Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yzet3BL-gTcIDQW457JYlEAQ068.roa
File:                     yzet3BL-gTcIDQW457JYlEAQ068.roa (raw, json)
Hash identifier:          DSXrbuLq6X1ozunDP1NXtN0WuYAGaUKDoigS9hMBmZU=
Subject key identifier:   CB:37:AD:DC:12:FE:81:37:08:0D:05:B8:E7:B2:58:94:40:10:D3:AF
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019C33D8D0281507BD24FC0D2BC449A5AB5B
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yzet3BL-gTcIDQW457JYlEAQ068.roa
Signing time:             Fri 06 Feb 2026 16:46:12 +0000
ROA not before:           Fri 06 Feb 2026 16:46:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        78.108.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:33:d8:d0:28:15:07:bd:24:fc:0d:2b:c4:49:a5:ab:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Feb  6 16:46:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb37addc12fe8137080d05b8e7b258944010d3af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2a:49:85:b3:48:77:28:92:e3:b1:de:90:ec:
                    b8:22:68:91:59:1b:76:76:47:ed:86:25:95:90:b6:
                    06:aa:a0:6a:0c:f6:2b:66:6e:78:97:7d:48:10:51:
                    f2:c4:cd:7b:ef:a5:10:3e:3d:e0:d1:a2:e2:e4:ed:
                    b6:b9:64:bf:bc:7a:e6:43:71:34:31:dd:7f:b6:9b:
                    e2:7f:02:6e:67:79:c1:f6:12:bd:3b:96:3d:fc:c9:
                    02:37:e1:30:4d:b7:a5:dc:14:4c:49:e3:e8:80:9d:
                    bc:bb:29:94:cf:48:e4:ea:97:b9:9f:39:63:78:92:
                    35:4b:7d:87:5a:6a:1e:e2:8d:ff:52:f9:7c:5c:a3:
                    5c:75:5e:fe:a5:5e:3e:d6:3a:20:7f:dc:68:a9:f0:
                    46:4a:72:1b:e5:6a:4a:01:8d:23:74:93:31:d7:21:
                    a5:f4:78:64:b2:c2:a0:30:34:11:6a:48:38:56:0b:
                    c0:39:b2:76:91:2e:ad:0f:50:5d:be:ed:52:0a:19:
                    96:25:ce:d2:ab:f5:76:ba:aa:25:39:e9:52:06:3e:
                    c9:71:2a:e7:7f:23:ac:41:b6:85:3f:03:a0:0e:f6:
                    a9:fd:3c:5c:cb:c3:41:96:9b:c8:49:e4:47:bc:dc:
                    ba:96:87:5a:c2:ae:4b:d1:b1:7e:46:32:4a:ac:f5:
                    15:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:37:AD:DC:12:FE:81:37:08:0D:05:B8:E7:B2:58:94:40:10:D3:AF
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/yzet3BL-gTcIDQW457JYlEAQ068.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:a7:cf:7a:c5:22:c5:c2:d2:0d:94:b7:9c:92:f6:bc:fb:5b:
         f0:17:79:8b:4a:0a:fb:5f:04:a8:0c:01:97:f3:a4:76:99:ce:
         ac:3c:44:1a:0e:de:97:95:75:89:f2:0b:0b:50:0c:c9:cd:34:
         96:43:75:db:20:e5:59:df:25:e5:6c:3e:d1:8c:0d:91:79:78:
         bd:d9:9d:c4:42:88:b2:5f:33:ad:a1:5c:38:b1:1b:8f:83:dc:
         3f:90:b9:18:b1:87:b0:26:a4:07:fb:b1:75:aa:46:60:bf:4e:
         f4:8a:af:88:f6:0b:43:06:5a:f0:5c:77:19:f3:27:1e:83:6f:
         e2:fe:49:ef:d6:c4:28:e0:de:69:11:34:0a:a7:31:31:79:2b:
         25:00:48:63:5d:9a:26:94:aa:5c:c1:98:55:d2:39:03:38:ca:
         a8:82:1c:71:8a:91:00:cc:43:83:c0:53:8e:b2:6c:4b:b7:29:
         6e:0e:10:89:27:f9:37:1a:f6:8b:05:db:2c:d6:7b:d0:61:96:
         55:3d:78:d9:e3:09:ae:1d:13:f7:f6:d9:a6:fb:8f:61:e5:f2:
         d1:a5:d6:f7:c2:be:b5:86:e5:25:2f:f3:07:c3:11:2b:86:71:
         16:a4:f2:38:16:f7:b0:b7:54:c4:33:df:ff:fb:db:69:78:9b:
         60:5f:a7:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwz2NAoFQe9JPwNK8RJpatbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMjA2MTY0NjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjM3YWRkYzEyZmU4MTM3MDgwZDA1YjhlN2IyNTg5NDQwMTBkM2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvypJhbNIdyiS47HekOy4ImiRWRt2
dkfthiWVkLYGqqBqDPYrZm54l31IEFHyxM1776UQPj3g0aLi5O22uWS/vHrmQ3E0
Md1/tpvifwJuZ3nB9hK9O5Y9/MkCN+EwTbel3BRMSePogJ28uymUz0jk6pe5nzlj
eJI1S32HWmoe4o3/Uvl8XKNcdV7+pV4+1jogf9xoqfBGSnIb5WpKAY0jdJMx1yGl
9HhkssKgMDQRakg4VgvAObJ2kS6tD1Bdvu1SChmWJc7Sq/V2uqolOelSBj7JcSrn
fyOsQbaFPwOgDvap/Txcy8NBlpvISeRHvNy6lodawq5L0bF+RjJKrPUViwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMs3rdwS/oE3CA0FuOeyWJRAENOvMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEveXpldDNCTC1nVGNJRFFXNDU3SllsRUFRMDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw+MA0G
CSqGSIb3DQEBCwUAA4IBAQAHp896xSLFwtINlLeckva8+1vwF3mLSgr7XwSoDAGX
86R2mc6sPEQaDt6XlXWJ8gsLUAzJzTSWQ3XbIOVZ3yXlbD7RjA2ReXi92Z3EQoiy
XzOtoVw4sRuPg9w/kLkYsYewJqQH+7F1qkZgv070iq+I9gtDBlrwXHcZ8yceg2/i
/knv1sQo4N5pETQKpzExeSslAEhjXZomlKpcwZhV0jkDOMqoghxxipEAzEODwFOO
smxLtyluDhCJJ/k3GvaLBdss1nvQYZZVPXjZ4wmuHRP39tmm+49h5fLRpdb3wr61
huUlL/MHwxErhnEWpPI4Fvewt1TEM9//+9tpeJtgX6dZ
-----END CERTIFICATE-----