Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/e7t7F4VQaxreiy-w8EI5ejOm3ho.roa
File:                     e7t7F4VQaxreiy-w8EI5ejOm3ho.roa (raw, json)
Hash identifier:          cslkbrv98MW+Wvkj3jkNmIn6Kst172NdhGed7DiEP4o=
Subject key identifier:   7B:BB:7B:17:85:50:6B:1A:DE:8B:2F:B0:F0:42:39:7A:33:A6:DE:1A
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019EBDDD3849E0374792F3260A62493DB508
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/e7t7F4VQaxreiy-w8EI5ejOm3ho.roa
Signing time:             Fri 12 Jun 2026 22:04:11 +0000
ROA not before:           Fri 12 Jun 2026 22:04:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219450
IP address blocks:        78.135.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bd:dd:38:49:e0:37:47:92:f3:26:0a:62:49:3d:b5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jun 12 22:04:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bbb7b1785506b1ade8b2fb0f042397a33a6de1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:fd:27:51:f1:cb:de:52:1c:60:60:b8:66:64:
                    77:e4:2c:cb:c3:29:6b:90:90:2c:27:f2:df:9c:a4:
                    7a:4d:9e:c2:0a:b7:84:41:7a:96:86:ab:6d:76:18:
                    f6:e1:49:32:7b:e7:88:3e:02:e7:0b:af:de:72:05:
                    c6:1b:e3:69:dd:08:7c:95:5a:47:77:f1:53:b7:81:
                    68:0b:50:c5:b4:7b:8c:50:1d:81:5a:4b:da:f7:98:
                    be:63:f2:4e:26:2c:42:f4:cb:b5:8f:b1:57:cb:95:
                    b8:ee:e8:7d:04:dc:68:22:12:64:26:07:70:8f:be:
                    f9:69:d0:54:e4:e3:64:90:b3:cd:49:c0:c7:52:ad:
                    bf:85:13:39:8a:e6:c4:66:06:94:89:74:25:dc:57:
                    47:a1:a8:ec:0b:fc:6e:15:80:7a:a5:4e:c7:79:61:
                    de:4a:2a:52:e0:99:2d:19:d5:82:1d:49:ca:b0:04:
                    06:ca:6b:a4:bc:1c:65:76:3e:e6:6f:7e:b6:c1:0c:
                    84:f0:41:25:a6:b8:fa:ad:39:fb:4f:10:a7:e9:3e:
                    5c:cf:52:70:f6:01:60:c7:0f:a4:09:0b:42:e6:e8:
                    3c:1f:02:59:2f:32:8e:c1:a1:e9:d0:34:14:e4:bb:
                    2a:f4:5f:5a:d5:e5:e1:e6:43:76:a0:f7:f8:19:1a:
                    4c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:BB:7B:17:85:50:6B:1A:DE:8B:2F:B0:F0:42:39:7A:33:A6:DE:1A
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/e7t7F4VQaxreiy-w8EI5ejOm3ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a1:23:af:6f:2f:a5:e3:78:d8:e3:c7:b5:94:1e:89:57:13:
         4b:74:2d:67:af:c0:26:e9:a5:cd:b8:3f:54:12:f8:3c:db:10:
         02:73:c3:5f:9b:4d:a7:a9:db:96:37:dd:b3:c0:ac:4b:6c:0d:
         e8:83:cc:5b:60:78:52:58:88:ce:5c:b2:35:91:f9:c5:40:9d:
         42:2e:d7:b5:5f:42:c2:a0:d6:06:74:78:21:cf:16:cf:c0:0e:
         66:c9:89:df:3e:1f:1b:e9:74:70:1d:c7:d4:6e:5c:4b:83:36:
         5e:9f:e2:d0:09:df:3e:f6:fc:71:12:f1:13:59:1c:df:32:b0:
         df:b3:16:37:29:d5:24:e2:0c:a1:4f:c3:31:48:e8:16:6a:a8:
         29:97:61:35:e1:d5:52:9b:d5:52:6e:94:ac:40:cf:e5:d8:d1:
         67:58:5a:c2:f5:9a:0f:39:9b:60:17:22:ab:9b:ad:c3:d2:ad:
         04:14:eb:dc:80:86:95:8c:94:9d:df:fe:a4:0d:7d:71:8e:3a:
         ab:f2:f2:23:ce:6f:88:e3:6e:be:40:92:12:e3:de:d3:95:4f:
         cb:1c:1c:ed:29:55:5a:75:6c:53:50:00:04:fe:52:71:bc:d9:
         26:84:bc:31:25:25:fd:d5:0b:ea:c6:a9:96:84:d6:b0:cf:51:
         b2:25:8e:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ693ThJ4DdHkvMmCmJJPbUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwNjEyMjIwNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmJiN2IxNzg1NTA2YjFhZGU4YjJmYjBmMDQyMzk3YTMzYTZkZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1v0nUfHL3lIcYGC4ZmR35CzLwylr
kJAsJ/LfnKR6TZ7CCreEQXqWhqttdhj24Ukye+eIPgLnC6/ecgXGG+Np3Qh8lVpH
d/FTt4FoC1DFtHuMUB2BWkva95i+Y/JOJixC9Mu1j7FXy5W47uh9BNxoIhJkJgdw
j775adBU5ONkkLPNScDHUq2/hRM5iubEZgaUiXQl3FdHoajsC/xuFYB6pU7HeWHe
SipS4JktGdWCHUnKsAQGymukvBxldj7mb362wQyE8EElprj6rTn7TxCn6T5cz1Jw
9gFgxw+kCQtC5ug8HwJZLzKOwaHp0DQU5Lsq9F9a1eXh5kN2oPf4GRpMbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHu7exeFUGsa3osvsPBCOXozpt4aMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvZTd0N0Y0VlFheHJlaXktdzhFSTVlak9tM2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToduMA0G
CSqGSIb3DQEBCwUAA4IBAQCVoSOvby+l43jY48e1lB6JVxNLdC1nr8Am6aXNuD9U
Evg82xACc8Nfm02nqduWN92zwKxLbA3og8xbYHhSWIjOXLI1kfnFQJ1CLte1X0LC
oNYGdHghzxbPwA5myYnfPh8b6XRwHcfUblxLgzZen+LQCd8+9vxxEvETWRzfMrDf
sxY3KdUk4gyhT8MxSOgWaqgpl2E14dVSm9VSbpSsQM/l2NFnWFrC9ZoPOZtgFyKr
m63D0q0EFOvcgIaVjJSd3/6kDX1xjjqr8vIjzm+I426+QJIS497TlU/LHBztKVVa
dWxTUAAE/lJxvNkmhLwxJSX91QvqxqmWhNawz1GyJY5y
-----END CERTIFICATE-----