Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4zgty8bIdx44r5co-K1XhymcXBw.roa
File:                     4zgty8bIdx44r5co-K1XhymcXBw.roa (raw, json)
Hash identifier:          CrEvDd9otSqWuLAM8E+MWWhoBxj96zzXLzokWjChrzY=
Subject key identifier:   E3:38:2D:CB:C6:C8:77:1E:38:AF:97:28:F8:AD:57:87:29:9C:5C:1C
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019C9052BBA7F1F6F2C5ACA66B7F0E49E35B
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4zgty8bIdx44r5co-K1XhymcXBw.roa
Signing time:             Tue 24 Feb 2026 15:44:26 +0000
ROA not before:           Tue 24 Feb 2026 15:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        78.108.60.0/22 maxlen: 24
                          78.108.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:90:52:bb:a7:f1:f6:f2:c5:ac:a6:6b:7f:0e:49:e3:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Feb 24 15:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3382dcbc6c8771e38af9728f8ad5787299c5c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5e:ad:36:90:97:1a:eb:2d:1a:39:f6:63:27:
                    91:35:34:1a:cf:d4:ee:6a:df:fb:2a:fe:8b:e4:ae:
                    11:a6:c6:6e:ff:b6:6c:b4:d4:27:c4:5f:ac:ab:87:
                    3f:d6:64:21:8d:90:f6:c8:e3:98:d6:f9:a9:14:b6:
                    39:3f:93:4d:95:a5:ac:06:96:6b:14:80:3a:29:0c:
                    80:ae:38:22:7b:e9:ea:63:e8:2e:24:38:de:5d:98:
                    3b:09:60:df:7a:a8:24:e2:86:2d:be:d2:c3:ef:87:
                    8d:66:05:a2:29:88:c2:f7:10:18:90:d7:7c:26:a3:
                    da:1a:3c:73:e4:88:80:d3:09:17:20:80:72:8d:1c:
                    1a:48:c5:d3:3a:51:c8:4d:40:05:aa:64:b6:f2:a9:
                    b6:5a:99:fd:1e:05:ef:1e:b4:06:a8:1e:70:ee:ef:
                    3f:ab:bb:22:0a:67:ae:19:8b:1f:3d:2f:75:60:d3:
                    d3:30:c7:68:38:1b:ab:54:2d:e2:e8:f5:f1:b5:99:
                    aa:e2:50:90:fd:0f:24:00:a5:e5:e1:7c:35:d1:01:
                    4e:c6:31:7d:92:c4:96:cb:bb:4b:54:ca:34:a3:a0:
                    67:fb:cb:f2:fe:13:00:07:ee:94:73:0a:ae:2a:11:
                    a6:85:91:77:24:9e:db:6c:d3:5c:8e:83:60:74:a2:
                    60:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:38:2D:CB:C6:C8:77:1E:38:AF:97:28:F8:AD:57:87:29:9C:5C:1C
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/4zgty8bIdx44r5co-K1XhymcXBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:d4:6e:07:08:8c:ec:39:16:74:87:01:df:f2:ee:ec:52:de:
         47:f4:3a:27:0b:22:d8:1c:bc:c5:89:97:3c:3b:91:01:8d:cc:
         70:e2:6f:ec:ca:93:20:c8:df:34:be:14:a8:55:1b:46:20:2c:
         a8:1c:e0:88:0b:23:4f:d5:1d:05:e2:29:4e:23:f0:c5:8f:19:
         59:d1:f0:6f:1d:9b:b0:48:bf:9d:db:6c:eb:af:d5:f4:43:94:
         79:00:65:e6:73:0b:76:00:6e:a3:be:f0:45:d3:61:da:47:20:
         f5:52:2f:66:bc:dd:74:25:e1:5c:c6:e9:55:eb:92:47:f0:47:
         9e:9d:32:d0:5f:40:76:fb:3b:bf:60:0b:2b:c0:f3:c6:a7:3d:
         d0:3b:b3:4d:2f:bb:ae:b0:af:61:9b:1b:96:4b:39:6a:b4:05:
         55:eb:2b:6d:9c:a1:f5:4a:14:00:41:3d:3b:54:b5:4d:07:14:
         8d:e4:1d:36:22:2c:70:72:ab:82:a5:dd:a5:90:0d:c3:06:f0:
         0e:ef:2a:f2:d4:a9:04:95:67:a1:de:a1:fb:49:d5:ed:3e:72:
         05:e2:f6:54:dd:30:02:a0:d0:dd:8d:d2:7a:4e:bc:26:bb:fc:
         d3:85:24:6f:99:ce:91:f2:c2:a6:f7:77:a7:d8:5b:ec:cc:06:
         b3:75:8a:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyQUrun8fbyxayma38OSeNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMjI0MTU0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzM4MmRjYmM2Yzg3NzFlMzhhZjk3MjhmOGFkNTc4NzI5OWM1YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtl6tNpCXGustGjn2YyeRNTQaz9Tu
at/7Kv6L5K4RpsZu/7ZstNQnxF+sq4c/1mQhjZD2yOOY1vmpFLY5P5NNlaWsBpZr
FIA6KQyArjgie+nqY+guJDjeXZg7CWDfeqgk4oYtvtLD74eNZgWiKYjC9xAYkNd8
JqPaGjxz5IiA0wkXIIByjRwaSMXTOlHITUAFqmS28qm2Wpn9HgXvHrQGqB5w7u8/
q7siCmeuGYsfPS91YNPTMMdoOBurVC3i6PXxtZmq4lCQ/Q8kAKXl4Xw10QFOxjF9
ksSWy7tLVMo0o6Bn+8vy/hMAB+6UcwquKhGmhZF3JJ7bbNNcjoNgdKJgaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOM4LcvGyHceOK+XKPitV4cpnFwcMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvNHpndHk4YklkeDQ0cjVjby1LMVhoeW1jWEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTmw8MA0G
CSqGSIb3DQEBCwUAA4IBAQAF1G4HCIzsORZ0hwHf8u7sUt5H9DonCyLYHLzFiZc8
O5EBjcxw4m/sypMgyN80vhSoVRtGICyoHOCICyNP1R0F4ilOI/DFjxlZ0fBvHZuw
SL+d22zrr9X0Q5R5AGXmcwt2AG6jvvBF02HaRyD1Ui9mvN10JeFcxulV65JH8Eee
nTLQX0B2+zu/YAsrwPPGpz3QO7NNL7uusK9hmxuWSzlqtAVV6yttnKH1ShQAQT07
VLVNBxSN5B02IixwcquCpd2lkA3DBvAO7yry1KkElWeh3qH7SdXtPnIF4vZU3TAC
oNDdjdJ6Trwmu/zThSRvmc6R8sKm93en2FvszAazdYp0
-----END CERTIFICATE-----