Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/CkCDhPbCna91c--nA7KEJZUC0FA.roa
File:                     CkCDhPbCna91c--nA7KEJZUC0FA.roa (raw, json)
Hash identifier:          SCFhK7kq7enPygOGahP+XtF61sybJv999OYFUdH7i+M=
Subject key identifier:   0A:40:83:84:F6:C2:9D:AF:75:73:EF:A7:03:B2:84:25:95:02:D0:50
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019CAD650E4F6E9772EF254316CDB83EA457
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/CkCDhPbCna91c--nA7KEJZUC0FA.roa
Signing time:             Mon 02 Mar 2026 07:13:26 +0000
ROA not before:           Mon 02 Mar 2026 07:13:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        78.108.60.0/22 maxlen: 24
                          78.108.61.0/24 maxlen: 24
                          185.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:65:0e:4f:6e:97:72:ef:25:43:16:cd:b8:3e:a4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Mar  2 07:13:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a408384f6c29daf7573efa703b284259502d050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:b3:e6:71:d5:ca:21:ea:98:97:90:4b:af:
                    fb:43:33:d4:9f:73:90:3b:ec:53:78:be:14:5f:b2:
                    74:e9:83:a6:45:db:28:41:d1:41:b0:e5:50:13:0e:
                    df:b2:c1:13:70:cb:74:cc:28:71:03:c7:f3:ea:61:
                    ef:c0:14:92:a4:a4:4c:f5:35:c3:af:21:bd:3a:1b:
                    6f:d4:bb:c3:b4:d3:97:c1:8a:b1:92:0b:7e:6c:e1:
                    9b:e2:4b:fc:62:d0:34:ca:6d:1d:27:f1:07:e0:a1:
                    13:1a:b7:6e:37:9f:fa:cc:ad:67:0d:91:44:46:f5:
                    4f:09:da:e9:79:6c:64:5a:12:fa:bc:43:f1:3c:42:
                    4e:ee:7e:a2:22:86:1c:26:33:01:1e:ee:aa:b1:cc:
                    a9:43:d5:dc:56:f5:d7:7d:62:ef:45:c1:a0:85:21:
                    ce:3b:7e:10:40:6c:6d:9d:4b:63:ef:31:b4:d0:60:
                    f6:a4:71:da:e5:ff:e3:86:6e:88:c7:90:b6:37:da:
                    43:3a:bd:be:02:f0:b4:80:7a:7d:d4:e3:d3:fb:c1:
                    a8:49:bd:e8:51:67:5f:f1:87:e6:73:79:05:82:4a:
                    34:68:72:e1:45:f7:e9:5a:7b:57:52:b4:b2:fe:b2:
                    b0:f8:13:a6:3d:66:ab:ec:03:10:63:46:ee:db:60:
                    5f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:40:83:84:F6:C2:9D:AF:75:73:EF:A7:03:B2:84:25:95:02:D0:50
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/CkCDhPbCna91c--nA7KEJZUC0FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.60.0/22
                  185.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:e6:42:8b:52:a9:8e:26:86:2e:c8:10:4e:eb:5f:75:7e:51:
         c9:3a:5e:a5:d6:07:f9:eb:42:ec:1f:49:1c:de:f6:90:65:ed:
         0a:22:cb:9d:7f:6a:9c:48:ca:7a:17:b2:6f:63:be:a0:79:d0:
         17:a2:7a:88:77:e0:9b:4e:37:2a:c2:31:7f:25:9f:ce:6c:4f:
         c1:3a:90:44:6f:fa:a0:a4:19:de:b2:60:dc:fa:fa:39:d0:5b:
         10:d2:d3:5e:65:b7:69:25:53:6a:50:e9:89:94:75:ad:38:91:
         e8:b4:0a:9d:f0:dc:82:af:0b:29:ba:05:9f:1c:76:b5:c7:c5:
         b3:04:43:c2:ac:d5:61:5e:3d:ec:ae:42:13:51:84:00:e3:ad:
         e0:c3:16:3e:bd:ee:5f:fe:d1:95:50:e5:05:9f:d4:d3:ad:11:
         6b:45:a3:22:1a:52:17:ae:30:8b:f2:d9:cb:ec:5d:d3:f4:02:
         c7:2d:4c:b8:2f:df:68:91:b6:83:e7:ef:eb:6b:e3:fa:2f:a0:
         3b:c0:89:44:bc:ff:a3:66:a1:14:53:76:e6:5b:9f:c0:55:c7:
         98:9b:1c:40:03:b2:b7:dc:ed:bd:14:7f:ab:99:70:1d:c7:68:
         ed:89:77:8c:8e:01:7a:95:11:7e:aa:10:13:08:e4:df:9b:02:
         f2:4f:04:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZytZQ5Pbpdy7yVDFs24PqRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMzAyMDcxMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQwODM4NGY2YzI5ZGFmNzU3M2VmYTcwM2IyODQyNTk1MDJkMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQez5nHVyiHqmJeQS6/7QzPUn3OQ
O+xTeL4UX7J06YOmRdsoQdFBsOVQEw7fssETcMt0zChxA8fz6mHvwBSSpKRM9TXD
ryG9Ohtv1LvDtNOXwYqxkgt+bOGb4kv8YtA0ym0dJ/EH4KETGrduN5/6zK1nDZFE
RvVPCdrpeWxkWhL6vEPxPEJO7n6iIoYcJjMBHu6qscypQ9XcVvXXfWLvRcGghSHO
O34QQGxtnUtj7zG00GD2pHHa5f/jhm6Ix5C2N9pDOr2+AvC0gHp91OPT+8GoSb3o
UWdf8Yfmc3kFgko0aHLhRffpWntXUrSy/rKw+BOmPWar7AMQY0bu22Bf2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApAg4T2wp2vdXPvpwOyhCWVAtBQMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvQ2tDRGhQYkNuYTkxYy0tbkE3S0VKWlVDMEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTmw8AwQA
ufQAMA0GCSqGSIb3DQEBCwUAA4IBAQC55kKLUqmOJoYuyBBO6191flHJOl6l1gf5
60LsH0kc3vaQZe0KIsudf2qcSMp6F7JvY76gedAXonqId+CbTjcqwjF/JZ/ObE/B
OpBEb/qgpBnesmDc+vo50FsQ0tNeZbdpJVNqUOmJlHWtOJHotAqd8NyCrwspugWf
HHa1x8WzBEPCrNVhXj3srkITUYQA463gwxY+ve5f/tGVUOUFn9TTrRFrRaMiGlIX
rjCL8tnL7F3T9ALHLUy4L99okbaD5+/ra+P6L6A7wIlEvP+jZqEUU3bmW5/AVceY
mxxAA7K33O29FH+rmXAdx2jtiXeMjgF6lRF+qhATCOTfmwLyTwRn
-----END CERTIFICATE-----