Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/U6QZohEsko9Kz7ox_-YwSbVoz_Y.roa
File:                     U6QZohEsko9Kz7ox_-YwSbVoz_Y.roa (raw, json)
Hash identifier:          N5q9Tp3QDml7wKhz/02oVCSnkSKujOrm4ZPe2r5YNbY=
Subject key identifier:   53:A4:19:A2:11:2C:92:8F:4A:CF:BA:31:FF:E6:30:49:B5:68:CF:F6
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D47DD4AD82A999DD79F196ED0178DCAE9
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/U6QZohEsko9Kz7ox_-YwSbVoz_Y.roa
Signing time:             Wed 01 Apr 2026 07:06:18 +0000
ROA not before:           Wed 01 Apr 2026 07:06:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        78.17.20.0/24 maxlen: 24
                          78.17.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Apr 2026 07:06:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:dd:4a:d8:2a:99:9d:d7:9f:19:6e:d0:17:8d:ca:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  1 07:06:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53a419a2112c928f4acfba31ffe63049b568cff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4a:10:b9:62:19:b2:f1:37:d7:59:94:aa:8a:
                    31:7f:5d:48:5c:0f:a1:43:74:37:dc:73:03:a7:db:
                    4a:d0:65:21:b2:93:7d:81:00:95:a4:f2:93:2a:5b:
                    7e:7e:13:52:02:7f:a5:77:31:a4:41:2f:96:53:56:
                    84:8a:34:b4:82:12:a6:b3:ff:d6:cb:ab:92:c3:9f:
                    ff:c2:a0:fe:ba:7a:b0:38:55:33:0e:ee:4f:0a:40:
                    56:37:2d:45:08:48:d5:43:c0:51:cc:c8:dd:76:10:
                    b2:92:51:d3:ac:90:08:21:0e:fe:35:3f:73:36:5a:
                    ea:b8:3b:77:cd:2d:e9:9e:ba:72:55:52:0b:d3:d2:
                    a2:71:f1:d0:e4:be:85:da:e6:f9:7d:de:d6:49:71:
                    b4:b4:0b:6b:45:df:8b:32:3a:5c:2c:41:64:f4:a8:
                    af:19:fe:71:5f:a1:04:fc:83:aa:50:3a:57:2e:46:
                    f8:8b:cd:7b:59:46:0f:49:bf:0f:85:4a:05:ea:15:
                    d9:ce:ef:d8:bd:75:ef:10:98:49:33:01:9c:b7:71:
                    c5:22:15:47:de:61:ad:6b:b2:36:27:01:96:18:c8:
                    75:20:2b:32:50:86:9a:21:d1:e7:d8:bf:47:be:6f:
                    99:c4:bd:81:89:a6:37:25:4c:51:8f:38:be:14:bd:
                    09:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A4:19:A2:11:2C:92:8F:4A:CF:BA:31:FF:E6:30:49:B5:68:CF:F6
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/U6QZohEsko9Kz7ox_-YwSbVoz_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:45:37:59:a3:4f:7a:ea:76:ed:10:5d:78:06:c3:8b:86:07:
         6b:7d:aa:5f:fb:20:10:a8:db:34:ff:e8:47:9b:cd:08:7d:6e:
         04:36:b5:9d:75:d0:93:97:7f:83:40:cc:90:3b:a3:3f:c5:d6:
         de:bb:2b:69:1f:f0:d5:3a:f4:df:2b:6d:2c:a8:f0:32:5c:0c:
         28:da:62:f7:68:97:53:38:c9:7c:35:ac:51:86:52:0f:5f:03:
         a7:43:3f:34:9b:60:10:3d:aa:38:d0:ee:b8:a5:e1:28:56:83:
         e6:a4:68:b3:10:40:3e:b8:6f:be:f0:e9:4e:67:fb:54:de:7d:
         93:dd:e6:9b:d4:c0:5b:23:68:af:01:dc:a0:b5:67:50:e2:1b:
         3d:20:af:8c:40:40:2f:22:17:28:16:03:50:fa:ff:a9:e8:8d:
         f8:00:d1:12:a0:be:7e:b2:86:02:70:3c:8b:52:8f:cd:90:06:
         5f:92:5e:88:97:3d:c3:2e:d9:d6:bc:15:f5:ef:37:11:90:35:
         55:f5:97:2e:47:b9:0c:4d:52:13:cc:66:0a:12:e2:f3:d8:41:
         05:7b:d2:88:b9:a4:e7:e7:7e:e7:fd:e3:18:fb:fe:5c:bd:b1:
         df:1e:0b:e2:6b:4c:0c:68:50:a2:58:7f:04:1c:98:0d:dd:bf:
         1d:8c:f1:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1H3UrYKpmd158ZbtAXjcrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDAxMDcwNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2E0MTlhMjExMmM5MjhmNGFjZmJhMzFmZmU2MzA0OWI1NjhjZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUoQuWIZsvE311mUqooxf11IXA+h
Q3Q33HMDp9tK0GUhspN9gQCVpPKTKlt+fhNSAn+ldzGkQS+WU1aEijS0ghKms//W
y6uSw5//wqD+unqwOFUzDu5PCkBWNy1FCEjVQ8BRzMjddhCyklHTrJAIIQ7+NT9z
NlrquDt3zS3pnrpyVVIL09KicfHQ5L6F2ub5fd7WSXG0tAtrRd+LMjpcLEFk9Kiv
Gf5xX6EE/IOqUDpXLkb4i817WUYPSb8PhUoF6hXZzu/YvXXvEJhJMwGct3HFIhVH
3mGta7I2JwGWGMh1ICsyUIaaIdHn2L9Hvm+ZxL2BiaY3JUxRjzi+FL0JuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOkGaIRLJKPSs+6Mf/mMEm1aM/2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVTZRWm9oRXNrbzlLejdveF8tWXdTYlZvel9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThEUMA0G
CSqGSIb3DQEBCwUAA4IBAQA/RTdZo0966nbtEF14BsOLhgdrfapf+yAQqNs0/+hH
m80IfW4ENrWdddCTl3+DQMyQO6M/xdbeuytpH/DVOvTfK20sqPAyXAwo2mL3aJdT
OMl8NaxRhlIPXwOnQz80m2AQPao40O64peEoVoPmpGizEEA+uG++8OlOZ/tU3n2T
3eab1MBbI2ivAdygtWdQ4hs9IK+MQEAvIhcoFgNQ+v+p6I34ANESoL5+soYCcDyL
Uo/NkAZfkl6Ilz3DLtnWvBX17zcRkDVV9ZcuR7kMTVITzGYKEuLz2EEFe9KIuaTn
537n/eMY+/5cvbHfHgvia0wMaFCiWH8EHJgN3b8djPEm
-----END CERTIFICATE-----