/ogac1Dxh2M9E/LzyYXqHVU
l6Fr/e5+l20ob21lo6Clyp1Yro+r/EvxEck858YzAAmtx+xeRs7s1E37MmPejWph
5v4eVbit50OLylpAf8TQotOIHp0GwLp30Jiru9vQDLvP3OMaeLI5RMMNLluyhBtx
peQ+fU/Qn/VfHY3GpFbe9Lrp+PCYfgL9s/jlPWIB8dJnDyrclxaYANilDv/juoWJ
RyJcogLaMszMrRcC1VoKjGZC7UyulJIBIay3vEF0cwsLt5f9CXcDLTXeLj1d0x7k
GLGoBZCFUd4V5JXP0vV42yhznOZf8WM0n0aJGW4Vp+1p
-----END CERTIFICATE-----