Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/78p7eZsSQ8zonV0TNMaLaLjK96I.roa
File:                     78p7eZsSQ8zonV0TNMaLaLjK96I.roa (raw, json)
Hash identifier:          +QO+TKXARPaWdOJ8baQ83Q+fqGFHJ3lndWpB+9vwuT8=
Subject key identifier:   EF:CA:7B:79:9B:12:43:CC:E8:9D:5D:13:34:C6:8B:68:B8:CA:F7:A2
Certificate issuer:       /CN=611b9fb45639e7492f2b3631f640f6ab9afb6290
Certificate serial:       019715EE19460B00F275943E4CE48517C1FE
Authority key identifier: 61:1B:9F:B4:56:39:E7:49:2F:2B:36:31:F6:40:F6:AB:9A:FB:62:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/78p7eZsSQ8zonV0TNMaLaLjK96I.roa
Signing time:             Wed 28 May 2025 08:06:54 +0000
ROA not before:           Wed 28 May 2025 08:06:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215138
IP address blocks:        193.227.126.0/24 maxlen: 24
                          2001:678:454::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ee:19:46:0b:00:f2:75:94:3e:4c:e4:85:17:c1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=611b9fb45639e7492f2b3631f640f6ab9afb6290
        Validity
            Not Before: May 28 08:06:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efca7b799b1243cce89d5d1334c68b68b8caf7a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b2:95:ed:46:02:2f:3a:73:18:c6:92:26:be:
                    8d:9d:15:f3:91:da:d4:49:e3:a5:08:04:a8:ee:df:
                    78:2b:0b:f6:bc:6e:d7:71:89:6b:72:49:61:cc:4f:
                    bf:eb:ca:12:eb:7f:a5:86:07:c5:f5:d4:1d:00:34:
                    28:9f:de:f3:b2:75:5b:35:b9:dc:9a:2b:70:b6:0e:
                    7b:d7:88:63:af:ed:af:ff:59:e9:98:cc:f3:1b:68:
                    27:84:d6:24:4c:13:7b:77:4d:0b:25:ce:0d:b5:4f:
                    66:c5:fa:95:cc:22:22:84:2d:c1:62:86:8e:5e:89:
                    dd:06:83:01:ae:b4:c0:63:b4:42:17:98:f9:8f:74:
                    34:11:21:63:84:3e:26:f3:3b:64:5e:9f:10:8c:fe:
                    fe:28:0c:bf:aa:ab:5d:4e:e9:62:1a:0c:a7:51:69:
                    4d:a5:ce:24:bf:01:05:cb:17:43:37:5d:25:82:2c:
                    3b:3e:c3:a7:68:c1:cb:c5:e5:cf:6b:f3:17:17:a4:
                    f3:2d:08:f9:d3:e4:01:7d:76:32:92:44:de:83:f7:
                    81:96:25:8a:41:8d:a4:9b:3a:42:7f:da:35:e8:a1:
                    47:d6:70:2d:c9:bc:e4:20:c8:8d:95:15:f7:e9:b2:
                    5b:f2:a0:c2:a9:30:ee:2d:5f:86:1a:a3:61:a7:92:
                    55:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CA:7B:79:9B:12:43:CC:E8:9D:5D:13:34:C6:8B:68:B8:CA:F7:A2
            X509v3 Authority Key Identifier:
                keyid:61:1B:9F:B4:56:39:E7:49:2F:2B:36:31:F6:40:F6:AB:9A:FB:62:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/78p7eZsSQ8zonV0TNMaLaLjK96I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.126.0/24
                IPv6:
                  2001:678:454::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:5e:f4:70:8c:50:2d:8c:d9:97:12:b8:17:75:b1:a2:fe:32:
         5d:f9:0a:40:4d:b5:8a:8c:23:cd:5a:61:a7:42:03:aa:27:c2:
         41:63:18:ce:55:5b:d0:d9:52:95:8d:39:51:28:8d:a0:b7:4e:
         1f:a1:bd:e3:16:56:aa:3d:2c:6a:ce:ee:7f:61:f5:f1:ec:d0:
         fb:a3:21:1a:1a:2f:f0:78:3a:b9:15:ae:d2:d7:14:a0:d9:ee:
         97:e9:6f:f5:06:5c:96:be:f2:d7:f8:62:e4:71:3f:b0:1e:99:
         43:45:50:9e:65:11:b7:0e:a7:c1:a5:83:da:c1:c8:51:e6:e8:
         bc:80:02:8b:2f:b1:c3:97:82:88:5a:82:2b:0e:87:eb:f0:b8:
         fa:1d:e8:d5:c5:3d:1d:31:7d:a5:e6:22:62:de:38:da:cc:ff:
         f7:c2:56:5d:5d:2e:02:8f:1b:f6:4a:67:8a:0e:ad:fd:2b:99:
         10:be:7f:e6:cc:30:d2:b7:b1:85:dc:fe:6d:4b:64:41:c9:19:
         40:61:93:ac:8a:35:13:55:b7:d3:ca:5f:65:54:f5:e1:8c:f6:
         64:cc:f0:a0:47:8c:8d:1b:6b:83:39:ee:cf:ff:28:4c:1c:fc:
         e6:bc:28:a6:2e:05:8a:a3:ff:12:94:9f:de:a2:f3:03:ef:74:
         fa:5e:84:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcV7hlGCwDydZQ+TOSFF8H+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMWI5ZmI0NTYzOWU3NDkyZjJiMzYzMWY2NDBmNmFiOWFm
YjYyOTAwHhcNMjUwNTI4MDgwNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNhN2I3OTliMTI0M2NjZTg5ZDVkMTMzNGM2OGI2OGI4Y2FmN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LKV7UYCLzpzGMaSJr6NnRXzkdrU
SeOlCASo7t94Kwv2vG7XcYlrcklhzE+/68oS63+lhgfF9dQdADQon97zsnVbNbnc
mitwtg5714hjr+2v/1npmMzzG2gnhNYkTBN7d00LJc4NtU9mxfqVzCIihC3BYoaO
XondBoMBrrTAY7RCF5j5j3Q0ESFjhD4m8ztkXp8QjP7+KAy/qqtdTuliGgynUWlN
pc4kvwEFyxdDN10lgiw7PsOnaMHLxeXPa/MXF6TzLQj50+QBfXYykkTeg/eBliWK
QY2kmzpCf9o16KFH1nAtybzkIMiNlRX36bJb8qDCqTDuLV+GGqNhp5JVnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO/Ke3mbEkPM6J1dEzTGi2i4yveiMB8GA1UdIwQY
MBaAFGEbn7RWOedJLys2MfZA9qua+2KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVJ1ZnRGWTU1MGt2S3pZeDlrRDJxNXI3WXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi84NDgyZDItNzIzMy00MTc3LTk5MmYt
N2Q3NWUyYjFhN2I5LzEvNzhwN2Vac1NROHpvblYwVE5NYUxhTGpLOTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi84NDgyZDItNzIzMy00MTc3LTk5MmYtN2Q3NWUyYjFhN2I5
LzEvWVJ1ZnRGWTU1MGt2S3pZeDlrRDJxNXI3WXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweN+MA8E
AgACMAkDBwAgAQZ4BFQwDQYJKoZIhvcNAQELBQADggEBAEte9HCMUC2M2ZcSuBd1
saL+Ml35CkBNtYqMI81aYadCA6onwkFjGM5VW9DZUpWNOVEojaC3Th+hveMWVqo9
LGrO7n9h9fHs0PujIRoaL/B4OrkVrtLXFKDZ7pfpb/UGXJa+8tf4YuRxP7AemUNF
UJ5lEbcOp8Glg9rByFHm6LyAAosvscOXgohagisOh+vwuPod6NXFPR0xfaXmImLe
ONrM//fCVl1dLgKPG/ZKZ4oOrf0rmRC+f+bMMNK3sYXc/m1LZEHJGUBhk6yKNRNV
t9PKX2VU9eGM9mTM8KBHjI0ba4M57s//KEwc/Oa8KKYuBYqj/xKUn96i8wPvdPpe
hD8=
-----END CERTIFICATE-----