Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/wl3igxk0gZZsX4eVqDzOBfxiW18.roa
File:                     wl3igxk0gZZsX4eVqDzOBfxiW18.roa (raw, json)
Hash identifier:          kcIKRj78ltX0fJLWKcVtg22tGjdbUHijQC4V+Voz8mM=
Subject key identifier:   C2:5D:E2:83:19:34:81:96:6C:5F:87:95:A8:3C:CE:05:FC:62:5B:5F
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019EF36447CA1A7A89CB6FEC1563634E2BFC
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/wl3igxk0gZZsX4eVqDzOBfxiW18.roa
Signing time:             Tue 23 Jun 2026 07:31:35 +0000
ROA not before:           Tue 23 Jun 2026 07:31:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42956
IP address blocks:        78.128.74.0/24 maxlen: 24
                          78.142.3.0/24 maxlen: 24
                          78.142.36.0/24 maxlen: 24
                          78.142.40.0/22 maxlen: 24
                          79.124.2.0/23 maxlen: 24
                          79.124.83.0/24 maxlen: 24
                          79.124.86.0/24 maxlen: 24
                          80.72.81.0/24 maxlen: 24
                          94.72.142.0/24 maxlen: 24
                          94.72.144.0/24 maxlen: 24
                          185.81.121.0/24 maxlen: 24
                          185.81.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f3:64:47:ca:1a:7a:89:cb:6f:ec:15:63:63:4e:2b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jun 23 07:31:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c25de283193481966c5f8795a83cce05fc625b5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:64:9f:2e:e8:b3:22:c6:0e:05:8e:b3:96:cd:
                    6c:0d:72:68:a3:d3:cd:9f:da:34:62:c9:2a:99:42:
                    f1:ff:2c:3b:fb:91:83:16:d9:e7:ea:0e:6a:a7:b9:
                    da:4d:75:a1:40:93:cd:21:c8:ec:82:67:14:58:f4:
                    33:38:06:f0:ae:06:6b:34:c9:9a:1b:ae:ea:34:4e:
                    cd:bf:2d:c9:8e:17:6d:d5:84:00:12:a1:83:00:a2:
                    93:14:74:51:5b:96:fe:80:c3:b2:4a:87:63:d5:75:
                    d5:04:3b:a0:9a:63:42:64:bf:4d:9d:94:e0:c0:b5:
                    71:bc:6d:33:ad:18:c9:dc:29:ce:61:d0:b2:66:a4:
                    1c:29:77:d0:c8:93:36:a5:85:b9:89:27:d7:d3:c3:
                    de:ee:c0:fa:30:9c:2f:50:b4:dc:37:16:a5:c3:39:
                    6a:9c:e0:49:f3:0c:e8:36:d6:ca:fc:9b:71:b9:5a:
                    a1:80:99:aa:55:40:a4:fa:86:c3:7c:7b:d7:fe:b6:
                    0f:41:78:cb:56:2e:1a:87:8a:bf:67:98:ec:91:3d:
                    32:b7:ce:1f:33:0e:41:3e:76:4d:35:fe:3c:63:b8:
                    98:61:00:e8:fc:24:c8:5c:b0:61:5b:e9:16:82:93:
                    25:47:5d:66:f5:83:dd:60:71:ab:35:f6:5d:fa:2b:
                    a8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5D:E2:83:19:34:81:96:6C:5F:87:95:A8:3C:CE:05:FC:62:5B:5F
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/wl3igxk0gZZsX4eVqDzOBfxiW18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.74.0/24
                  78.142.3.0/24
                  78.142.36.0/24
                  78.142.40.0/22
                  79.124.2.0/23
                  79.124.83.0/24
                  79.124.86.0/24
                  80.72.81.0/24
                  94.72.142.0/24
                  94.72.144.0/24
                  185.81.121.0-185.81.122.255

    Signature Algorithm: sha256WithRSAEncryption
         54:d1:19:69:7c:9e:29:30:ac:ec:2d:1e:22:ba:41:a5:cc:f1:
         32:01:3b:c3:7b:db:17:74:cc:c3:01:9e:50:e3:83:b7:51:0d:
         08:fd:b6:b8:50:54:b1:96:e5:86:b3:d2:05:f1:d9:db:84:94:
         f1:1c:bd:1f:c2:1a:ee:de:66:88:cb:e0:83:7b:d4:88:68:a6:
         92:3e:66:db:cc:e0:00:8b:9b:30:7d:09:10:83:f7:99:14:95:
         8c:33:f1:35:e7:69:14:43:de:87:e4:64:c7:e6:a6:a8:19:02:
         0e:a8:75:de:d7:e6:4b:f5:55:01:30:8f:a9:33:ee:cb:a1:62:
         84:e5:e0:56:bf:41:26:e9:b3:fc:df:42:d5:f0:9f:46:cd:e2:
         38:a3:61:7c:a2:88:1a:d5:25:19:86:7d:76:14:46:1a:f9:12:
         b2:b1:ca:7c:a4:c7:b1:d4:d7:c9:d5:b1:53:68:1e:a6:f0:05:
         91:0f:95:e6:29:f0:03:0d:15:51:bc:3f:ea:36:eb:4f:c9:2e:
         8d:7c:65:56:04:36:c6:24:27:50:13:92:bd:cd:a7:59:35:9f:
         7f:5a:24:f2:e0:c6:d1:f0:ec:82:63:00:b9:36:18:5d:3e:03:
         1f:62:9c:32:e4:ef:5f:a1:6b:7c:45:6c:f6:d6:62:ab:b7:66:
         da:8c:f6:01
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZ7zZEfKGnqJy2/sFWNjTiv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwNjIzMDczMTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVkZTI4MzE5MzQ4MTk2NmM1Zjg3OTVhODNjY2UwNWZjNjI1YjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2SfLuizIsYOBY6zls1sDXJoo9PN
n9o0YskqmULx/yw7+5GDFtnn6g5qp7naTXWhQJPNIcjsgmcUWPQzOAbwrgZrNMma
G67qNE7Nvy3Jjhdt1YQAEqGDAKKTFHRRW5b+gMOySodj1XXVBDugmmNCZL9NnZTg
wLVxvG0zrRjJ3CnOYdCyZqQcKXfQyJM2pYW5iSfX08Pe7sD6MJwvULTcNxalwzlq
nOBJ8wzoNtbK/JtxuVqhgJmqVUCk+obDfHvX/rYPQXjLVi4ah4q/Z5jskT0yt84f
Mw5BPnZNNf48Y7iYYQDo/CTIXLBhW+kWgpMlR11m9YPdYHGrNfZd+iuozQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFMJd4oMZNIGWbF+Hlag8zgX8YltfMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvd2wzaWd4azBnWlpzWDRlVnFEek9CZnhpVzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAToBKAwQA
To4DAwQATo4kAwQCTo4oAwQBT3wCAwQAT3xTAwQAT3xWAwQAUEhRAwQAXkiOAwQA
XkiQMAwDBAC5UXkDBAC5UXowDQYJKoZIhvcNAQELBQADggEBAFTRGWl8nikwrOwt
HiK6QaXM8TIBO8N72xd0zMMBnlDjg7dRDQj9trhQVLGW5Yaz0gXx2duElPEcvR/C
Gu7eZojL4IN71IhoppI+ZtvM4ACLmzB9CRCD95kUlYwz8TXnaRRD3ofkZMfmpqgZ
Ag6odd7X5kv1VQEwj6kz7suhYoTl4Fa/QSbps/zfQtXwn0bN4jijYXyiiBrVJRmG
fXYURhr5ErKxynykx7HU18nVsVNoHqbwBZEPleYp8AMNFVG8P+o260/JLo18ZVYE
NsYkJ1ATkr3Np1k1n39aJPLgxtHw7IJjALk2GF0+Ax9inDLk71+ha3xFbPbWYqu3
ZtqM9gE=
-----END CERTIFICATE-----
Generated at Fri Jul 3 16:51:39 2026 by rpki-client