Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/78N1q78KVkb0g5UEjth4sIw2Tmc.roa
File:                     78N1q78KVkb0g5UEjth4sIw2Tmc.roa (raw, json)
Hash identifier:          Y2TWCAPymtRm0PTcNGCy+NHT+xXdFXN2kEJRuvjajyg=
Subject key identifier:   EF:C3:75:AB:BF:0A:56:46:F4:83:95:04:8E:D8:78:B0:8C:36:4E:67
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019E1BFB55C32AB5EAB9D8469BEB9066DB42
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/78N1q78KVkb0g5UEjth4sIw2Tmc.roa
Signing time:             Tue 12 May 2026 11:38:36 +0000
ROA not before:           Tue 12 May 2026 11:38:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203380
IP address blocks:        213.182.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:38:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:fb:55:c3:2a:b5:ea:b9:d8:46:9b:eb:90:66:db:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 12 11:38:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=efc375abbf0a5646f48395048ed878b08c364e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8b:69:a2:3c:82:1d:fc:6a:47:12:82:94:c7:
                    96:5b:75:4f:64:72:36:55:c3:ea:d2:79:c8:c2:1a:
                    b5:8e:63:94:06:18:48:80:62:d9:07:d3:48:ff:5e:
                    52:5f:6a:d1:c1:81:32:f7:84:a2:90:b8:82:95:34:
                    1a:67:d2:74:df:ee:92:f8:af:e9:20:6c:56:d5:8d:
                    97:b0:00:ca:5f:20:d0:da:a0:2b:5b:7f:eb:d2:95:
                    91:77:a9:49:e3:79:fa:cf:77:cf:b5:55:f4:3f:ba:
                    36:8b:2c:9a:92:8e:ba:b8:76:2f:d4:62:cc:b8:e4:
                    f8:f5:9a:46:78:75:14:76:8e:68:43:c8:6f:72:46:
                    d9:94:80:8e:e9:1d:25:70:f5:5b:ac:ce:e5:15:6e:
                    0c:6e:26:8f:23:31:94:1a:f4:15:ed:8e:4c:8c:33:
                    46:6a:58:fe:e1:55:ea:d9:04:c2:68:7f:5b:53:ad:
                    ac:7a:d3:be:36:65:ba:b9:92:ec:21:6e:a8:8c:f2:
                    eb:8d:c4:c8:1d:50:ec:c6:80:0f:29:05:b3:d5:ce:
                    bf:b8:81:fd:20:54:b7:f4:01:4f:5d:3f:cd:51:8f:
                    5c:a2:d0:83:2f:0a:5c:a3:dc:2a:9b:60:2e:2e:27:
                    f0:fb:13:f7:d4:47:39:d2:35:3f:16:44:74:77:8e:
                    76:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C3:75:AB:BF:0A:56:46:F4:83:95:04:8E:D8:78:B0:8C:36:4E:67
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/78N1q78KVkb0g5UEjth4sIw2Tmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a5:2f:63:82:31:37:f9:df:64:b4:8c:89:5c:75:a8:70:1c:
         97:e6:76:88:7b:23:b6:4f:37:2c:dd:e7:8f:96:94:41:96:a8:
         06:57:e3:08:19:31:96:39:00:d6:b4:7f:86:37:d7:92:b8:0d:
         82:2f:f6:f7:43:f7:bb:aa:41:37:17:be:bf:50:81:e9:e9:d5:
         45:11:a0:6f:1b:31:74:e0:1a:6e:14:78:99:72:46:1c:e2:14:
         e3:73:03:a3:5c:86:40:8a:74:01:ae:be:cb:f6:bd:0d:a9:04:
         2b:c8:68:bd:60:f5:dd:0f:7f:0a:09:c3:4f:73:d3:26:55:ac:
         00:b5:3b:d1:34:52:8b:f8:54:2c:82:58:0e:b3:e2:b4:2b:4e:
         f6:99:1a:33:85:13:3e:16:2b:a9:91:ab:50:c1:7f:55:73:f6:
         ae:ea:e4:12:0c:00:09:ed:4d:01:fb:15:2d:24:fd:65:9f:23:
         7f:a7:21:58:18:e6:7c:31:d9:f3:a6:be:6f:f5:28:40:1a:3c:
         48:d6:2a:6e:96:1a:48:b1:ed:81:34:2d:b0:59:52:ec:f7:f7:
         c7:5a:04:1a:15:96:7f:e0:d3:d7:1d:a0:29:47:6c:e0:c9:77:
         d3:65:a7:ec:ec:25:09:68:a1:48:b6:34:14:b9:49:5f:41:87:
         c1:29:86:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4b+1XDKrXqudhGm+uQZttCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwNTEyMTEzODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmMzNzVhYmJmMGE1NjQ2ZjQ4Mzk1MDQ4ZWQ4NzhiMDhjMzY0ZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYtpojyCHfxqRxKClMeWW3VPZHI2
VcPq0nnIwhq1jmOUBhhIgGLZB9NI/15SX2rRwYEy94SikLiClTQaZ9J03+6S+K/p
IGxW1Y2XsADKXyDQ2qArW3/r0pWRd6lJ43n6z3fPtVX0P7o2iyyako66uHYv1GLM
uOT49ZpGeHUUdo5oQ8hvckbZlICO6R0lcPVbrM7lFW4MbiaPIzGUGvQV7Y5MjDNG
alj+4VXq2QTCaH9bU62setO+NmW6uZLsIW6ojPLrjcTIHVDsxoAPKQWz1c6/uIH9
IFS39AFPXT/NUY9cotCDLwpco9wqm2AuLifw+xP31Ec50jU/FkR0d452hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/Ddau/ClZG9IOVBI7YeLCMNk5nMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvNzhOMXE3OEtWa2IwZzVVRWp0aDRzSXcyVG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBDpS9jgjE3+d9ktIyJXHWocByX5naIeyO2Tzcs3eeP
lpRBlqgGV+MIGTGWOQDWtH+GN9eSuA2CL/b3Q/e7qkE3F76/UIHp6dVFEaBvGzF0
4BpuFHiZckYc4hTjcwOjXIZAinQBrr7L9r0NqQQryGi9YPXdD38KCcNPc9MmVawA
tTvRNFKL+FQsglgOs+K0K072mRozhRM+FiupkatQwX9Vc/au6uQSDAAJ7U0B+xUt
JP1lnyN/pyFYGOZ8Mdnzpr5v9ShAGjxI1ipulhpIse2BNC2wWVLs9/fHWgQaFZZ/
4NPXHaApR2zgyXfTZafs7CUJaKFItjQUuUlfQYfBKYYW
-----END CERTIFICATE-----