Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/TB7Vm4gWWSiSIt6nLNjBHvK1zRI.roa
File:                     TB7Vm4gWWSiSIt6nLNjBHvK1zRI.roa (raw, json)
Hash identifier:          mqf0wz3JRTRNuit3/84vfVWXJ5dDkzwNJrg38RSIvsc=
Subject key identifier:   4C:1E:D5:9B:88:16:59:28:92:22:DE:A7:2C:D8:C1:1E:F2:B5:CD:12
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019A2EC9B85F591DBF4C34343597E1F9938D
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/TB7Vm4gWWSiSIt6nLNjBHvK1zRI.roa
Signing time:             Wed 29 Oct 2025 07:06:03 +0000
ROA not before:           Wed 29 Oct 2025 07:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        78.108.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2e:c9:b8:5f:59:1d:bf:4c:34:34:35:97:e1:f9:93:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Oct 29 07:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c1ed59b881659289222dea72cd8c11ef2b5cd12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:08:fc:bb:09:28:bb:51:95:f4:80:72:69:7d:
                    90:58:6d:30:f5:c1:6d:8b:3e:87:fc:29:42:2b:c9:
                    40:12:dc:80:f8:54:39:e3:a9:79:f2:20:6f:a8:89:
                    91:9a:3b:64:76:3f:88:cb:df:68:7e:f0:bc:30:93:
                    f8:d4:d4:5c:ce:cc:0f:fa:07:a5:53:a0:73:f9:50:
                    81:b7:55:6b:5c:21:21:b8:ed:bf:94:15:ca:64:d6:
                    1b:77:d1:2c:b1:a0:e8:8c:4e:95:6d:b2:96:89:39:
                    47:82:a7:70:b5:f7:94:73:81:37:c3:23:3c:0c:e6:
                    2d:0e:d6:ad:8f:1b:15:34:be:5f:64:25:da:8b:ef:
                    cb:33:a7:34:0a:67:f9:2d:35:dc:fd:08:e5:a0:93:
                    b6:ee:45:66:b5:b7:a3:00:ea:e1:91:24:8b:0a:21:
                    2f:af:78:f6:49:e7:94:18:2a:a3:e5:94:9a:05:af:
                    a5:b6:2e:30:6f:01:71:d9:f9:d7:1c:d9:4c:a4:2a:
                    80:fc:ab:e3:b6:da:52:12:52:eb:70:b3:d7:ff:80:
                    18:3f:28:4a:e1:06:01:ac:2b:83:19:b6:d3:48:58:
                    c1:d4:5a:d2:0b:9a:47:6b:5c:ef:bd:a7:65:6f:eb:
                    2c:40:0e:48:31:ac:89:19:2f:d5:87:b8:7a:5c:8c:
                    f3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1E:D5:9B:88:16:59:28:92:22:DE:A7:2C:D8:C1:1E:F2:B5:CD:12
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/TB7Vm4gWWSiSIt6nLNjBHvK1zRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:12:fe:f3:b3:a4:42:2f:a7:48:b2:6e:7d:c5:96:7b:2e:74:
         48:bd:d2:4d:28:52:20:23:58:50:50:38:13:a6:19:22:d5:d8:
         a4:82:c0:fc:08:17:ed:76:f2:33:79:4d:90:83:fd:d7:5d:fa:
         a6:d1:cb:3a:3c:da:46:a7:a7:d9:db:8d:a8:dc:6c:42:48:d3:
         0c:c1:61:54:30:a6:69:28:eb:a2:0a:df:7f:a4:3d:e0:c9:a6:
         d6:0d:a6:5c:4a:3d:5d:5f:20:a7:cd:9b:cc:2f:30:b0:c9:95:
         b0:a9:3f:df:bc:d2:37:71:aa:be:ee:94:56:e6:d7:49:c8:54:
         db:0c:71:fd:b8:69:5f:aa:1b:8c:af:50:92:aa:11:46:75:9c:
         3c:61:98:ed:6c:ac:b7:75:af:ae:d1:cf:96:a9:59:42:95:03:
         e8:3b:7d:67:77:11:a3:0d:42:7e:35:6b:e5:b5:f8:5a:44:5e:
         40:98:13:8f:b8:4d:2e:fe:93:6f:3b:92:40:b4:9e:e6:8f:79:
         16:69:72:0a:99:6b:3a:44:08:56:8d:41:b3:33:91:30:6d:43:
         a6:a6:c4:bf:2e:80:7a:59:83:dd:3f:a4:2b:e1:e8:8e:80:08:
         95:94:49:dd:b5:16:11:04:91:d8:24:29:5a:b5:72:61:09:38:
         57:aa:f2:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZouybhfWR2/TDQ0NZfh+ZONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUxMDI5MDcwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFlZDU5Yjg4MTY1OTI4OTIyMmRlYTcyY2Q4YzExZWYyYjVjZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Aj8uwkou1GV9IByaX2QWG0w9cFt
iz6H/ClCK8lAEtyA+FQ546l58iBvqImRmjtkdj+Iy99ofvC8MJP41NRczswP+gel
U6Bz+VCBt1VrXCEhuO2/lBXKZNYbd9EssaDojE6VbbKWiTlHgqdwtfeUc4E3wyM8
DOYtDtatjxsVNL5fZCXai+/LM6c0Cmf5LTXc/QjloJO27kVmtbejAOrhkSSLCiEv
r3j2SeeUGCqj5ZSaBa+lti4wbwFx2fnXHNlMpCqA/KvjttpSElLrcLPX/4AYPyhK
4QYBrCuDGbbTSFjB1FrSC5pHa1zvvadlb+ssQA5IMayJGS/Vh7h6XIzzEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwe1ZuIFlkokiLepyzYwR7ytc0SMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvVEI3Vm00Z1dXU2lTSXQ2bkxOakJIdksxelJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTmw8MA0G
CSqGSIb3DQEBCwUAA4IBAQDZEv7zs6RCL6dIsm59xZZ7LnRIvdJNKFIgI1hQUDgT
phki1dikgsD8CBftdvIzeU2Qg/3XXfqm0cs6PNpGp6fZ242o3GxCSNMMwWFUMKZp
KOuiCt9/pD3gyabWDaZcSj1dXyCnzZvMLzCwyZWwqT/fvNI3caq+7pRW5tdJyFTb
DHH9uGlfqhuMr1CSqhFGdZw8YZjtbKy3da+u0c+WqVlClQPoO31ndxGjDUJ+NWvl
tfhaRF5AmBOPuE0u/pNvO5JAtJ7mj3kWaXIKmWs6RAhWjUGzM5EwbUOmpsS/LoB6
WYPdP6Qr4eiOgAiVlEndtRYRBJHYJClatXJhCThXqvJ8
-----END CERTIFICATE-----