Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/lTWfcBG5IrstAXmUfCIekplHrpY.roa
File:                     lTWfcBG5IrstAXmUfCIekplHrpY.roa (raw, json)
Hash identifier:          5RTmhw/GIcNQMQi62S5xDFtrVIl1BSjSMimOCLgTGVU=
Subject key identifier:   95:35:9F:70:11:B9:22:BB:2D:01:79:94:7C:22:1E:92:99:47:AE:96
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019E63C10E9CA9A401FA247D2FF09018D2BF
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/lTWfcBG5IrstAXmUfCIekplHrpY.roa
Signing time:             Tue 26 May 2026 10:07:37 +0000
ROA not before:           Tue 26 May 2026 10:07:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209832
IP address blocks:        78.128.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:c1:0e:9c:a9:a4:01:fa:24:7d:2f:f0:90:18:d2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: May 26 10:07:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95359f7011b922bb2d0179947c221e929947ae96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:b7:77:55:d8:1c:74:33:0f:93:86:b3:f3:
                    c0:4e:8f:b6:69:69:6b:79:df:42:2c:08:c7:f5:55:
                    22:7c:93:5c:c2:ab:f9:3c:34:8b:19:dc:93:e9:20:
                    94:a5:3d:4f:bd:d9:a7:b2:e7:7c:87:33:91:6f:09:
                    6c:a9:20:84:8f:9b:f6:cb:8e:fe:ab:7a:0b:cf:d6:
                    0e:73:d4:5b:e9:df:fd:73:7c:d1:bd:88:a0:f1:c6:
                    48:8b:bb:09:d3:5e:67:86:62:f3:ec:a7:5b:85:ad:
                    c2:d1:d9:f8:08:23:c3:a7:66:fd:ac:c1:2a:99:21:
                    91:b7:eb:ad:a8:05:03:97:82:8d:02:5e:af:cd:dd:
                    52:17:55:cc:23:5d:1f:0d:77:6e:72:8f:3a:7b:34:
                    39:6b:74:cb:f9:23:25:e9:cb:4f:23:14:9a:99:48:
                    54:2b:e5:9b:e9:b5:27:ba:03:29:3f:bc:a3:2a:b7:
                    41:71:1c:fe:71:be:6e:01:8f:95:a3:1a:0c:0c:00:
                    e2:01:47:54:db:07:45:36:fc:76:14:87:ad:4e:90:
                    97:c5:f8:49:7f:f7:a7:47:0b:22:37:18:7a:f3:30:
                    3c:83:8a:6c:b0:c1:cb:df:32:b0:ae:fd:15:1d:2e:
                    56:7b:91:ec:2b:7c:11:f0:0a:44:1e:05:74:c7:58:
                    d7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:35:9F:70:11:B9:22:BB:2D:01:79:94:7C:22:1E:92:99:47:AE:96
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/lTWfcBG5IrstAXmUfCIekplHrpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:42:07:5e:7b:bc:cb:4b:e3:e7:08:cd:b6:99:c8:2f:45:5f:
         c1:88:1d:db:45:b1:57:6b:88:c5:72:23:1d:34:88:2a:b2:75:
         ff:86:f4:cb:50:c7:27:5c:94:b7:3f:0c:86:b8:f4:b7:90:ea:
         ac:21:5c:82:f3:6d:25:21:10:9a:15:06:11:80:37:79:1b:44:
         04:ab:7c:3c:89:c1:23:b2:b5:59:e5:53:c4:e8:67:88:55:52:
         c6:02:b6:d7:8c:f6:76:18:7f:8f:bd:d4:51:fa:92:9c:29:51:
         ff:06:04:97:db:ed:21:a1:a3:f2:ef:a9:52:fd:1b:05:26:46:
         0e:12:e0:a7:05:64:77:1c:21:86:96:64:44:49:33:dc:26:57:
         76:9d:25:18:e1:f6:ba:94:a6:fb:08:33:5c:21:c7:5b:51:d9:
         57:cd:83:9d:d2:06:d1:ee:93:2f:c1:db:ff:00:1b:67:d0:78:
         53:7e:86:6a:d4:1b:45:e7:9b:1e:c6:53:e4:8f:21:e8:f5:0f:
         7b:35:11:a3:c8:45:ef:83:0a:a2:8b:01:bd:eb:93:b1:e9:c3:
         a1:07:59:36:13:9d:97:61:e4:43:a5:fd:cb:1a:e7:81:de:ae:
         d1:1a:45:68:18:82:4b:a8:c4:8b:36:b3:c0:ce:1c:80:0c:c9:
         e7:d5:03:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jwQ6cqaQB+iR9L/CQGNK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwNTI2MTAwNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTM1OWY3MDExYjkyMmJiMmQwMTc5OTQ3YzIyMWU5Mjk5NDdhZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpK3d1XYHHQzD5OGs/PATo+2aWlr
ed9CLAjH9VUifJNcwqv5PDSLGdyT6SCUpT1Pvdmnsud8hzORbwlsqSCEj5v2y47+
q3oLz9YOc9Rb6d/9c3zRvYig8cZIi7sJ015nhmLz7Kdbha3C0dn4CCPDp2b9rMEq
mSGRt+utqAUDl4KNAl6vzd1SF1XMI10fDXduco86ezQ5a3TL+SMl6ctPIxSamUhU
K+Wb6bUnugMpP7yjKrdBcRz+cb5uAY+VoxoMDADiAUdU2wdFNvx2FIetTpCXxfhJ
f/enRwsiNxh68zA8g4pssMHL3zKwrv0VHS5We5HsK3wR8ApEHgV0x1jXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU1n3ARuSK7LQF5lHwiHpKZR66WMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvbFRXZmNCRzVJcnN0QVhtVWZDSWVrcGxIcnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToBTMA0G
CSqGSIb3DQEBCwUAA4IBAQAMQgdee7zLS+PnCM22mcgvRV/BiB3bRbFXa4jFciMd
NIgqsnX/hvTLUMcnXJS3PwyGuPS3kOqsIVyC820lIRCaFQYRgDd5G0QEq3w8icEj
srVZ5VPE6GeIVVLGArbXjPZ2GH+PvdRR+pKcKVH/BgSX2+0hoaPy76lS/RsFJkYO
EuCnBWR3HCGGlmRESTPcJld2nSUY4fa6lKb7CDNcIcdbUdlXzYOd0gbR7pMvwdv/
ABtn0HhTfoZq1BtF55sexlPkjyHo9Q97NRGjyEXvgwqiiwG965Ox6cOhB1k2E52X
YeRDpf3LGueB3q7RGkVoGIJLqMSLNrPAzhyADMnn1QMu
-----END CERTIFICATE-----