Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/8x9frN2OUt9fxn_h5gX6Grs_CgI.roa
File:                     8x9frN2OUt9fxn_h5gX6Grs_CgI.roa (raw, json)
Hash identifier:          dNtoUWEMIhmyRQMVSfVQJIk3/+F8fL+9APaLlanRg8E=
Subject key identifier:   F3:1F:5F:AC:DD:8E:52:DF:5F:C6:7F:E1:E6:05:FA:1A:BB:3F:0A:02
Certificate issuer:       /CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
Certificate serial:       019A6EA1528ACF1020A7A585148F24BC89C3
Authority key identifier: 4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/8x9frN2OUt9fxn_h5gX6Grs_CgI.roa
Signing time:             Mon 10 Nov 2025 16:37:37 +0000
ROA not before:           Mon 10 Nov 2025 16:37:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        78.24.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6e:a1:52:8a:cf:10:20:a7:a5:85:14:8f:24:bc:89:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
        Validity
            Not Before: Nov 10 16:37:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f31f5facdd8e52df5fc67fe1e605fa1abb3f0a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c5:fd:17:96:dc:82:41:0d:ee:17:73:63:a4:
                    4b:27:fb:62:43:c7:8c:b9:07:d8:ad:8e:3d:a9:a5:
                    dd:3b:4e:ab:96:46:cb:01:10:9a:bc:e7:9e:ee:ce:
                    06:47:a6:14:2e:ee:b9:b0:9c:71:10:8a:08:7a:97:
                    b4:92:ca:25:3a:57:a3:c2:58:d4:2b:4d:33:5d:f8:
                    68:2b:43:f5:34:d8:71:b7:02:89:48:f4:8c:82:16:
                    ab:e0:41:39:98:e7:4d:83:e5:e4:11:8b:37:0b:2e:
                    26:91:8c:ba:c0:34:83:41:bd:e0:e6:48:9c:26:fb:
                    d6:23:bb:94:77:f2:a7:12:b6:cc:02:76:2b:50:34:
                    37:3f:a1:fb:38:8d:55:21:fa:55:09:7e:4d:7b:4c:
                    27:7d:df:35:8a:74:72:94:65:c9:95:1d:08:30:49:
                    f3:c2:0f:1d:9a:fa:b0:fa:3d:40:5e:5b:b2:ae:2d:
                    c5:40:80:30:11:3a:fc:10:cb:cc:65:2d:ec:6b:18:
                    17:ed:df:fa:13:97:c8:d7:06:34:31:a9:7d:c8:8c:
                    8c:02:d0:05:4c:b3:b4:12:21:e7:62:3c:8d:0d:f7:
                    54:2d:51:12:6d:53:25:ab:e9:44:0e:dd:7c:2a:c1:
                    c9:56:99:05:02:c3:3b:37:c7:33:62:95:01:47:6e:
                    57:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:1F:5F:AC:DD:8E:52:DF:5F:C6:7F:E1:E6:05:FA:1A:BB:3F:0A:02
            X509v3 Authority Key Identifier:
                keyid:4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/8x9frN2OUt9fxn_h5gX6Grs_CgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:18:c5:dd:80:06:e0:02:90:66:89:b7:28:e6:5f:49:87:f2:
         da:b3:31:c7:b9:17:34:32:9e:91:81:d6:13:de:14:52:3c:6d:
         c2:e1:d9:9d:96:7e:4f:a5:7c:6f:98:76:22:39:c1:26:59:fc:
         ce:b6:c5:df:07:24:fb:be:d0:40:ab:3c:83:af:b5:ce:02:a0:
         a1:b8:b9:45:09:5d:df:c1:74:7b:b7:b8:4a:06:a9:67:ee:ec:
         53:0b:b9:42:c4:54:43:c0:1a:f3:ef:77:cb:0b:1b:6a:10:e2:
         34:fd:60:a4:94:b5:91:d5:66:77:92:77:01:31:47:2f:e3:2a:
         31:39:b3:4d:f6:ed:7f:a0:ab:78:98:6c:d3:4f:27:14:e1:90:
         4b:a8:45:d4:c5:ef:a4:36:b9:6e:a8:e5:06:3c:b6:6d:cb:89:
         cc:fb:3e:54:0e:47:c2:58:d4:77:ac:b1:a3:00:be:fc:22:30:
         f2:f5:7f:ec:98:7c:e9:32:6f:06:50:d4:57:79:57:41:c1:65:
         ba:a5:67:be:bc:6d:d9:b2:5d:c6:2e:f9:72:d1:a5:40:12:24:
         7f:7f:8d:65:1a:8a:12:fa:9f:47:e6:da:9f:66:d9:52:53:2c:
         29:af:58:76:e3:3d:b5:21:1f:db:d1:e0:e2:fc:a4:3d:59:b2:
         3c:53:b6:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpuoVKKzxAgp6WFFI8kvInDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzhjYWE3NzQxZjk5YjlmYmNhNGY0OTQzYzhiNzlmMDBi
ZWJmZjgwHhcNMjUxMTEwMTYzNzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzFmNWZhY2RkOGU1MmRmNWZjNjdmZTFlNjA1ZmExYWJiM2YwYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cX9F5bcgkEN7hdzY6RLJ/tiQ8eM
uQfYrY49qaXdO06rlkbLARCavOee7s4GR6YULu65sJxxEIoIepe0ksolOlejwljU
K00zXfhoK0P1NNhxtwKJSPSMghar4EE5mOdNg+XkEYs3Cy4mkYy6wDSDQb3g5kic
JvvWI7uUd/KnErbMAnYrUDQ3P6H7OI1VIfpVCX5Ne0wnfd81inRylGXJlR0IMEnz
wg8dmvqw+j1AXluyri3FQIAwETr8EMvMZS3saxgX7d/6E5fI1wY0Mal9yIyMAtAF
TLO0EiHnYjyNDfdULVESbVMlq+lEDt18KsHJVpkFAsM7N8czYpUBR25XuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMfX6zdjlLfX8Z/4eYF+hq7PwoCMB8GA1UdIwQY
MBaAFEt4yqd0H5m5+8pPSUPIt58Avr/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMt
NjNjZWQ4NzYyMDQyLzEvOHg5ZnJOMk9VdDlmeG5faDVnWDZHcnNfQ2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMtNjNjZWQ4NzYyMDQy
LzEvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThh7MA0G
CSqGSIb3DQEBCwUAA4IBAQAEGMXdgAbgApBmibco5l9Jh/LaszHHuRc0Mp6RgdYT
3hRSPG3C4dmdln5PpXxvmHYiOcEmWfzOtsXfByT7vtBAqzyDr7XOAqChuLlFCV3f
wXR7t7hKBqln7uxTC7lCxFRDwBrz73fLCxtqEOI0/WCklLWR1WZ3kncBMUcv4yox
ObNN9u1/oKt4mGzTTycU4ZBLqEXUxe+kNrluqOUGPLZty4nM+z5UDkfCWNR3rLGj
AL78IjDy9X/smHzpMm8GUNRXeVdBwWW6pWe+vG3Zsl3GLvly0aVAEiR/f41lGooS
+p9H5tqfZtlSUywpr1h24z21IR/b0eDi/KQ9WbI8U7Zk
-----END CERTIFICATE-----