Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydmpWsrP05Y6g3f5GiwamawVzFc.roa
File:                     ydmpWsrP05Y6g3f5GiwamawVzFc.roa (raw, json)
Hash identifier:          V69XCc8X6mFRk48pLC34ePtzfyFI0QSQvjVo7BQyKiY=
Subject key identifier:   C9:D9:A9:5A:CA:CF:D3:96:3A:83:77:F9:1A:2C:1A:99:AC:15:CC:57
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019CB8A76BA4E00F7019AE74912BF5588E7C
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydmpWsrP05Y6g3f5GiwamawVzFc.roa
Signing time:             Wed 04 Mar 2026 11:41:45 +0000
ROA not before:           Wed 04 Mar 2026 11:41:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        78.128.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:a7:6b:a4:e0:0f:70:19:ae:74:91:2b:f5:58:8e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Mar  4 11:41:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9d9a95acacfd3963a8377f91a2c1a99ac15cc57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:b5:88:01:78:0e:a6:21:4e:6a:17:f8:6d:
                    3b:1d:ac:a3:86:9b:33:f3:3a:a0:ef:cd:05:59:fa:
                    e5:a3:5b:dc:54:ca:0e:cf:1b:a5:6b:78:31:51:79:
                    ea:23:e6:5d:bc:af:de:10:e2:fd:33:07:06:c5:78:
                    28:46:dd:9d:00:af:0c:1f:b6:5b:92:10:23:7f:4c:
                    c7:25:fa:53:b6:4f:41:b6:14:a9:4d:8d:2f:55:5e:
                    b7:5c:bc:af:bc:65:af:6b:27:a7:8e:ed:ab:6d:01:
                    fb:f8:8c:49:2d:c4:57:0d:cc:d6:3b:d4:55:b1:64:
                    e4:f8:95:e6:cd:b9:c1:8d:b7:a9:65:30:79:69:9e:
                    be:06:c0:e7:e9:67:b8:79:c2:82:3a:54:75:e7:91:
                    e7:54:f1:ce:4b:d2:1c:16:e0:63:df:1b:28:d4:4c:
                    2c:25:10:13:69:40:71:2e:5a:b4:d3:4e:e2:0f:56:
                    f6:26:37:8f:df:98:0f:e2:05:d4:f6:e1:16:ce:c5:
                    74:2a:8d:14:70:c9:b8:5a:78:f6:b5:0c:b2:4d:01:
                    f0:3a:07:aa:90:42:86:83:d9:8f:90:e0:37:c3:45:
                    49:9b:59:55:49:0d:e2:3e:1d:64:c5:90:2c:8e:92:
                    24:33:fb:d7:fc:01:91:a5:e4:85:54:c1:7d:0f:5d:
                    2f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D9:A9:5A:CA:CF:D3:96:3A:83:77:F9:1A:2C:1A:99:AC:15:CC:57
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ydmpWsrP05Y6g3f5GiwamawVzFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:71:0e:c7:05:c7:48:ee:1e:fc:24:40:35:75:2d:38:2a:3e:
         20:67:49:f9:b3:3e:c5:59:2f:22:5f:5c:c3:74:c1:c7:c0:40:
         7a:11:1a:f6:3a:b3:2e:e4:b1:80:26:0c:b2:74:3f:5b:e2:28:
         e4:0e:b4:db:3d:82:b4:6d:e8:12:08:e3:dd:83:f3:b3:e1:59:
         56:38:fe:c2:87:8f:91:02:41:60:60:62:db:08:b0:94:8d:f1:
         e3:e9:8e:98:9a:3f:0f:ab:0f:35:e2:c5:2d:91:5f:74:77:ae:
         bb:ce:77:87:1f:a3:6e:25:17:bf:20:5b:93:63:af:91:d6:21:
         c0:93:f6:24:67:ed:59:ee:77:b2:c9:37:da:8b:62:8d:fc:63:
         0d:9d:0f:ea:c4:d9:f6:5c:8d:fa:45:2e:c9:7b:a9:e1:ad:c0:
         15:0d:6d:52:48:5d:31:89:91:0a:07:48:b1:70:9b:aa:8b:99:
         72:43:d2:ac:4f:b6:10:3c:3e:3c:c0:1e:38:e9:c7:b8:f1:4d:
         5b:41:34:d3:06:3d:8d:8a:06:a5:40:dc:11:20:0c:f5:36:72:
         d8:38:75:b3:29:72:15:e4:e4:9a:41:1c:19:0f:1d:da:9b:76:
         96:c1:c3:e9:7b:5f:86:d9:ea:ac:67:a9:18:5f:c7:fd:7f:bc:
         b6:c6:35:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4p2uk4A9wGa50kSv1WI58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMzA0MTE0MTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ5YTk1YWNhY2ZkMzk2M2E4Mzc3ZjkxYTJjMWE5OWFjMTVjYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/m1iAF4DqYhTmoX+G07Hayjhpsz
8zqg780FWfrlo1vcVMoOzxula3gxUXnqI+ZdvK/eEOL9MwcGxXgoRt2dAK8MH7Zb
khAjf0zHJfpTtk9BthSpTY0vVV63XLyvvGWvayenju2rbQH7+IxJLcRXDczWO9RV
sWTk+JXmzbnBjbepZTB5aZ6+BsDn6We4ecKCOlR155HnVPHOS9IcFuBj3xso1Ews
JRATaUBxLlq0007iD1b2JjeP35gP4gXU9uEWzsV0Ko0UcMm4Wnj2tQyyTQHwOgeq
kEKGg9mPkOA3w0VJm1lVSQ3iPh1kxZAsjpIkM/vX/AGRpeSFVMF9D10vSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnZqVrKz9OWOoN3+RosGpmsFcxXMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEveWRtcFdzclAwNVk2ZzNmNUdpd2FtYXdWekZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToB6MA0G
CSqGSIb3DQEBCwUAA4IBAQAVcQ7HBcdI7h78JEA1dS04Kj4gZ0n5sz7FWS8iX1zD
dMHHwEB6ERr2OrMu5LGAJgyydD9b4ijkDrTbPYK0begSCOPdg/Oz4VlWOP7Ch4+R
AkFgYGLbCLCUjfHj6Y6Ymj8Pqw814sUtkV90d667zneHH6NuJRe/IFuTY6+R1iHA
k/YkZ+1Z7neyyTfai2KN/GMNnQ/qxNn2XI36RS7Je6nhrcAVDW1SSF0xiZEKB0ix
cJuqi5lyQ9KsT7YQPD48wB446ce48U1bQTTTBj2NigalQNwRIAz1NnLYOHWzKXIV
5OSaQRwZDx3am3aWwcPpe1+G2eqsZ6kYX8f9f7y2xjUD
-----END CERTIFICATE-----