Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/76vjA2IlaboVNhH8pUnwsKx3NRU.roa
File:                     76vjA2IlaboVNhH8pUnwsKx3NRU.roa (raw, json)
Hash identifier:          cNha0ihSmE73G6B3/ZW+DiUSd5SSspIg7GwLsGosYGc=
Subject key identifier:   EF:AB:E3:03:62:25:69:BA:15:36:11:FC:A5:49:F0:B0:AC:77:35:15
Certificate issuer:       /CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
Certificate serial:       019C57EF663B3D8C68E70E1DCC6FC9E00144
Authority key identifier: 4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/76vjA2IlaboVNhH8pUnwsKx3NRU.roa
Signing time:             Fri 13 Feb 2026 16:57:12 +0000
ROA not before:           Fri 13 Feb 2026 16:57:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401838
IP address blocks:        78.24.122.0/24 maxlen: 24
                          78.24.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:ef:66:3b:3d:8c:68:e7:0e:1d:cc:6f:c9:e0:01:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b78caa7741f99b9fbca4f4943c8b79f00bebff8
        Validity
            Not Before: Feb 13 16:57:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=efabe303622569ba153611fca549f0b0ac773515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:87:25:f8:21:3d:53:31:d4:1d:a2:64:a1:b0:
                    a9:b1:47:5f:e4:6a:76:5a:86:c6:b3:8d:64:2b:1d:
                    1b:6f:bd:91:b2:89:5e:0c:8a:d8:a9:e7:6c:39:2b:
                    14:11:40:4d:22:bd:fd:70:af:1c:e7:a9:9d:fb:5b:
                    d3:7c:4a:0c:39:67:78:d9:37:59:90:41:c9:af:23:
                    e8:72:1f:7e:68:8a:48:99:df:75:88:fc:01:19:f5:
                    56:3f:e6:88:4e:a5:a8:c9:65:49:35:6e:cc:eb:cc:
                    a8:a3:8c:c7:cd:59:1e:cf:a1:27:bf:a9:10:b8:91:
                    5d:79:40:99:d7:05:c8:8f:e2:78:81:6b:7a:7e:15:
                    7e:65:6e:71:37:bb:f0:4d:e0:d8:2c:b8:31:4c:af:
                    55:6a:1e:80:da:58:46:38:f0:95:14:94:ff:3f:ca:
                    9f:f0:57:df:35:60:38:95:03:98:10:a8:ec:67:63:
                    7c:fd:d8:1d:e5:4c:2c:ed:b0:3c:27:73:6e:50:b7:
                    59:65:69:52:89:36:f7:a3:55:a2:45:c0:37:39:3f:
                    e2:a7:88:69:ea:b4:c8:db:20:69:df:0c:55:43:8e:
                    99:a2:06:a5:61:fb:05:4d:f2:f7:71:38:31:4b:e3:
                    6e:78:46:1c:50:a9:f1:7b:98:2c:5c:c5:0a:a6:4d:
                    39:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AB:E3:03:62:25:69:BA:15:36:11:FC:A5:49:F0:B0:AC:77:35:15
            X509v3 Authority Key Identifier:
                keyid:4B:78:CA:A7:74:1F:99:B9:FB:CA:4F:49:43:C8:B7:9F:00:BE:BF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/76vjA2IlaboVNhH8pUnwsKx3NRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/3c8854-d3e6-4581-ab33-63ced8762042/1/S3jKp3Qfmbn7yk9JQ8i3nwC-v_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:45:67:0c:ff:36:cd:e3:fb:46:9d:61:d2:f0:2e:19:ab:24:
         a3:27:d1:2e:a2:e8:f9:50:48:3e:31:dc:4f:9e:e0:e1:0a:fe:
         3b:57:d2:d4:6a:ca:a2:a1:0a:cb:63:d1:e3:8f:a0:10:3d:fa:
         84:e7:aa:3f:8f:89:cc:3f:37:a9:f7:cb:47:53:3a:06:ef:82:
         b8:66:e1:9f:16:1c:32:bc:ac:ba:cf:b9:e3:65:e3:10:ae:ad:
         db:f0:bd:88:69:ba:0a:8e:53:eb:2c:72:82:84:a3:7f:26:ba:
         7b:78:5e:e7:4e:04:bf:5b:61:d9:4c:c4:96:e3:40:b7:32:d5:
         55:ee:7b:41:97:6d:12:d3:74:ff:3d:da:6c:89:94:ec:ff:97:
         e5:6e:97:95:95:69:ff:ef:39:d1:4c:c0:ae:24:fc:90:af:01:
         75:b2:ac:6e:f8:03:b2:eb:1c:aa:3e:78:43:4b:aa:6a:af:30:
         2d:79:16:a4:f9:4f:83:8f:23:70:c8:ac:10:4c:56:a5:f0:df:
         f4:de:a3:00:c9:2c:93:19:5b:a4:c5:7a:95:f4:87:3a:aa:1d:
         80:42:45:87:4c:ba:49:15:aa:9e:76:8c:8b:1f:81:5b:28:55:
         c6:fb:91:88:7f:cf:fe:82:79:97:ea:9a:d4:0a:4d:5d:b1:38:
         08:4d:f9:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxX72Y7PYxo5w4dzG/J4AFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzhjYWE3NzQxZjk5YjlmYmNhNGY0OTQzYzhiNzlmMDBi
ZWJmZjgwHhcNMjYwMjEzMTY1NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFiZTMwMzYyMjU2OWJhMTUzNjExZmNhNTQ5ZjBiMGFjNzczNTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4cl+CE9UzHUHaJkobCpsUdf5Gp2
WobGs41kKx0bb72RsoleDIrYqedsOSsUEUBNIr39cK8c56md+1vTfEoMOWd42TdZ
kEHJryPoch9+aIpImd91iPwBGfVWP+aITqWoyWVJNW7M68yoo4zHzVkez6Env6kQ
uJFdeUCZ1wXIj+J4gWt6fhV+ZW5xN7vwTeDYLLgxTK9Vah6A2lhGOPCVFJT/P8qf
8FffNWA4lQOYEKjsZ2N8/dgd5Uws7bA8J3NuULdZZWlSiTb3o1WiRcA3OT/ip4hp
6rTI2yBp3wxVQ46ZogalYfsFTfL3cTgxS+NueEYcUKnxe5gsXMUKpk05hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+r4wNiJWm6FTYR/KVJ8LCsdzUVMB8GA1UdIwQY
MBaAFEt4yqd0H5m5+8pPSUPIt58Avr/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMt
NjNjZWQ4NzYyMDQyLzEvNzZ2akEySWxhYm9WTmhIOHBVbndzS3gzTlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8zYzg4NTQtZDNlNi00NTgxLWFiMzMtNjNjZWQ4NzYyMDQy
LzEvUzNqS3AzUWZtYm43eWs5SlE4aTNud0Mtdl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThh6MA0G
CSqGSIb3DQEBCwUAA4IBAQCORWcM/zbN4/tGnWHS8C4ZqySjJ9Euouj5UEg+MdxP
nuDhCv47V9LUasqioQrLY9Hjj6AQPfqE56o/j4nMPzep98tHUzoG74K4ZuGfFhwy
vKy6z7njZeMQrq3b8L2IaboKjlPrLHKChKN/Jrp7eF7nTgS/W2HZTMSW40C3MtVV
7ntBl20S03T/PdpsiZTs/5flbpeVlWn/7znRTMCuJPyQrwF1sqxu+AOy6xyqPnhD
S6pqrzAteRak+U+DjyNwyKwQTFal8N/03qMAySyTGVukxXqV9Ic6qh2AQkWHTLpJ
FaqedoyLH4FbKFXG+5GIf8/+gnmX6prUCk1dsTgITfl8
-----END CERTIFICATE-----