Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/b2D7vVU4AWvUD_Ad1lqkP8q1DJY.roa
File:                     b2D7vVU4AWvUD_Ad1lqkP8q1DJY.roa (raw, json)
Hash identifier:          nc5y91A1zU+LW1Tb8aDxs1rxMTCVcHcXyy5NeNxfhCQ=
Subject key identifier:   6F:60:FB:BD:55:38:01:6B:D4:0F:F0:1D:D6:5A:A4:3F:CA:B5:0C:96
Certificate issuer:       /CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
Certificate serial:       0198CBB304D277EEDBD4CE388D3E741EC0A4
Authority key identifier: D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/b2D7vVU4AWvUD_Ad1lqkP8q1DJY.roa
Signing time:             Thu 21 Aug 2025 08:16:03 +0000
ROA not before:           Thu 21 Aug 2025 08:16:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        78.153.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 15:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:b3:04:d2:77:ee:db:d4:ce:38:8d:3e:74:1e:c0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
        Validity
            Not Before: Aug 21 08:16:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f60fbbd5538016bd40ff01dd65aa43fcab50c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:28:01:6e:b2:1a:ef:c8:a1:24:a8:9f:c9:18:
                    f1:6a:8f:50:68:02:8f:f6:fc:ca:fb:6e:3d:4f:0f:
                    13:22:75:b1:5a:82:27:bd:f9:d5:6e:eb:81:b0:2f:
                    d2:0f:eb:3a:fd:08:cc:d5:1f:41:dd:8f:69:4c:af:
                    e7:13:1c:da:3a:a8:a8:5b:92:9a:bb:18:a3:54:28:
                    72:dd:24:54:ba:72:ff:e3:20:cd:2d:99:db:63:21:
                    84:2c:e3:ce:6d:d6:35:23:71:cf:19:5a:8f:b3:ee:
                    e4:70:64:29:13:f3:d8:8a:ae:1a:1c:78:b0:51:9d:
                    45:88:c7:b5:bf:49:34:26:d3:69:5f:73:e3:42:84:
                    3d:80:e6:b6:7e:3e:20:0f:97:37:70:69:d4:4e:b5:
                    73:9c:6a:a5:6d:66:37:f3:39:d7:f9:66:7a:58:21:
                    56:cb:2d:6d:89:ed:68:49:97:15:b5:35:d3:82:1f:
                    98:bf:5b:c6:d5:12:69:7b:42:58:9b:9b:ee:ee:48:
                    d1:58:3f:f9:03:5a:65:0e:2f:2f:f7:67:48:78:30:
                    09:2f:cb:41:43:8c:34:ad:59:58:c4:f4:c2:6c:3a:
                    5f:cc:d6:31:c1:4a:df:73:35:45:a1:e2:86:1e:10:
                    54:fc:26:9d:79:7f:54:cc:45:4c:f8:ee:88:91:e4:
                    e7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:60:FB:BD:55:38:01:6B:D4:0F:F0:1D:D6:5A:A4:3F:CA:B5:0C:96
            X509v3 Authority Key Identifier:
                keyid:D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/b2D7vVU4AWvUD_Ad1lqkP8q1DJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         84:0e:80:d2:46:b6:d9:54:9c:0c:37:8f:a1:99:fd:04:e6:fe:
         a4:43:2a:80:88:38:74:2b:be:d0:1a:c1:b8:d7:d1:4a:15:cc:
         62:ab:ff:7f:2b:30:8e:21:38:6e:1b:72:73:56:f7:d1:a1:6f:
         5b:35:09:e4:f7:f2:a8:67:d4:1e:61:8f:7a:d6:73:eb:a7:a6:
         56:73:20:da:b4:ed:88:df:1d:67:99:8b:91:13:74:45:74:57:
         e7:70:a4:ab:04:66:05:d6:9a:22:0b:5d:0e:ae:58:f2:99:f1:
         a1:45:82:f3:d9:8a:34:66:da:0e:bb:12:34:3f:2b:79:bd:82:
         ba:c7:a6:04:c2:ba:02:56:83:81:3d:4a:9c:b9:31:5b:14:63:
         4a:1c:68:cd:c5:c7:12:79:a1:dc:fc:6e:7e:5b:43:e0:16:c2:
         39:7d:fc:4f:df:28:dc:72:b6:3e:03:4b:6b:e7:b1:52:a8:70:
         4d:92:d5:8f:b3:92:d4:c8:b3:a6:6a:9f:95:ea:ea:f8:6e:be:
         23:46:fd:38:43:e8:45:bf:dd:da:ce:29:2d:a0:1d:1f:89:29:
         c2:44:ab:8c:1f:8d:b3:ba:4e:80:f5:50:95:01:04:9e:51:98:
         74:78:fe:3f:a3:4f:c4:db:4f:bd:e7:b6:ba:17:cb:e5:c1:0f:
         5b:ca:da:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLswTSd+7b1M44jT50HsCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzFlYTA2YjFhNzU2Y2JmNDZhZTA0NjQ4NGJiZDNlNGZj
ZTRjYTUwHhcNMjUwODIxMDgxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjYwZmJiZDU1MzgwMTZiZDQwZmYwMWRkNjVhYTQzZmNhYjUwYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSgBbrIa78ihJKifyRjxao9QaAKP
9vzK+249Tw8TInWxWoInvfnVbuuBsC/SD+s6/QjM1R9B3Y9pTK/nExzaOqioW5Ka
uxijVChy3SRUunL/4yDNLZnbYyGELOPObdY1I3HPGVqPs+7kcGQpE/PYiq4aHHiw
UZ1FiMe1v0k0JtNpX3PjQoQ9gOa2fj4gD5c3cGnUTrVznGqlbWY38znX+WZ6WCFW
yy1tie1oSZcVtTXTgh+Yv1vG1RJpe0JYm5vu7kjRWD/5A1plDi8v92dIeDAJL8tB
Q4w0rVlYxPTCbDpfzNYxwUrfczVFoeKGHhBU/CadeX9UzEVM+O6IkeTn5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9g+71VOAFr1A/wHdZapD/KtQyWMB8GA1UdIwQY
MBaAFNJx6gaxp1bL9GrgRkhLvT5PzkylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMt
ZmMzZDVjMjIzMGIyLzEvYjJEN3ZWVTRBV3ZVRF9BZDFscWtQOHExREpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMtZmMzZDVjMjIzMGIy
LzEvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETplgMA0G
CSqGSIb3DQEBCwUAA4IBAQCEDoDSRrbZVJwMN4+hmf0E5v6kQyqAiDh0K77QGsG4
19FKFcxiq/9/KzCOIThuG3JzVvfRoW9bNQnk9/KoZ9QeYY961nPrp6ZWcyDatO2I
3x1nmYuRE3RFdFfncKSrBGYF1poiC10OrljymfGhRYLz2Yo0ZtoOuxI0Pyt5vYK6
x6YEwroCVoOBPUqcuTFbFGNKHGjNxccSeaHc/G5+W0PgFsI5ffxP3yjccrY+A0tr
57FSqHBNktWPs5LUyLOmap+V6ur4br4jRv04Q+hFv93aziktoB0fiSnCRKuMH42z
uk6A9VCVAQSeUZh0eP4/o0/E20+957a6F8vlwQ9bytpc
-----END CERTIFICATE-----