Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/OEVx3wt-afSCjQoq4CCBGEYZ0-0.roa
File:                     OEVx3wt-afSCjQoq4CCBGEYZ0-0.roa (raw, json)
Hash identifier:          RZxMVkxGx/ioX0a/f6t/tDg0YGbR5g3ZOXjOM4aJF6g=
Subject key identifier:   38:45:71:DF:0B:7E:69:F4:82:8D:0A:2A:E0:20:81:18:46:19:D3:ED
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       0198B1E3AA34E8099049BEFBCF7A26B7C7CF
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/OEVx3wt-afSCjQoq4CCBGEYZ0-0.roa
Signing time:             Sat 16 Aug 2025 07:59:04 +0000
ROA not before:           Sat 16 Aug 2025 07:59:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206766
IP address blocks:        78.108.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b1:e3:aa:34:e8:09:90:49:be:fb:cf:7a:26:b7:c7:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Aug 16 07:59:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=384571df0b7e69f4828d0a2ae02081184619d3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4e:49:eb:c4:47:17:b9:48:81:60:72:a8:02:
                    86:11:3f:70:5f:47:d7:a6:9a:b5:05:11:41:4a:44:
                    07:bf:f9:a5:f5:27:55:ec:37:74:a4:eb:9e:b7:9f:
                    bc:b6:b6:98:2f:c2:de:02:82:a9:6c:40:be:90:de:
                    16:f7:b0:94:91:4b:4a:0a:48:9a:3d:39:97:dd:f1:
                    5a:43:96:24:5d:f5:de:99:d9:4c:1b:64:e8:03:ba:
                    9b:46:6b:c2:b0:9f:2c:de:ec:f2:d3:15:f2:2d:75:
                    be:b3:79:ec:66:22:ba:78:b1:f3:9f:c5:fa:9c:6d:
                    9d:64:f8:e6:0a:d0:a4:e9:77:a6:63:ea:38:1c:56:
                    a0:e1:0b:b6:a4:3e:d6:f8:f5:cc:0a:d3:c3:33:a6:
                    17:55:68:79:6c:2c:5d:c3:8b:df:d3:c7:6f:32:3f:
                    74:d5:de:fa:4e:04:69:27:ba:da:a5:43:31:70:16:
                    1f:f2:c3:3a:5a:93:92:c4:fa:ca:6d:dd:02:1c:e6:
                    a3:19:50:00:c9:57:9e:a1:1a:9a:94:dd:ed:78:77:
                    1a:30:66:a6:72:2d:4d:e3:e0:94:39:66:fa:cc:c1:
                    ac:47:6e:fd:d2:57:54:cf:98:f4:80:f1:f9:ea:1d:
                    08:00:7c:1c:02:b1:d0:c6:ff:05:1a:e9:dc:85:3b:
                    46:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:45:71:DF:0B:7E:69:F4:82:8D:0A:2A:E0:20:81:18:46:19:D3:ED
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/OEVx3wt-afSCjQoq4CCBGEYZ0-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:5e:29:dc:5d:28:29:45:6b:3b:ea:86:4f:b9:7a:65:6a:6c:
         2e:b1:57:a6:c0:1c:40:a4:32:d0:2a:6f:d7:ec:39:9a:60:ab:
         79:87:4f:c1:ba:d0:71:71:77:c1:06:44:ff:47:fe:59:ff:6f:
         e3:0b:3c:74:06:83:73:c1:a9:b1:6a:5f:ba:5b:ad:8b:53:54:
         04:85:9a:90:c5:fa:89:26:af:69:b7:ad:c4:40:d8:c3:28:5c:
         a2:bf:71:73:56:d8:56:60:93:f5:e4:22:b2:99:89:73:1d:1d:
         39:aa:77:42:a9:dd:00:d4:f7:59:fc:66:94:23:4c:93:18:59:
         f1:76:0e:6e:39:56:c3:81:e5:1a:dd:7a:0d:a3:16:e8:c6:b0:
         b4:b3:3d:a2:8f:22:7d:05:01:eb:b9:7d:ca:6c:c9:56:7a:2a:
         d5:e0:50:d0:d7:ce:77:d4:0b:a1:d1:55:1f:91:73:d4:04:a8:
         7f:23:94:e1:c9:40:b0:5a:69:67:73:c2:78:99:06:33:94:04:
         61:c8:c3:07:6c:6b:80:d2:70:3e:9e:ef:3f:26:bc:e4:68:38:
         8a:c8:4c:01:34:d7:75:40:9d:ef:4c:5d:ce:52:2a:c3:f7:e0:
         1a:29:2d:ee:11:01:be:ea:60:a2:26:b7:26:91:da:20:f9:72:
         3e:63:6a:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZix46o06AmQSb77z3omt8fPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwODE2MDc1OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ1NzFkZjBiN2U2OWY0ODI4ZDBhMmFlMDIwODExODQ2MTlkM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE5J68RHF7lIgWByqAKGET9wX0fX
ppq1BRFBSkQHv/ml9SdV7Dd0pOuet5+8traYL8LeAoKpbEC+kN4W97CUkUtKCkia
PTmX3fFaQ5YkXfXemdlMG2ToA7qbRmvCsJ8s3uzy0xXyLXW+s3nsZiK6eLHzn8X6
nG2dZPjmCtCk6XemY+o4HFag4Qu2pD7W+PXMCtPDM6YXVWh5bCxdw4vf08dvMj90
1d76TgRpJ7rapUMxcBYf8sM6WpOSxPrKbd0CHOajGVAAyVeeoRqalN3teHcaMGam
ci1N4+CUOWb6zMGsR2790ldUz5j0gPH56h0IAHwcArHQxv8FGunchTtGuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhFcd8Lfmn0go0KKuAggRhGGdPtMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvT0VWeDN3dC1hZlNDalFvcTRDQ0JHRVlaMC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw4MA0G
CSqGSIb3DQEBCwUAA4IBAQCGXincXSgpRWs76oZPuXplamwusVemwBxApDLQKm/X
7DmaYKt5h0/ButBxcXfBBkT/R/5Z/2/jCzx0BoNzwamxal+6W62LU1QEhZqQxfqJ
Jq9pt63EQNjDKFyiv3FzVthWYJP15CKymYlzHR05qndCqd0A1PdZ/GaUI0yTGFnx
dg5uOVbDgeUa3XoNoxboxrC0sz2ijyJ9BQHruX3KbMlWeirV4FDQ18531Auh0VUf
kXPUBKh/I5ThyUCwWmlnc8J4mQYzlARhyMMHbGuA0nA+nu8/JrzkaDiKyEwBNNd1
QJ3vTF3OUirD9+AaKS3uEQG+6mCiJrcmkdog+XI+Y2p7
-----END CERTIFICATE-----