Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Eu-KZq9C9BmQ3uSUult88flrB6s.roa
File:                     Eu-KZq9C9BmQ3uSUult88flrB6s.roa (raw, json)
Hash identifier:          IuGX7ogBDC5ZPUq6pgGBVm+zkNaz3+u9htALh55tqqo=
Subject key identifier:   12:EF:8A:66:AF:42:F4:19:90:DE:E4:94:BA:5B:7C:F1:F9:6B:07:AB
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D6266A0FAE60DB01A736020C4A7A38A25
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Eu-KZq9C9BmQ3uSUult88flrB6s.roa
Signing time:             Mon 06 Apr 2026 10:46:26 +0000
ROA not before:           Mon 06 Apr 2026 10:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        78.17.23.0/24 maxlen: 24
                          78.17.25.0/24 maxlen: 24
                          78.17.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:66:a0:fa:e6:0d:b0:1a:73:60:20:c4:a7:a3:8a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  6 10:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12ef8a66af42f41990dee494ba5b7cf1f96b07ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:10:b0:c3:f0:eb:83:67:cc:8c:47:c2:72:31:
                    d4:15:75:8a:17:c4:42:0d:8f:72:eb:8a:0a:c0:c4:
                    1e:52:84:4b:6b:fc:8c:de:7a:ff:dd:c1:fe:49:cb:
                    f0:2c:e9:6d:02:4c:bd:9b:92:10:c1:9f:dc:db:40:
                    9f:0d:b7:9c:64:da:86:09:94:b8:9b:7b:6c:b2:08:
                    85:30:57:e8:e1:00:dd:32:c3:c8:eb:dd:71:06:ae:
                    0d:6c:30:c2:79:ba:51:bb:2e:b0:74:ed:76:39:2c:
                    f2:29:96:e6:ee:26:8d:fc:49:6f:0b:14:ae:a0:b6:
                    b4:21:bd:00:68:65:7f:45:1d:e6:68:a1:3c:be:4b:
                    bb:d5:fe:fe:9e:6f:bf:05:ba:c2:eb:96:f0:2e:95:
                    0e:33:37:37:3a:fb:3c:33:e7:7f:af:72:07:14:31:
                    69:4b:a8:80:06:38:f8:71:0e:89:ac:8d:6e:d2:2c:
                    1d:c6:2d:8a:11:82:0b:76:f8:af:13:a7:c5:34:7a:
                    1e:05:5f:e1:6a:30:fe:06:25:3a:07:4a:07:eb:2f:
                    be:fb:ee:b9:32:27:6f:ce:e3:9c:86:66:f9:bc:ff:
                    d4:4d:4c:ea:93:d0:c8:4d:c6:a4:c6:b5:9e:04:9a:
                    b6:a8:2c:e8:8d:93:c2:99:ed:2d:a2:b6:73:99:75:
                    61:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:EF:8A:66:AF:42:F4:19:90:DE:E4:94:BA:5B:7C:F1:F9:6B:07:AB
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Eu-KZq9C9BmQ3uSUult88flrB6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.23.0/24
                  78.17.25.0-78.17.26.255

    Signature Algorithm: sha256WithRSAEncryption
         61:89:22:21:8d:09:72:c0:f6:d6:bc:78:ed:e3:25:23:3f:2e:
         5a:8e:8f:d7:72:98:1e:f2:a4:46:1a:a4:6e:61:28:17:62:5c:
         06:23:87:b6:5d:67:44:2d:53:4c:df:84:22:b6:77:65:86:77:
         b2:12:5d:4f:91:9d:88:fb:be:af:b7:73:7e:79:25:70:79:47:
         c0:83:5c:e0:9f:80:7d:25:8e:47:74:77:fa:a7:37:03:52:be:
         fc:9b:84:3c:84:72:17:5f:da:2d:80:7c:ed:fb:9c:73:db:42:
         3b:38:88:f0:3a:f8:f2:55:57:b7:70:07:8c:c3:36:dd:18:29:
         d0:03:b2:a6:92:9b:6d:90:34:0f:99:bb:e1:cd:00:73:2c:14:
         b9:58:f3:77:30:17:9f:74:ef:fa:88:7d:cc:fe:49:b9:a6:12:
         29:e7:f3:d4:f9:7e:1a:9a:1c:18:3c:94:dd:68:e6:7b:73:95:
         0b:6a:1e:cd:6b:3f:72:d8:1f:82:f7:fd:13:04:60:55:f8:aa:
         89:88:88:0b:03:e6:91:84:57:15:0e:08:28:35:f1:88:8f:01:
         c9:e0:ca:d7:b0:bc:af:97:8e:2d:7d:17:7c:39:3b:18:fa:e6:
         98:94:e4:65:45:2e:73:b3:47:f2:84:6f:2c:8a:27:17:8c:52:
         4e:11:e7:6e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ1iZqD65g2wGnNgIMSno4olMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA2MTA0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmVmOGE2NmFmNDJmNDE5OTBkZWU0OTRiYTViN2NmMWY5NmIwN2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hCww/Drg2fMjEfCcjHUFXWKF8RC
DY9y64oKwMQeUoRLa/yM3nr/3cH+ScvwLOltAky9m5IQwZ/c20CfDbecZNqGCZS4
m3tssgiFMFfo4QDdMsPI691xBq4NbDDCebpRuy6wdO12OSzyKZbm7iaN/ElvCxSu
oLa0Ib0AaGV/RR3maKE8vku71f7+nm+/BbrC65bwLpUOMzc3Ovs8M+d/r3IHFDFp
S6iABjj4cQ6JrI1u0iwdxi2KEYILdvivE6fFNHoeBV/hajD+BiU6B0oH6y++++65
MidvzuOchmb5vP/UTUzqk9DITcakxrWeBJq2qCzojZPCme0torZzmXVh/QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBLvimavQvQZkN7klLpbfPH5awerMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRXUtS1pxOUM5Qm1RM3VTVXVsdDg4ZmxyQjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAThEXMAwD
BABOERkDBABOERowDQYJKoZIhvcNAQELBQADggEBAGGJIiGNCXLA9ta8eO3jJSM/
LlqOj9dymB7ypEYapG5hKBdiXAYjh7ZdZ0QtU0zfhCK2d2WGd7ISXU+RnYj7vq+3
c355JXB5R8CDXOCfgH0ljkd0d/qnNwNSvvybhDyEchdf2i2AfO37nHPbQjs4iPA6
+PJVV7dwB4zDNt0YKdADsqaSm22QNA+Zu+HNAHMsFLlY83cwF5907/qIfcz+Sbmm
Einn89T5fhqaHBg8lN1o5ntzlQtqHs1rP3LYH4L3/RMEYFX4qomIiAsD5pGEVxUO
CCg18YiPAcngytewvK+Xji19F3w5Oxj65piU5GVFLnOzR/KEbyyKJxeMUk4R524=
-----END CERTIFICATE-----