Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrIZVa2bwMR0b9gg9jcRoVDv-JA.roa
File:                     VrIZVa2bwMR0b9gg9jcRoVDv-JA.roa (raw, json)
Hash identifier:          7ojk1xj/HOzwu39T0il3cbYVXQrvyfFr+QHqM+GdR3k=
Subject key identifier:   56:B2:19:55:AD:9B:C0:C4:74:6F:D8:20:F6:37:11:A1:50:EF:F8:90
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DF2ABD1B9FF4E2BFDA2F1FC0008F345DF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrIZVa2bwMR0b9gg9jcRoVDv-JA.roa
Signing time:             Mon 04 May 2026 11:07:19 +0000
ROA not before:           Mon 04 May 2026 11:07:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200173
IP address blocks:        78.17.129.0/24 maxlen: 24
                          140.225.194.0/24 maxlen: 24
                          167.17.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:ab:d1:b9:ff:4e:2b:fd:a2:f1:fc:00:08:f3:45:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  4 11:07:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56b21955ad9bc0c4746fd820f63711a150eff890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:44:3b:b4:86:41:10:18:b2:c4:93:e2:ad:6f:
                    0a:e9:81:09:02:1e:91:e6:d8:ff:8c:82:a3:32:3b:
                    e1:76:88:59:96:37:d0:5b:e0:11:57:fc:17:14:19:
                    21:2c:8c:c6:de:a5:95:06:fe:76:a3:f0:f5:d3:6d:
                    28:68:5d:6f:c8:5d:db:bc:1f:8f:49:26:fc:cb:71:
                    a7:36:b7:8c:79:e5:62:06:3d:a6:25:20:41:a6:74:
                    8b:c0:6b:66:1c:6b:a3:2a:7a:d5:bb:34:0e:b3:b0:
                    66:e8:f4:cd:9b:70:a7:ac:41:7f:4b:e5:c0:b0:82:
                    51:d5:45:2d:07:6f:42:c4:d1:7f:be:df:ca:9c:6c:
                    31:be:90:b9:99:14:c2:e8:60:76:89:46:07:b9:3a:
                    88:b4:c4:29:40:7d:6e:1c:80:4a:83:41:26:74:d8:
                    99:54:ed:d6:e0:91:65:81:23:a4:fe:d0:63:3a:ec:
                    77:fe:07:99:b9:0e:b2:3a:4f:68:ea:3d:f6:42:4f:
                    6b:55:6e:a9:a6:b5:34:8b:43:a4:c9:a3:ae:8b:8d:
                    ef:a2:1f:b6:00:98:60:16:67:cd:6a:41:f7:9c:45:
                    62:d5:aa:fd:55:83:45:f3:86:41:1b:ed:e9:50:ed:
                    0d:d8:dd:23:98:83:c9:62:77:de:b9:c8:49:b0:ae:
                    b2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B2:19:55:AD:9B:C0:C4:74:6F:D8:20:F6:37:11:A1:50:EF:F8:90
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/VrIZVa2bwMR0b9gg9jcRoVDv-JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.129.0/24
                  140.225.194.0/24
                  167.17.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:3f:9c:fc:52:0b:10:4f:64:50:c9:7e:40:58:9d:24:48:89:
         bb:b1:69:c4:06:be:39:9f:83:ab:81:1c:28:44:cb:c0:fd:78:
         48:e6:8d:f2:2c:c0:c2:7b:0a:f6:bb:e4:9c:ad:88:90:18:37:
         58:02:c8:d2:10:63:71:1a:77:1b:8d:65:d0:30:02:7e:1b:b2:
         d4:a5:e2:d3:2f:e8:47:8d:90:6e:ec:0e:ca:8a:72:4d:9b:16:
         d2:7f:2e:e2:31:22:09:8b:e5:14:ba:2c:f7:bf:94:da:1e:b7:
         27:4a:15:f3:7e:58:14:82:73:bb:ee:6f:17:fa:99:01:ae:f4:
         74:4d:e6:ce:83:06:26:81:9f:08:33:6a:54:d2:85:3f:87:cb:
         d4:bf:55:00:e8:12:82:31:b2:6a:0c:9f:69:ac:f7:52:e8:90:
         5d:22:74:62:14:06:b7:2d:07:d5:e7:46:54:53:b2:76:30:0d:
         48:be:b2:f9:35:a0:fa:da:62:0c:31:77:1b:6d:bc:82:10:86:
         44:5e:89:c4:83:02:a6:64:ba:b3:f3:83:ee:8a:eb:b5:d4:a1:
         7e:1a:2d:a5:9c:3a:08:90:29:01:2b:0c:ef:a1:c2:f3:8f:b4:
         8a:2a:55:51:41:07:c2:f6:7f:55:80:64:3d:4b:01:ea:5d:79:
         8a:c2:bd:f3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3yq9G5/04r/aLx/AAI80XfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTA0MTEwNzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmIyMTk1NWFkOWJjMGM0NzQ2ZmQ4MjBmNjM3MTFhMTUwZWZmODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kQ7tIZBEBiyxJPirW8K6YEJAh6R
5tj/jIKjMjvhdohZljfQW+ARV/wXFBkhLIzG3qWVBv52o/D1020oaF1vyF3bvB+P
SSb8y3GnNreMeeViBj2mJSBBpnSLwGtmHGujKnrVuzQOs7Bm6PTNm3CnrEF/S+XA
sIJR1UUtB29CxNF/vt/KnGwxvpC5mRTC6GB2iUYHuTqItMQpQH1uHIBKg0EmdNiZ
VO3W4JFlgSOk/tBjOux3/geZuQ6yOk9o6j32Qk9rVW6pprU0i0OkyaOui43voh+2
AJhgFmfNakH3nEVi1ar9VYNF84ZBG+3pUO0N2N0jmIPJYnfeuchJsK6yeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFayGVWtm8DEdG/YIPY3EaFQ7/iQMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVnJJWlZhMmJ3TVIwYjlnZzlqY1JvVkR2LUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAThGBAwQA
jOHCAwQApxE6MA0GCSqGSIb3DQEBCwUAA4IBAQBkP5z8UgsQT2RQyX5AWJ0kSIm7
sWnEBr45n4OrgRwoRMvA/XhI5o3yLMDCewr2u+ScrYiQGDdYAsjSEGNxGncbjWXQ
MAJ+G7LUpeLTL+hHjZBu7A7KinJNmxbSfy7iMSIJi+UUuiz3v5TaHrcnShXzflgU
gnO77m8X+pkBrvR0TebOgwYmgZ8IM2pU0oU/h8vUv1UA6BKCMbJqDJ9prPdS6JBd
InRiFAa3LQfV50ZUU7J2MA1IvrL5NaD62mIMMXcbbbyCEIZEXonEgwKmZLqz84Pu
iuu11KF+Gi2lnDoIkCkBKwzvocLzj7SKKlVRQQfC9n9VgGQ9SwHqXXmKwr3z
-----END CERTIFICATE-----