Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4B5PYdM6hdf5v3JY90vIhoxuYRA.roa
File:                     4B5PYdM6hdf5v3JY90vIhoxuYRA.roa (raw, json)
Hash identifier:          x6z3BhGBnLNFh0GY5DMNa5IJcSovdTHd+CSiC4nFsn0=
Subject key identifier:   E0:1E:4F:61:D3:3A:85:D7:F9:BF:72:58:F7:4B:C8:86:8C:6E:61:10
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019A3439E3C9A7B0F0022F50E5E823AB8A26
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4B5PYdM6hdf5v3JY90vIhoxuYRA.roa
Signing time:             Thu 30 Oct 2025 08:26:40 +0000
ROA not before:           Thu 30 Oct 2025 08:26:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        78.108.59.0/24 maxlen: 24
                          78.108.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Nov 2025 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:39:e3:c9:a7:b0:f0:02:2f:50:e5:e8:23:ab:8a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Oct 30 08:26:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e01e4f61d33a85d7f9bf7258f74bc8868c6e6110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d9:08:9a:35:f5:93:2b:e5:98:59:3f:77:ae:
                    ea:68:da:4a:86:91:d2:fc:fc:ca:f6:7c:c7:0b:3b:
                    bf:94:11:5e:08:c8:f0:11:cb:10:97:d2:8c:61:ab:
                    4f:c5:14:13:8f:31:3c:a0:10:5f:d5:db:85:b4:ed:
                    56:89:82:2c:96:cb:79:d3:62:65:3e:9e:be:89:06:
                    40:1b:41:dc:0a:75:61:9a:0e:50:1b:e2:06:48:67:
                    d0:c7:c6:98:46:9a:11:c0:57:9f:39:2c:ad:47:50:
                    53:44:7a:bf:b0:0f:29:a3:b4:9a:e9:71:e1:ff:51:
                    ef:40:2d:bd:4c:0a:58:f5:14:d7:66:58:cb:38:d8:
                    ee:7f:60:47:19:d8:57:b3:3b:f0:bd:8c:2d:c8:3c:
                    93:76:df:8e:07:a5:87:74:ef:58:8c:ce:ef:b4:33:
                    30:72:b3:9f:40:ec:92:3d:84:f9:b4:93:f6:1c:59:
                    9b:cb:d4:ac:88:5b:28:8a:e3:95:bc:9b:5b:8d:5e:
                    a4:a1:10:ce:60:7e:2b:9f:08:c5:a9:45:04:fe:df:
                    23:93:a7:f8:ed:43:c8:44:85:40:1a:a4:f4:c7:89:
                    78:80:38:43:25:92:aa:e8:20:30:d3:c8:f2:77:22:
                    a3:52:b0:7b:fa:c4:e2:42:fc:c2:45:77:72:9c:c6:
                    8f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1E:4F:61:D3:3A:85:D7:F9:BF:72:58:F7:4B:C8:86:8C:6E:61:10
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4B5PYdM6hdf5v3JY90vIhoxuYRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.59.0/24
                  78.108.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:0d:0e:04:8a:87:b9:9b:ae:3c:e4:ac:4d:f4:55:2c:c9:e4:
         03:7c:9a:63:c0:93:f1:0b:2b:82:f8:f4:81:c8:9d:0c:7f:ee:
         85:e9:cb:22:a5:0f:e5:2e:0c:41:5e:b4:20:d5:3b:08:f8:2d:
         42:68:67:47:a6:45:65:f0:58:14:c7:aa:96:57:11:d8:26:03:
         ee:be:c9:96:dd:fb:08:a8:3d:da:23:9b:17:38:d6:3e:e4:44:
         fd:56:fa:33:30:fd:f5:06:0e:96:2d:5e:a6:33:9f:bc:e3:24:
         4a:e7:30:b4:99:e8:0b:ff:d5:43:ee:b3:a6:54:a3:2c:8f:ba:
         a9:f8:eb:4c:c9:72:6d:0f:fc:b7:fc:4d:e4:56:9b:42:e1:87:
         e7:00:a8:69:34:ee:c2:5f:31:e5:1c:5c:f1:cd:33:a8:e1:30:
         1e:0b:c8:7d:95:93:bf:e8:96:37:ab:58:23:f9:63:c4:ba:7d:
         2f:e5:2d:bf:f8:29:a3:e9:09:c8:15:1f:a6:e4:c1:4e:89:45:
         a6:ae:24:03:8b:cd:69:09:a2:d8:75:73:0e:6d:9f:f7:a6:84:
         98:a3:b3:82:14:d8:d3:d3:4c:7e:d8:c6:ef:15:49:d6:03:60:
         ec:e1:4d:15:26:4c:46:72:68:a1:28:1b:67:f4:40:fe:c2:cd:
         f1:75:2d:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZo0OePJp7DwAi9Q5egjq4omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUxMDMwMDgyNjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFlNGY2MWQzM2E4NWQ3ZjliZjcyNThmNzRiYzg4NjhjNmU2MTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tkImjX1kyvlmFk/d67qaNpKhpHS
/PzK9nzHCzu/lBFeCMjwEcsQl9KMYatPxRQTjzE8oBBf1duFtO1WiYIslst502Jl
Pp6+iQZAG0HcCnVhmg5QG+IGSGfQx8aYRpoRwFefOSytR1BTRHq/sA8po7Sa6XHh
/1HvQC29TApY9RTXZljLONjuf2BHGdhXszvwvYwtyDyTdt+OB6WHdO9YjM7vtDMw
crOfQOySPYT5tJP2HFmby9SsiFsoiuOVvJtbjV6koRDOYH4rnwjFqUUE/t8jk6f4
7UPIRIVAGqT0x4l4gDhDJZKq6CAw08jydyKjUrB7+sTiQvzCRXdynMaPswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOAeT2HTOoXX+b9yWPdLyIaMbmEQMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvNEI1UFlkTTZoZGY1djNKWTkwdklob3h1WVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATmw7AwQA
Tmw9MA0GCSqGSIb3DQEBCwUAA4IBAQCbDQ4Eioe5m6485KxN9FUsyeQDfJpjwJPx
CyuC+PSByJ0Mf+6F6csipQ/lLgxBXrQg1TsI+C1CaGdHpkVl8FgUx6qWVxHYJgPu
vsmW3fsIqD3aI5sXONY+5ET9VvozMP31Bg6WLV6mM5+84yRK5zC0megL/9VD7rOm
VKMsj7qp+OtMyXJtD/y3/E3kVptC4YfnAKhpNO7CXzHlHFzxzTOo4TAeC8h9lZO/
6JY3q1gj+WPEun0v5S2/+Cmj6QnIFR+m5MFOiUWmriQDi81pCaLYdXMObZ/3poSY
o7OCFNjT00x+2MbvFUnWA2Ds4U0VJkxGcmihKBtn9ED+ws3xdS1z
-----END CERTIFICATE-----