Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/r4xyNLWWmznvN8-2HQAUUtH8WD4.roa
File:                     r4xyNLWWmznvN8-2HQAUUtH8WD4.roa (raw, json)
Hash identifier:          Yx0ueyL/bhm8eOCB3RdfcV15kiUt20hwbcXP4E9Y1js=
Subject key identifier:   AF:8C:72:34:B5:96:9B:39:EF:37:CF:B6:1D:00:14:52:D1:FC:58:3E
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019DA999C8166EC0EB508E84425B2505E1C9
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/r4xyNLWWmznvN8-2HQAUUtH8WD4.roa
Signing time:             Mon 20 Apr 2026 06:35:20 +0000
ROA not before:           Mon 20 Apr 2026 06:35:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        78.108.56.0/24 maxlen: 24
                          78.108.60.0/22 maxlen: 24
                          78.108.61.0/24 maxlen: 24
                          185.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 11:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:99:c8:16:6e:c0:eb:50:8e:84:42:5b:25:05:e1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Apr 20 06:35:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af8c7234b5969b39ef37cfb61d001452d1fc583e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:88:3c:da:38:37:e6:32:17:5e:14:99:d8:26:
                    02:3a:32:7d:52:20:49:ac:ff:7b:76:c1:6b:a9:f0:
                    20:41:38:64:12:ee:7b:7f:62:d3:d8:37:b1:76:27:
                    b0:c6:f7:c3:52:92:12:e6:ca:da:d3:5b:71:37:62:
                    ea:1a:9e:c3:54:9c:0c:aa:d4:16:47:33:a5:4a:21:
                    ed:41:df:74:f1:f6:fb:14:61:c0:7a:41:47:83:3b:
                    ad:7b:19:6e:27:f3:bc:72:a2:e7:4a:c2:b4:5c:c5:
                    12:67:12:1b:53:ea:54:f6:03:3e:5d:48:44:8c:1d:
                    65:29:84:45:c9:64:78:78:0b:4a:75:04:d4:27:a9:
                    5c:d2:63:9a:1a:af:2e:c4:e8:ca:cd:68:08:9f:33:
                    07:95:b7:b5:b9:23:ea:74:eb:5d:26:3b:8b:3d:7e:
                    b2:af:81:66:cc:9b:61:bd:a5:61:87:58:2c:1b:a7:
                    a2:e4:b6:6b:2f:6c:ad:57:84:af:92:ab:81:18:93:
                    2a:57:a9:32:4d:7c:13:74:96:cd:fe:ae:3e:ea:76:
                    a6:93:b8:d2:75:df:c2:45:8e:84:30:f8:42:19:ca:
                    57:6a:9e:dd:c3:91:44:6d:fb:ff:cc:97:c3:a6:2e:
                    87:0a:76:b0:83:96:b6:ac:1f:3c:2c:b0:15:1f:bd:
                    49:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8C:72:34:B5:96:9B:39:EF:37:CF:B6:1D:00:14:52:D1:FC:58:3E
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/r4xyNLWWmznvN8-2HQAUUtH8WD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.56.0/24
                  78.108.60.0/22
                  185.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:af:98:dc:b4:97:e7:76:94:26:04:9c:82:16:67:36:e2:5f:
         c8:56:42:5a:da:ce:e2:35:f6:77:76:09:f6:a2:e0:3a:fc:37:
         e0:85:50:c2:4e:88:5b:ab:28:cf:b0:75:29:42:b9:29:08:1c:
         c7:04:b5:53:af:f7:30:8c:b5:58:6a:f6:f2:70:d9:a5:c2:51:
         c4:a3:07:ef:7c:30:84:d5:ee:b8:90:05:d5:ba:30:24:a9:98:
         f9:b7:8e:1c:7a:14:c6:7a:69:49:63:00:93:43:57:73:7c:86:
         ef:72:34:bd:07:6a:58:63:f2:77:49:02:09:ee:79:3c:28:16:
         93:0f:f1:02:a5:50:ab:96:d8:31:83:a7:77:b4:33:96:57:97:
         ca:3f:8a:4f:e8:1f:20:01:c6:55:0b:85:b0:ae:6f:33:74:a8:
         7b:ce:76:61:d2:25:12:1f:3d:49:35:37:9f:50:e4:13:e9:da:
         fe:79:e3:f0:ae:99:01:38:d0:39:49:fd:e1:5f:53:14:ec:63:
         d3:ad:69:8c:27:25:ef:4e:92:b2:03:a2:48:60:6a:52:cd:b6:
         c3:01:7e:5e:a4:35:4a:49:51:c7:79:2a:46:74:30:a0:47:db:
         c2:d4:e8:47:bc:91:4e:97:b6:52:34:a9:af:fe:3d:79:de:7e:
         86:15:bc:0a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2pmcgWbsDrUI6EQlslBeHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwNDIwMDYzNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjhjNzIzNGI1OTY5YjM5ZWYzN2NmYjYxZDAwMTQ1MmQxZmM1ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ig82jg35jIXXhSZ2CYCOjJ9UiBJ
rP97dsFrqfAgQThkEu57f2LT2DexdiewxvfDUpIS5sra01txN2LqGp7DVJwMqtQW
RzOlSiHtQd908fb7FGHAekFHgzutexluJ/O8cqLnSsK0XMUSZxIbU+pU9gM+XUhE
jB1lKYRFyWR4eAtKdQTUJ6lc0mOaGq8uxOjKzWgInzMHlbe1uSPqdOtdJjuLPX6y
r4FmzJthvaVhh1gsG6ei5LZrL2ytV4SvkquBGJMqV6kyTXwTdJbN/q4+6namk7jS
dd/CRY6EMPhCGcpXap7dw5FEbfv/zJfDpi6HCnawg5a2rB88LLAVH71JAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK+McjS1lps57zfPth0AFFLR/Fg+MB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvcjR4eU5MV1dtem52TjgtMkhRQVVVdEg4V0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATmw4AwQC
Tmw8AwQAufQAMA0GCSqGSIb3DQEBCwUAA4IBAQCHr5jctJfndpQmBJyCFmc24l/I
VkJa2s7iNfZ3dgn2ouA6/DfghVDCTohbqyjPsHUpQrkpCBzHBLVTr/cwjLVYavby
cNmlwlHEowfvfDCE1e64kAXVujAkqZj5t44cehTGemlJYwCTQ1dzfIbvcjS9B2pY
Y/J3SQIJ7nk8KBaTD/ECpVCrltgxg6d3tDOWV5fKP4pP6B8gAcZVC4Wwrm8zdKh7
znZh0iUSHz1JNTefUOQT6dr+eePwrpkBONA5Sf3hX1MU7GPTrWmMJyXvTpKyA6JI
YGpSzbbDAX5epDVKSVHHeSpGdDCgR9vC1OhHvJFOl7ZSNKmv/j153n6GFbwK
-----END CERTIFICATE-----