Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-2QO9FguLUt5rj22vOapkLQv1LM.roa
File:                     1-2QO9FguLUt5rj22vOapkLQv1LM.roa (raw, json)
Hash identifier:          6C5nWn3M7NYDIFoAmXRgq5mCC7bQ7vgjMeNWPMRNR2M=
Subject key identifier:   FB:64:0E:F4:58:2E:2D:4B:79:AE:3D:B6:BC:E6:A9:90:B4:2F:D4:B3
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DE893BDBF5477C00497F442C063C20530
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-2QO9FguLUt5rj22vOapkLQv1LM.roa
Signing time:             Sat 02 May 2026 12:04:49 +0000
ROA not before:           Sat 02 May 2026 12:04:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209734
IP address blocks:        78.17.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e8:93:bd:bf:54:77:c0:04:97:f4:42:c0:63:c2:05:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  2 12:04:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb640ef4582e2d4b79ae3db6bce6a990b42fd4b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:42:ff:d1:13:65:14:15:f5:a3:be:d4:8e:
                    9e:e3:3b:f9:5a:d1:73:fa:b5:2f:a8:90:f3:26:e9:
                    b3:38:e0:e5:ab:3e:a4:12:33:3a:dd:7c:6d:02:4a:
                    ae:e7:5a:22:32:06:22:c6:d1:70:29:93:b6:22:86:
                    2c:90:b8:35:5d:bf:db:4f:1b:84:76:12:5c:f5:cb:
                    ed:51:15:7c:ce:9a:e3:32:31:20:7f:64:b9:54:bf:
                    88:0c:50:bf:c2:8c:d5:dd:cb:8d:c1:dd:e8:58:09:
                    f6:83:84:47:49:b6:d1:0d:b4:ad:06:a2:a8:56:e6:
                    be:69:da:3d:b4:a8:f2:dd:c3:e1:24:4b:a0:1e:5f:
                    b1:ff:9c:ca:17:1b:1e:d2:b3:5e:8d:15:1c:30:a7:
                    8b:49:b5:63:1b:0e:d2:69:6c:87:da:0f:d0:e3:d5:
                    40:18:e8:b2:f7:f7:e7:12:1a:03:cd:ce:cf:e1:bc:
                    5a:8e:49:fc:3e:75:2d:7a:a7:a7:64:af:29:49:33:
                    60:3f:04:6e:f8:c5:cc:ff:d4:7e:67:d4:51:a3:21:
                    bc:eb:01:6a:45:61:a5:a7:30:3a:21:aa:cb:41:92:
                    94:53:42:7a:ce:e9:db:bd:59:6b:91:e0:cf:73:ba:
                    06:81:f5:54:5e:18:74:27:91:c7:2f:c3:9c:75:19:
                    a1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:64:0E:F4:58:2E:2D:4B:79:AE:3D:B6:BC:E6:A9:90:B4:2F:D4:B3
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-2QO9FguLUt5rj22vOapkLQv1LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:d4:f4:13:e4:75:c6:f2:f3:54:70:1f:0f:ce:86:66:b3:f2:
         3f:00:cb:69:85:66:77:3d:a4:1c:dd:2a:f1:d8:6b:67:73:a4:
         f9:eb:dd:a8:ce:d8:b4:18:bc:bb:7e:9f:29:d9:89:80:66:f7:
         49:3a:8b:31:16:20:9b:3f:bf:67:90:58:55:a6:43:2f:93:85:
         7b:e1:49:73:89:3c:00:a5:4d:31:c8:5e:e9:3f:07:1a:52:79:
         b3:3f:4e:76:f2:c7:11:27:76:f8:46:03:37:a4:37:01:b3:31:
         8b:6c:7d:48:52:20:22:62:81:df:50:5c:22:76:75:81:cf:48:
         e8:89:e5:37:24:d8:74:48:25:7c:01:4c:22:65:70:24:90:e5:
         0b:61:33:ad:ac:d6:d1:9c:35:d7:2f:4e:8e:69:74:e1:c7:12:
         38:fc:74:07:72:d3:9c:cb:97:3c:4b:ee:9f:7b:6e:b8:53:c7:
         4a:e4:5a:75:d3:f9:5f:64:01:bb:0e:d5:20:2a:f0:04:7d:27:
         da:5d:0f:d4:fc:94:bd:82:86:76:8a:14:dd:20:e8:e5:8d:9b:
         88:55:ce:11:1f:e8:54:95:d1:05:92:fd:9b:f0:03:64:59:a4:
         87:09:50:b7:6e:d7:53:b0:ff:40:3c:f2:4d:6e:61:1b:c4:6e:
         cd:95:88:20
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3ok72/VHfABJf0QsBjwgUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTAyMTIwNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjY0MGVmNDU4MmUyZDRiNzlhZTNkYjZiY2U2YTk5MGI0MmZkNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbpC/9ETZRQV9aO+1I6e4zv5WtFz
+rUvqJDzJumzOODlqz6kEjM63XxtAkqu51oiMgYixtFwKZO2IoYskLg1Xb/bTxuE
dhJc9cvtURV8zprjMjEgf2S5VL+IDFC/wozV3cuNwd3oWAn2g4RHSbbRDbStBqKo
Vua+ado9tKjy3cPhJEugHl+x/5zKFxse0rNejRUcMKeLSbVjGw7SaWyH2g/Q49VA
GOiy9/fnEhoDzc7P4bxajkn8PnUteqenZK8pSTNgPwRu+MXM/9R+Z9RRoyG86wFq
RWGlpzA6IarLQZKUU0J6zunbvVlrkeDPc7oGgfVUXhh0J5HHL8OcdRmhZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtkDvRYLi1Lea49trzmqZC0L9SzMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMS0yUU85Rmd1TFV0NXJqMjJ2T2Fwa0xRdjFMTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvNGIxOGZiLWQzZWQtNGIyNy05YmQwLWU1ODM5ZjQzZTU4
My8xL2ZhWFRMVnNKeVR3YlhqX0ZvcW9nMTBiOF90RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4RTzAN
BgkqhkiG9w0BAQsFAAOCAQEAV9T0E+R1xvLzVHAfD86GZrPyPwDLaYVmdz2kHN0q
8dhrZ3Ok+evdqM7YtBi8u36fKdmJgGb3STqLMRYgmz+/Z5BYVaZDL5OFe+FJc4k8
AKVNMche6T8HGlJ5sz9OdvLHESd2+EYDN6Q3AbMxi2x9SFIgImKB31BcInZ1gc9I
6InlNyTYdEglfAFMImVwJJDlC2EzrazW0Zw11y9Ojml04ccSOPx0B3LTnMuXPEvu
n3tuuFPHSuRaddP5X2QBuw7VICrwBH0n2l0P1PyUvYKGdooU3SDo5Y2biFXOER/o
VJXRBZL9m/ADZFmkhwlQt27XU7D/QDzyTW5hG8RuzZWIIA==
-----END CERTIFICATE-----