Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b779bkxGp-7vQ2ycXL3YjH0mKL4.roa
File:                     b779bkxGp-7vQ2ycXL3YjH0mKL4.roa (raw, json)
Hash identifier:          rCUgJbxJeXIuTnijM/1wJgBvKCd+ZG3rCMMeV05NpNc=
Subject key identifier:   6F:BE:FD:6E:4C:46:A7:EE:EF:43:6C:9C:5C:BD:D8:8C:7D:26:28:BE
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D7072BB8E1521BCD1A979926428D18F69
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b779bkxGp-7vQ2ycXL3YjH0mKL4.roa
Signing time:             Thu 09 Apr 2026 04:14:20 +0000
ROA not before:           Thu 09 Apr 2026 04:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211955
IP address blocks:        78.17.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:70:72:bb:8e:15:21:bc:d1:a9:79:92:64:28:d1:8f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  9 04:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fbefd6e4c46a7eeef436c9c5cbdd88c7d2628be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:46:3a:06:b4:6b:3d:39:9a:f1:a6:90:84:21:
                    de:a7:c7:92:53:df:93:0c:02:19:c6:46:a4:d6:34:
                    1a:97:6f:d4:94:a2:bb:a4:49:56:29:58:1e:16:10:
                    76:af:6d:a0:ab:cb:e1:3e:62:cd:0c:3f:e8:87:ca:
                    69:b6:89:30:66:17:6c:da:f7:1b:ae:8c:d2:11:d0:
                    3c:b5:4d:bb:78:0d:9d:f7:b6:98:c6:72:e5:10:11:
                    d0:4b:d8:5a:ae:22:0b:df:67:24:26:ee:ec:e4:e2:
                    39:c0:7f:1f:d9:6d:cb:57:8b:d4:7a:e2:ce:77:23:
                    be:7b:d2:85:c9:74:91:05:d4:e3:ae:a2:ff:46:77:
                    ea:e7:64:a2:69:8b:6d:62:22:ca:27:be:e0:8f:f5:
                    b4:02:3b:df:5c:00:1a:ac:94:86:66:00:78:c4:c7:
                    21:93:6e:17:7a:5f:7a:02:aa:18:54:46:4f:13:e6:
                    c8:19:98:a7:b3:b1:eb:cd:e5:5b:4e:00:a3:c0:3b:
                    c6:79:e0:41:7b:38:13:7e:f5:2c:5e:04:7f:64:c3:
                    bc:3e:76:74:bb:26:a2:59:f8:bd:d3:13:92:28:3d:
                    fd:a8:22:63:da:0f:f5:ad:b8:fc:9f:6e:a6:23:70:
                    83:37:30:87:79:1c:dc:1c:00:90:d7:64:c8:54:6e:
                    fb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BE:FD:6E:4C:46:A7:EE:EF:43:6C:9C:5C:BD:D8:8C:7D:26:28:BE
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/b779bkxGp-7vQ2ycXL3YjH0mKL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a1:39:5c:48:2a:5a:ff:9b:6c:f5:29:98:3c:a5:d5:e3:85:
         23:e8:7a:61:69:5e:f2:c8:8f:3b:58:de:23:ab:4c:09:f6:50:
         69:1d:ed:ae:0f:7c:f2:57:0c:a6:f4:06:56:00:20:c7:2b:99:
         4c:a2:51:46:db:f6:95:5a:0b:ce:c8:9a:29:aa:5f:45:87:f8:
         9f:18:20:51:1f:b6:5c:77:5b:0e:58:1d:7d:23:15:d3:6b:9e:
         e6:4b:ba:29:d4:e3:aa:d8:12:59:11:1a:f0:5a:b2:ef:7b:e7:
         08:c8:a3:3b:bb:bc:3a:0b:e0:89:d0:bb:52:41:1c:ce:ba:b6:
         12:37:51:9f:6b:1f:72:b8:db:85:76:b7:ba:33:d2:08:e0:1a:
         1a:5b:c8:f9:7d:45:cc:56:59:71:d4:8e:03:7c:6b:0b:2e:0f:
         ab:4d:d4:ba:89:b0:00:8c:45:fc:30:e3:7b:d2:3a:dc:d7:80:
         e6:21:21:37:00:80:ef:c7:30:1f:68:59:78:b5:56:cf:4a:05:
         44:ca:d7:0c:86:99:64:b8:1d:e6:81:6e:3f:fe:8e:bb:38:ed:
         ea:6a:cb:86:bf:ec:be:9b:d6:f2:9a:95:42:ed:ee:d1:11:bf:
         39:98:7f:dd:82:e7:a7:66:3a:54:ef:9c:f4:b2:a4:9c:b9:b2:
         61:13:29:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1wcruOFSG80al5kmQo0Y9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA5MDQxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJlZmQ2ZTRjNDZhN2VlZWY0MzZjOWM1Y2JkZDg4YzdkMjYyOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UY6BrRrPTma8aaQhCHep8eSU9+T
DAIZxkak1jQal2/UlKK7pElWKVgeFhB2r22gq8vhPmLNDD/oh8pptokwZhds2vcb
rozSEdA8tU27eA2d97aYxnLlEBHQS9hariIL32ckJu7s5OI5wH8f2W3LV4vUeuLO
dyO+e9KFyXSRBdTjrqL/Rnfq52SiaYttYiLKJ77gj/W0AjvfXAAarJSGZgB4xMch
k24Xel96AqoYVEZPE+bIGZins7HrzeVbTgCjwDvGeeBBezgTfvUsXgR/ZMO8PnZ0
uyaiWfi90xOSKD39qCJj2g/1rbj8n26mI3CDNzCHeRzcHACQ12TIVG77KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG++/W5MRqfu70NsnFy92Ix9Jii+MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvYjc3OWJreEdwLTd2UTJ5Y1hMM1lqSDBtS0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThEgMA0G
CSqGSIb3DQEBCwUAA4IBAQBsoTlcSCpa/5ts9SmYPKXV44Uj6HphaV7yyI87WN4j
q0wJ9lBpHe2uD3zyVwym9AZWACDHK5lMolFG2/aVWgvOyJopql9Fh/ifGCBRH7Zc
d1sOWB19IxXTa57mS7op1OOq2BJZERrwWrLve+cIyKM7u7w6C+CJ0LtSQRzOurYS
N1Gfax9yuNuFdre6M9II4BoaW8j5fUXMVllx1I4DfGsLLg+rTdS6ibAAjEX8MON7
0jrc14DmISE3AIDvxzAfaFl4tVbPSgVEytcMhplkuB3mgW4//o67OO3qasuGv+y+
m9bympVC7e7REb85mH/dguenZjpU75z0sqScubJhEykk
-----END CERTIFICATE-----