Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fnh1nIIPWDFtztvYizMkDWPJ9IU.roa
File:                     fnh1nIIPWDFtztvYizMkDWPJ9IU.roa (raw, json)
Hash identifier:          MHFP65b0mTd8eFRb7dP2dcZW3fNUQw7p//+PV2GQCc8=
Subject key identifier:   7E:78:75:9C:82:0F:58:31:6D:CE:DB:D8:8B:33:24:0D:63:C9:F4:85
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019E45797E3288F4CA2132F967B2976406B4
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fnh1nIIPWDFtztvYizMkDWPJ9IU.roa
Signing time:             Wed 20 May 2026 13:00:50 +0000
ROA not before:           Wed 20 May 2026 13:00:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197363
IP address blocks:        78.17.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:79:7e:32:88:f4:ca:21:32:f9:67:b2:97:64:06:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May 20 13:00:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e78759c820f58316dcedbd88b33240d63c9f485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:30:ec:17:1d:84:19:6c:fc:67:8b:20:1d:c5:
                    e6:d2:ad:73:73:63:97:77:c7:e1:c9:93:ba:5a:4a:
                    fd:58:68:06:eb:18:f4:e7:33:07:6d:3d:fb:52:05:
                    ed:8f:be:a2:a4:d4:bd:52:3e:bf:87:2e:c3:0f:3b:
                    42:1e:ef:6f:1e:20:e9:6c:93:9a:ed:6f:27:9f:8d:
                    ae:45:fd:6f:fa:f2:c6:58:fc:c2:a2:03:03:c9:27:
                    61:4f:34:9a:86:83:55:04:61:e1:ae:a6:31:11:cb:
                    20:f1:d7:72:e6:78:14:d9:16:ad:05:17:ac:3d:63:
                    ad:ec:c8:84:36:0e:98:bb:f4:e6:f8:89:f4:b3:ee:
                    93:ef:e2:72:f8:0c:95:61:4c:9c:2e:c0:ab:37:1f:
                    f8:a1:89:5b:1c:3b:5d:4e:3c:dc:a6:c5:f9:ee:ce:
                    8e:bc:1b:92:fc:11:f6:02:0c:f3:78:5c:88:35:c0:
                    66:89:96:79:d6:7c:18:4e:a1:a5:c0:7d:d4:de:97:
                    3a:f7:42:a7:c1:39:02:ed:49:80:f1:e6:dc:4c:45:
                    e8:5d:0a:34:e7:b6:a0:d2:5c:dd:ee:c2:26:6e:08:
                    fc:0b:96:db:ee:ed:56:de:15:65:65:23:6d:7a:d1:
                    8f:da:45:b6:5c:12:22:6a:64:da:0b:31:34:c9:85:
                    fd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:78:75:9C:82:0F:58:31:6D:CE:DB:D8:8B:33:24:0D:63:C9:F4:85
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fnh1nIIPWDFtztvYizMkDWPJ9IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f2:ef:99:45:8e:1a:53:e5:31:9d:62:d3:60:e3:ee:ba:f1:
         1a:46:f5:de:e4:1d:4f:61:51:c0:61:20:c1:0a:f1:f9:71:aa:
         c7:6e:92:7c:c4:7c:b9:4c:30:46:a1:2b:46:3a:14:a2:b6:c0:
         b6:47:73:af:67:03:c1:2d:0c:6d:c9:33:75:05:cc:55:6d:ee:
         bd:2b:b2:02:d2:3e:17:ee:1e:43:67:1e:f6:3e:5f:27:62:15:
         bd:2b:d9:67:ad:26:c1:2d:3b:0d:ae:64:4f:38:a4:9e:36:17:
         16:83:94:40:fb:e4:a1:e8:dc:dd:ad:f0:dc:20:fb:55:e5:4e:
         29:26:3e:ae:a1:99:0d:57:05:4b:3d:cb:e5:ac:bd:df:0b:89:
         95:b7:1e:62:1f:5b:4c:db:ab:89:51:51:2f:23:cd:77:63:98:
         f3:45:62:bd:91:35:44:a8:26:94:d9:41:43:db:6a:bf:1a:d9:
         1d:d2:85:b3:cb:50:24:60:e0:fb:58:e3:35:a4:d7:ec:3e:93:
         0d:88:ce:34:f4:9a:58:c0:9f:44:cf:ec:b4:ab:ea:6b:51:36:
         fc:05:28:cc:be:38:92:dd:90:ff:0f:72:d1:ad:eb:2b:82:3b:
         fc:cd:e1:70:1a:81:72:7a:dc:1d:18:c5:dd:ac:c4:8b:32:da:
         d4:7b:8f:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5FeX4yiPTKITL5Z7KXZAa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTIwMTMwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTc4NzU5YzgyMGY1ODMxNmRjZWRiZDg4YjMzMjQwZDYzYzlmNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zDsFx2EGWz8Z4sgHcXm0q1zc2OX
d8fhyZO6Wkr9WGgG6xj05zMHbT37UgXtj76ipNS9Uj6/hy7DDztCHu9vHiDpbJOa
7W8nn42uRf1v+vLGWPzCogMDySdhTzSahoNVBGHhrqYxEcsg8ddy5ngU2RatBRes
PWOt7MiENg6Yu/Tm+In0s+6T7+Jy+AyVYUycLsCrNx/4oYlbHDtdTjzcpsX57s6O
vBuS/BH2AgzzeFyINcBmiZZ51nwYTqGlwH3U3pc690KnwTkC7UmA8ebcTEXoXQo0
57ag0lzd7sImbgj8C5bb7u1W3hVlZSNtetGP2kW2XBIiamTaCzE0yYX9aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH54dZyCD1gxbc7b2IszJA1jyfSFMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZm5oMW5JSVBXREZ0enR2WWl6TWtEV1BKOUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThFPMA0G
CSqGSIb3DQEBCwUAA4IBAQAB8u+ZRY4aU+UxnWLTYOPuuvEaRvXe5B1PYVHAYSDB
CvH5carHbpJ8xHy5TDBGoStGOhSitsC2R3OvZwPBLQxtyTN1BcxVbe69K7IC0j4X
7h5DZx72Pl8nYhW9K9lnrSbBLTsNrmRPOKSeNhcWg5RA++Sh6NzdrfDcIPtV5U4p
Jj6uoZkNVwVLPcvlrL3fC4mVtx5iH1tM26uJUVEvI813Y5jzRWK9kTVEqCaU2UFD
22q/Gtkd0oWzy1AkYOD7WOM1pNfsPpMNiM409JpYwJ9Ez+y0q+prUTb8BSjMvjiS
3ZD/D3LRresrgjv8zeFwGoFyetwdGMXdrMSLMtrUe4/v
-----END CERTIFICATE-----