Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/xAPk2wU0UXF9NZICJMvGDDyGQ6I.roa
File:                     xAPk2wU0UXF9NZICJMvGDDyGQ6I.roa (raw, json)
Hash identifier:          TA3H+2LadaNXfkohOx3ju1GF9mCySPxfGyrBLptIYSI=
Subject key identifier:   C4:03:E4:DB:05:34:51:71:7D:35:92:02:24:CB:C6:0C:3C:86:43:A2
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019C683F1E926EE1754DEE624AC2206E04FB
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/xAPk2wU0UXF9NZICJMvGDDyGQ6I.roa
Signing time:             Mon 16 Feb 2026 20:58:12 +0000
ROA not before:           Mon 16 Feb 2026 20:58:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        78.108.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:68:3f:1e:92:6e:e1:75:4d:ee:62:4a:c2:20:6e:04:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Feb 16 20:58:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c403e4db053451717d35920224cbc60c3c8643a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3e:93:1b:24:33:ad:e8:97:f3:8f:9e:01:3c:
                    d1:cf:e9:ce:98:88:54:d5:47:ef:45:90:57:73:45:
                    58:3e:a7:3e:82:ba:f9:bc:37:a7:50:48:9c:17:34:
                    b4:76:ab:c8:92:12:37:bd:be:89:91:94:eb:1b:8d:
                    71:0c:9b:33:de:19:99:cd:82:7b:62:04:4f:78:c1:
                    c6:96:02:01:33:bb:bf:42:26:ae:a3:2e:42:12:92:
                    43:10:1f:ab:6c:c2:cb:79:02:3d:29:3a:42:fd:ca:
                    8a:b5:8f:07:32:df:58:48:06:c5:25:0a:70:cb:0d:
                    c2:0c:4d:47:54:66:64:b9:24:84:d1:70:9c:da:43:
                    a2:5b:c8:e7:14:c6:41:52:74:6e:8e:5c:19:b4:f7:
                    24:2c:f4:9c:d5:77:99:7a:24:fc:2b:b7:a0:da:9f:
                    d2:0e:1d:c8:8e:3b:6e:39:06:67:fd:a7:72:9a:10:
                    b2:f5:32:dd:1d:df:ef:45:19:f6:58:f5:0e:d9:29:
                    b7:8e:02:f1:45:3c:05:4a:e3:0c:0a:09:48:90:6a:
                    ef:2d:4f:5e:e6:c8:fd:03:a1:4c:88:26:c0:b9:16:
                    96:0d:83:c0:a9:c1:19:97:61:9b:b3:60:56:41:fe:
                    38:41:13:c4:9b:c0:42:ff:e4:d7:2a:59:fc:9c:64:
                    62:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:03:E4:DB:05:34:51:71:7D:35:92:02:24:CB:C6:0C:3C:86:43:A2
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/xAPk2wU0UXF9NZICJMvGDDyGQ6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:b3:63:9a:02:00:87:84:e4:7d:54:23:f7:91:26:26:4e:1f:
         70:80:6d:f3:d0:39:1c:4a:ce:40:b5:b9:74:81:ed:91:4b:2f:
         a8:86:39:2a:0d:38:c3:0d:ab:e1:b3:5e:e4:03:c7:7f:d5:d8:
         b6:f0:39:d8:6f:da:2e:47:35:cb:65:43:03:73:a7:d0:c6:ac:
         20:4e:b4:ca:8b:01:1d:43:21:45:78:a6:9a:ba:96:01:35:ec:
         0c:72:9d:1e:a3:98:94:60:03:a4:8b:7c:5c:0b:ba:e7:ca:a5:
         f6:b9:5d:1d:6b:54:a9:52:3b:d4:f1:57:a1:7a:12:0d:8b:6e:
         11:ac:1d:c7:3b:17:9a:5d:67:78:1e:3b:a0:bf:85:df:bc:af:
         f8:57:c0:d8:33:70:6f:20:f4:a6:76:d7:03:df:3d:b0:f4:06:
         d1:88:a9:5a:29:67:2a:6d:5e:5d:7d:49:d0:2d:8d:db:00:ac:
         25:fa:5c:e6:55:50:77:ce:c3:c5:09:f1:8d:ff:22:20:1f:1d:
         c5:63:79:6f:6b:b0:45:1d:f9:75:a3:4a:0b:51:fc:ac:b3:e2:
         1d:c8:ca:7e:6c:b0:f5:97:57:02:4c:36:2d:1b:43:b2:c7:e6:
         b3:1a:e0:c3:0f:17:1e:43:ca:e6:8e:f9:82:41:1a:e7:2a:50:
         d9:c7:a1:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxoPx6SbuF1Te5iSsIgbgT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMjE2MjA1ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDAzZTRkYjA1MzQ1MTcxN2QzNTkyMDIyNGNiYzYwYzNjODY0M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4j6TGyQzreiX84+eATzRz+nOmIhU
1UfvRZBXc0VYPqc+grr5vDenUEicFzS0dqvIkhI3vb6JkZTrG41xDJsz3hmZzYJ7
YgRPeMHGlgIBM7u/Qiauoy5CEpJDEB+rbMLLeQI9KTpC/cqKtY8HMt9YSAbFJQpw
yw3CDE1HVGZkuSSE0XCc2kOiW8jnFMZBUnRujlwZtPckLPSc1XeZeiT8K7eg2p/S
Dh3IjjtuOQZn/adymhCy9TLdHd/vRRn2WPUO2Sm3jgLxRTwFSuMMCglIkGrvLU9e
5sj9A6FMiCbAuRaWDYPAqcEZl2Gbs2BWQf44QRPEm8BC/+TXKln8nGRi4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQD5NsFNFFxfTWSAiTLxgw8hkOiMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEveEFQazJ3VTBVWEY5TlpJQ0pNdkdERHlHUTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw9MA0G
CSqGSIb3DQEBCwUAA4IBAQDbs2OaAgCHhOR9VCP3kSYmTh9wgG3z0DkcSs5Atbl0
ge2RSy+ohjkqDTjDDavhs17kA8d/1di28DnYb9ouRzXLZUMDc6fQxqwgTrTKiwEd
QyFFeKaaupYBNewMcp0eo5iUYAOki3xcC7rnyqX2uV0da1SpUjvU8VehehINi24R
rB3HOxeaXWd4Hjugv4XfvK/4V8DYM3BvIPSmdtcD3z2w9AbRiKlaKWcqbV5dfUnQ
LY3bAKwl+lzmVVB3zsPFCfGN/yIgHx3FY3lva7BFHfl1o0oLUfyss+IdyMp+bLD1
l1cCTDYtG0Oyx+azGuDDDxceQ8rmjvmCQRrnKlDZx6Fj
-----END CERTIFICATE-----