Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Dry5fmI7vbYODg3IRPL7HNkMZEE.roa
File:                     Dry5fmI7vbYODg3IRPL7HNkMZEE.roa (raw, json)
Hash identifier:          pqWEYcMTMmr2xp+JOotJI+53hcGjaHkqIQLS6j9AKUU=
Subject key identifier:   0E:BC:B9:7E:62:3B:BD:B6:0E:0E:0D:C8:44:F2:FB:1C:D9:0C:64:41
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019D007C75DFAA469AED3CBAD5FC676820B8
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Dry5fmI7vbYODg3IRPL7HNkMZEE.roa
Signing time:             Wed 18 Mar 2026 10:27:29 +0000
ROA not before:           Wed 18 Mar 2026 10:27:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206675
IP address blocks:        78.108.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:7c:75:df:aa:46:9a:ed:3c:ba:d5:fc:67:68:20:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Mar 18 10:27:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ebcb97e623bbdb60e0e0dc844f2fb1cd90c6441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:db:b4:b5:6e:e1:38:31:41:d7:ae:1d:6e:9a:
                    24:08:46:5d:1b:83:d7:38:13:22:94:44:99:09:54:
                    1b:7d:11:8b:9a:8b:17:d0:15:e5:c1:e6:db:8c:53:
                    3e:9f:62:92:ae:78:71:51:b5:fa:85:7f:91:af:39:
                    c4:ce:17:ea:04:c3:7f:af:c1:1d:01:13:a7:55:69:
                    41:61:30:0c:92:1f:ce:32:90:f6:4f:1b:f8:25:b6:
                    a0:c8:ab:bb:68:8f:31:a4:14:79:b0:1c:cc:d4:ab:
                    b8:54:92:37:a0:63:8d:a5:52:f2:17:8b:bf:b6:6d:
                    2c:2d:43:ce:73:fb:84:5a:66:51:56:8d:75:4b:2b:
                    61:1d:a9:7c:4a:b8:ac:ef:08:db:e6:53:06:42:06:
                    b5:67:4a:6e:09:f6:bd:e0:a5:5e:b4:5f:52:cd:b0:
                    2a:34:f8:2f:13:14:13:97:84:1e:42:37:6d:58:fc:
                    5f:85:34:1d:96:00:80:df:57:2f:b6:cd:2f:bf:b8:
                    7a:a1:fc:46:37:69:7a:22:fe:70:df:bc:65:c9:1c:
                    7b:3f:8d:34:33:22:10:a1:0d:59:cc:99:13:0d:6a:
                    8e:7c:42:14:a9:0b:15:76:fc:fc:0d:1b:15:f1:0f:
                    5d:22:e0:67:28:88:af:e6:7d:19:e2:bb:92:6b:55:
                    0a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BC:B9:7E:62:3B:BD:B6:0E:0E:0D:C8:44:F2:FB:1C:D9:0C:64:41
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/Dry5fmI7vbYODg3IRPL7HNkMZEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:52:ee:89:f6:23:30:3b:4b:04:ce:3e:37:a8:a8:5d:bd:fb:
         63:3a:a1:ec:c7:1a:b6:74:24:0d:a7:f1:c1:5e:ae:15:29:69:
         a7:5f:3e:6f:aa:83:df:78:6f:6f:fc:e5:8e:94:8f:45:72:93:
         a9:83:5a:c8:c7:4d:0d:0f:18:ce:7d:f7:e4:8a:94:b3:b9:75:
         4a:25:b7:2d:1b:93:d2:f3:fb:40:64:fd:03:8d:55:08:7a:16:
         e6:8a:81:4e:60:ff:c8:55:de:ae:53:44:14:8f:9f:fa:9c:bf:
         ca:54:dd:42:7f:c2:54:09:7a:68:5e:63:4f:4f:95:83:03:3d:
         0b:e9:4b:ce:1e:47:a5:1b:a3:82:26:f6:86:e9:31:5a:21:0c:
         80:3b:53:8b:69:3e:5f:ad:21:9d:79:61:2d:ec:c6:73:e1:06:
         98:e3:eb:ae:ca:49:fd:ea:f8:ed:84:8d:17:fd:72:14:df:0e:
         4c:96:4b:2f:22:ef:93:1c:ce:03:da:8e:6e:cc:4e:7b:23:30:
         79:6e:67:7c:00:08:b5:51:f4:c6:d7:bd:8f:a7:a0:db:e9:15:
         46:46:b7:42:9e:cd:8a:d1:c3:33:1a:02:7b:e7:68:c2:62:49:
         ca:95:af:f4:2c:ec:19:91:b1:b5:3e:b6:87:f3:94:96:8d:67:
         87:86:e5:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AfHXfqkaa7Ty61fxnaCC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMzE4MTAyNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJjYjk3ZTYyM2JiZGI2MGUwZTBkYzg0NGYyZmIxY2Q5MGM2NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtu0tW7hODFB164dbpokCEZdG4PX
OBMilESZCVQbfRGLmosX0BXlwebbjFM+n2KSrnhxUbX6hX+RrznEzhfqBMN/r8Ed
AROnVWlBYTAMkh/OMpD2Txv4JbagyKu7aI8xpBR5sBzM1Ku4VJI3oGONpVLyF4u/
tm0sLUPOc/uEWmZRVo11SythHal8Sris7wjb5lMGQga1Z0puCfa94KVetF9SzbAq
NPgvExQTl4QeQjdtWPxfhTQdlgCA31cvts0vv7h6ofxGN2l6Iv5w37xlyRx7P400
MyIQoQ1ZzJkTDWqOfEIUqQsVdvz8DRsV8Q9dIuBnKIiv5n0Z4ruSa1UKyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA68uX5iO722Dg4NyETy+xzZDGRBMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvRHJ5NWZtSTd2YllPRGczSVJQTDdITmtNWkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw+MA0G
CSqGSIb3DQEBCwUAA4IBAQC5Uu6J9iMwO0sEzj43qKhdvftjOqHsxxq2dCQNp/HB
Xq4VKWmnXz5vqoPfeG9v/OWOlI9FcpOpg1rIx00NDxjOfffkipSzuXVKJbctG5PS
8/tAZP0DjVUIehbmioFOYP/IVd6uU0QUj5/6nL/KVN1Cf8JUCXpoXmNPT5WDAz0L
6UvOHkelG6OCJvaG6TFaIQyAO1OLaT5frSGdeWEt7MZz4QaY4+uuykn96vjthI0X
/XIU3w5MlksvIu+THM4D2o5uzE57IzB5bmd8AAi1UfTG172Pp6Db6RVGRrdCns2K
0cMzGgJ752jCYknKla/0LOwZkbG1PraH85SWjWeHhuV3
-----END CERTIFICATE-----