Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yWS3DxYlEa286j-Oj-MizHyB7tQ.roa
File:                     yWS3DxYlEa286j-Oj-MizHyB7tQ.roa (raw, json)
Hash identifier:          ThzwUBysD3Pp4+LTCcV1XKNGgsfv+MNlctzHUQSZ/t0=
Subject key identifier:   C9:64:B7:0F:16:25:11:AD:BC:EA:3F:8E:8F:E3:22:CC:7C:81:EE:D4
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019A0B770E03C12C4B8165FDE1BD49C0CB8E
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yWS3DxYlEa286j-Oj-MizHyB7tQ.roa
Signing time:             Wed 22 Oct 2025 10:29:03 +0000
ROA not before:           Wed 22 Oct 2025 10:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199524
IP address blocks:        78.108.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Oct 2025 07:06:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:77:0e:03:c1:2c:4b:81:65:fd:e1:bd:49:c0:cb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Oct 22 10:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c964b70f162511adbcea3f8e8fe322cc7c81eed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:59:7c:99:5a:a3:48:91:7a:7a:e3:fa:a8:bc:
                    45:99:e6:74:fb:e6:f7:81:de:54:bc:dc:48:00:6e:
                    c6:b0:e8:04:93:4a:bc:01:75:d3:28:72:63:a1:76:
                    32:ae:12:7c:97:36:e9:61:4a:31:c9:d9:77:06:be:
                    d4:03:a6:a2:7d:da:dd:63:03:5e:18:f9:49:f3:b6:
                    26:f0:5c:cf:a9:40:36:ae:03:fb:9b:b4:a0:4d:06:
                    07:43:7e:ae:52:ee:b7:8a:a2:b7:21:a5:01:7f:42:
                    c7:69:67:33:a1:df:bf:0c:05:5a:9b:e6:54:77:f8:
                    3c:8d:24:55:8d:17:01:23:14:09:b8:9a:56:2b:11:
                    f0:bd:ab:7a:7e:10:14:5c:03:74:e5:c9:bc:a4:71:
                    c6:f8:a0:57:40:de:6d:64:a9:97:6e:00:f3:92:05:
                    6b:bf:10:ca:cc:fd:e4:65:19:fa:4d:70:c1:bf:83:
                    01:d4:dd:7c:71:3e:c1:14:7c:ab:8a:4c:06:68:6b:
                    51:a4:7a:b3:1b:c0:50:e8:ef:f7:64:ed:f9:1a:e8:
                    8f:df:6e:e0:98:8b:e1:79:e1:42:4b:75:3c:fb:9e:
                    ec:f7:f0:96:29:04:8d:83:a5:89:9e:8f:45:a0:83:
                    ad:16:79:82:9f:4c:ff:9f:d5:40:0f:70:dc:4e:26:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:64:B7:0F:16:25:11:AD:BC:EA:3F:8E:8F:E3:22:CC:7C:81:EE:D4
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yWS3DxYlEa286j-Oj-MizHyB7tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:a1:2e:a7:30:09:b5:41:38:21:7c:43:1d:91:8a:9f:dd:2e:
         6f:d6:32:ea:eb:49:5f:96:9d:82:7f:5a:3e:d7:38:5d:ba:78:
         ce:b5:4e:c5:f2:d6:63:92:b8:c3:ad:ac:ef:11:a1:36:fa:a1:
         89:4c:c2:2d:71:e4:bf:a0:21:d6:e5:b3:b8:91:b3:4e:39:3d:
         1f:ea:a7:8b:3f:e1:d4:81:1e:43:d5:a7:c6:02:ac:1a:c6:62:
         71:99:88:99:ca:1f:1b:e9:c8:9e:1b:8e:16:61:5c:37:bd:ae:
         2a:35:16:9e:da:db:e5:7d:c1:14:66:9d:90:c2:5d:b5:8b:f4:
         23:fc:bd:dd:52:49:e7:a0:0e:92:cf:24:c8:ba:6b:e6:79:d8:
         8e:ed:f8:8c:59:00:ab:34:c4:a3:93:bb:47:69:48:bb:b7:ee:
         ca:39:36:b0:6f:86:63:ef:88:a1:9f:e3:09:bc:db:1f:f4:79:
         1f:de:c9:1b:3b:23:10:8c:84:24:34:9f:1c:5f:c3:1a:1a:c5:
         ab:17:d3:42:62:55:23:01:42:92:76:13:60:ef:88:27:f7:95:
         73:ee:b1:5a:0c:41:ee:ac:d0:98:bd:e0:7a:f7:e6:38:97:b3:
         75:68:34:ea:0b:fc:f5:26:f2:0e:ae:f8:6d:9a:8b:2f:c1:7f:
         cd:ca:08:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoLdw4DwSxLgWX94b1JwMuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUxMDIyMTAyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY0YjcwZjE2MjUxMWFkYmNlYTNmOGU4ZmUzMjJjYzdjODFlZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFl8mVqjSJF6euP6qLxFmeZ0++b3
gd5UvNxIAG7GsOgEk0q8AXXTKHJjoXYyrhJ8lzbpYUoxydl3Br7UA6aifdrdYwNe
GPlJ87Ym8FzPqUA2rgP7m7SgTQYHQ36uUu63iqK3IaUBf0LHaWczod+/DAVam+ZU
d/g8jSRVjRcBIxQJuJpWKxHwvat6fhAUXAN05cm8pHHG+KBXQN5tZKmXbgDzkgVr
vxDKzP3kZRn6TXDBv4MB1N18cT7BFHyrikwGaGtRpHqzG8BQ6O/3ZO35GuiP327g
mIvheeFCS3U8+57s9/CWKQSNg6WJno9FoIOtFnmCn0z/n9VAD3DcTiZPGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlktw8WJRGtvOo/jo/jIsx8ge7UMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEveVdTM0R4WWxFYTI4NmotT2otTWl6SHlCN3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw4MA0G
CSqGSIb3DQEBCwUAA4IBAQA5oS6nMAm1QTghfEMdkYqf3S5v1jLq60lflp2Cf1o+
1zhdunjOtU7F8tZjkrjDrazvEaE2+qGJTMItceS/oCHW5bO4kbNOOT0f6qeLP+HU
gR5D1afGAqwaxmJxmYiZyh8b6cieG44WYVw3va4qNRae2tvlfcEUZp2Qwl21i/Qj
/L3dUknnoA6SzyTIumvmediO7fiMWQCrNMSjk7tHaUi7t+7KOTawb4Zj74ihn+MJ
vNsf9Hkf3skbOyMQjIQkNJ8cX8MaGsWrF9NCYlUjAUKSdhNg74gn95Vz7rFaDEHu
rNCYveB69+Y4l7N1aDTqC/z1JvIOrvhtmosvwX/NyggK
-----END CERTIFICATE-----