Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/zFGwrZFcw3Qbg9V2GayrkmOLEPc.roa
File:                     zFGwrZFcw3Qbg9V2GayrkmOLEPc.roa (raw, json)
Hash identifier:          uktGuPpVNZz9bFHcU4nxijxVFnlsQley86mmuQ/YBBc=
Subject key identifier:   CC:51:B0:AD:91:5C:C3:74:1B:83:D5:76:19:AC:AB:92:63:8B:10:F7
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019CD1B16BDAD558454396AA2DB67C78C916
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/zFGwrZFcw3Qbg9V2GayrkmOLEPc.roa
Signing time:             Mon 09 Mar 2026 08:23:11 +0000
ROA not before:           Mon 09 Mar 2026 08:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205343
IP address blocks:        78.142.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Mar 2026 06:19:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d1:b1:6b:da:d5:58:45:43:96:aa:2d:b6:7c:78:c9:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Mar  9 08:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc51b0ad915cc3741b83d57619acab92638b10f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b4:62:15:53:ae:df:c2:0d:41:d0:fc:bb:e6:
                    30:df:39:db:d2:aa:6d:ca:83:23:dc:65:ae:5f:01:
                    e8:d1:c8:76:95:4c:35:3a:c3:03:47:87:e0:a7:2d:
                    dc:e5:42:dd:a4:a4:25:14:c7:bb:09:3f:35:1e:4a:
                    7c:1a:56:1a:8e:8b:96:78:f8:90:6a:90:e7:b4:fb:
                    27:e4:29:f2:25:3f:d5:59:5f:c9:ca:42:c7:28:b4:
                    c3:02:e9:f6:78:ae:f0:10:c0:e8:82:6e:dd:d1:a8:
                    29:6f:b7:da:42:17:ae:dc:b7:4f:ca:81:b8:91:9a:
                    0c:c6:0d:d9:cb:68:51:b8:3c:0c:3f:19:1c:9e:57:
                    46:d6:c5:41:7e:37:f8:1b:55:d8:70:2b:f4:f6:4e:
                    14:62:71:ed:79:f3:d0:44:35:dd:12:38:b1:76:37:
                    46:47:4d:89:98:32:35:14:32:1c:ff:85:3a:e9:d4:
                    b0:8b:9d:f3:fe:a5:61:b5:61:8b:b5:39:15:1b:43:
                    a4:a9:7a:6b:11:c0:36:d7:af:dc:ee:81:e1:3d:9d:
                    1b:87:12:e7:a1:fe:09:da:8e:fc:dc:1e:01:aa:37:
                    15:b0:c0:9c:6a:b6:e0:5f:7b:99:ad:04:55:4c:45:
                    9a:a2:34:b0:cd:21:9f:c1:63:6c:61:00:cb:0f:0b:
                    81:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:51:B0:AD:91:5C:C3:74:1B:83:D5:76:19:AC:AB:92:63:8B:10:F7
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/zFGwrZFcw3Qbg9V2GayrkmOLEPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:3f:17:c2:50:2c:a2:5a:1d:10:3d:a1:00:65:11:2d:54:8b:
         01:98:b5:db:c0:92:31:fa:bb:9d:f5:0a:33:17:ee:74:1f:ab:
         81:48:33:eb:cd:dd:9d:4f:b1:14:ce:24:9b:c2:0a:b0:f6:f7:
         30:54:03:69:b0:71:4d:4e:6a:a5:c4:b5:20:ca:b6:c3:dc:63:
         c9:e6:cb:75:9d:db:73:b0:da:ee:db:80:e6:15:e2:8c:e4:b3:
         85:87:18:7b:49:ac:77:da:9b:fe:e3:25:76:d4:60:f9:ad:04:
         07:46:ee:e0:be:f5:3b:2a:aa:f3:8b:da:73:47:a5:20:7b:61:
         b1:4d:11:6f:fc:e8:21:38:f9:41:bd:ae:e2:2e:09:c2:fb:52:
         f6:19:f7:8f:84:f2:10:54:55:f4:85:aa:3a:85:92:97:ba:01:
         94:55:5e:dc:af:a9:f9:3b:40:68:1d:c2:64:56:23:a4:99:2c:
         2f:56:60:49:af:60:6a:af:d3:2f:c8:8d:14:e1:d7:8c:0c:d1:
         c7:6d:0d:df:ae:d0:ee:a7:ae:6f:9f:b8:08:79:d5:21:05:a1:
         df:55:7f:16:b4:80:f2:5c:ea:af:0b:58:c2:86:51:84:57:98:
         d0:7d:ae:9e:9e:0b:7d:c1:78:a0:f3:7d:e8:3f:ce:1b:fe:aa:
         aa:ed:ad:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzRsWva1VhFQ5aqLbZ8eMkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMzA5MDgyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzUxYjBhZDkxNWNjMzc0MWI4M2Q1NzYxOWFjYWI5MjYzOGIxMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLRiFVOu38INQdD8u+Yw3znb0qpt
yoMj3GWuXwHo0ch2lUw1OsMDR4fgpy3c5ULdpKQlFMe7CT81Hkp8GlYajouWePiQ
apDntPsn5CnyJT/VWV/JykLHKLTDAun2eK7wEMDogm7d0agpb7faQheu3LdPyoG4
kZoMxg3Zy2hRuDwMPxkcnldG1sVBfjf4G1XYcCv09k4UYnHtefPQRDXdEjixdjdG
R02JmDI1FDIc/4U66dSwi53z/qVhtWGLtTkVG0OkqXprEcA216/c7oHhPZ0bhxLn
of4J2o783B4BqjcVsMCcarbgX3uZrQRVTEWaojSwzSGfwWNsYQDLDwuBqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxRsK2RXMN0G4PVdhmsq5JjixD3MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvekZHd3JaRmN3M1FiZzlWMkdheXJrbU9MRVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTo4MMA0G
CSqGSIb3DQEBCwUAA4IBAQCRPxfCUCyiWh0QPaEAZREtVIsBmLXbwJIx+rud9Qoz
F+50H6uBSDPrzd2dT7EUziSbwgqw9vcwVANpsHFNTmqlxLUgyrbD3GPJ5st1ndtz
sNru24DmFeKM5LOFhxh7Sax32pv+4yV21GD5rQQHRu7gvvU7Kqrzi9pzR6Uge2Gx
TRFv/OghOPlBva7iLgnC+1L2GfePhPIQVFX0hao6hZKXugGUVV7cr6n5O0BoHcJk
ViOkmSwvVmBJr2Bqr9MvyI0U4deMDNHHbQ3frtDup65vn7gIedUhBaHfVX8WtIDy
XOqvC1jChlGEV5jQfa6engt9wXig833oP84b/qqq7a2e
-----END CERTIFICATE-----