Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XnSGdaCJ3eKb4i-6Nu6dhvAlrx4.roa
File:                     XnSGdaCJ3eKb4i-6Nu6dhvAlrx4.roa (raw, json)
Hash identifier:          wQcutn0UQG9+UbR3j8U6CVNcG7YhBuHIXfvYXpQN+ao=
Subject key identifier:   5E:74:86:75:A0:89:DD:E2:9B:E2:2F:BA:36:EE:9D:86:F0:25:AF:1E
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       01977978A7CC8CF5C621DDE04F91C4BA817F
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XnSGdaCJ3eKb4i-6Nu6dhvAlrx4.roa
Signing time:             Mon 16 Jun 2025 16:00:39 +0000
ROA not before:           Mon 16 Jun 2025 16:00:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        78.108.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 03:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:78:a7:cc:8c:f5:c6:21:dd:e0:4f:91:c4:ba:81:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jun 16 16:00:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e748675a089dde29be22fba36ee9d86f025af1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c6:6a:ea:47:0c:20:82:5c:4f:53:50:7e:ad:
                    88:9c:57:e2:94:66:4e:85:c7:1f:52:5c:23:59:4d:
                    9c:e1:3d:b5:e4:b5:06:b0:6d:53:8c:0f:48:5d:4f:
                    0a:8d:7e:a2:5c:c4:9a:59:79:e1:a2:32:19:d1:ff:
                    dc:2e:fc:93:88:38:bb:75:51:27:5e:81:41:47:65:
                    1d:3a:03:84:af:c2:d7:fa:2a:de:32:82:94:83:65:
                    6f:a8:3b:95:40:17:ce:db:af:95:05:d0:28:65:32:
                    77:d2:0d:2f:b6:e2:17:c7:1b:d7:49:4a:c0:51:a2:
                    99:5b:3c:a2:c9:f3:98:f1:f6:68:bf:e2:4f:b3:7e:
                    8e:17:f0:e4:92:b0:2d:de:1b:4a:fb:c1:4e:5c:14:
                    32:18:a0:76:6c:b8:ac:49:1e:30:c2:7a:ab:eb:ec:
                    1e:32:a8:73:cd:78:11:ab:38:d4:b7:28:dc:d1:8c:
                    36:12:1f:41:c2:f2:ab:de:3f:8e:78:a3:10:ce:8a:
                    40:d4:4a:c4:31:27:dd:cb:2f:c5:51:a8:ad:aa:db:
                    99:26:c6:9d:51:17:47:43:9e:e8:0e:e1:aa:63:50:
                    5d:82:7d:f7:a1:04:80:63:c8:35:77:4e:ee:1f:c0:
                    6b:00:92:e4:62:07:f9:76:65:40:3a:68:22:44:73:
                    4a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:74:86:75:A0:89:DD:E2:9B:E2:2F:BA:36:EE:9D:86:F0:25:AF:1E
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XnSGdaCJ3eKb4i-6Nu6dhvAlrx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ec:00:e0:ad:70:54:cf:9b:1d:fe:4e:51:2f:6a:ad:e3:53:
         82:55:08:2a:52:fa:e8:11:60:a1:29:fa:f9:29:bb:2e:89:eb:
         a7:03:62:29:41:46:6f:63:81:f6:4f:d4:8b:70:96:a0:9b:f1:
         e1:7f:b7:fd:ed:58:39:4a:d0:4a:d7:c4:c0:87:a1:ae:8d:7d:
         50:a7:59:55:9e:eb:be:8c:c1:44:b8:29:c3:4f:98:3d:b1:f6:
         76:8d:9a:f1:da:f1:fd:b9:f8:13:9f:6b:bd:51:a6:c0:e9:73:
         56:46:71:17:02:48:76:cb:5b:d9:3e:64:d5:74:9e:30:db:95:
         a2:59:1e:2f:35:b2:ae:be:fc:3e:1e:58:e5:13:a4:b8:fa:f5:
         b4:a2:ad:78:2b:60:2f:84:19:fa:1b:e6:0e:08:cc:93:2d:89:
         e6:b6:05:58:2e:34:83:5e:28:3e:ec:f6:66:64:f4:3d:b0:a7:
         d3:e5:86:3d:02:01:34:0b:f5:00:db:db:65:b5:20:50:a3:46:
         af:67:3d:b5:7f:a9:ae:8f:d3:78:25:4b:ab:37:15:38:49:f7:
         49:57:15:ce:10:d2:e0:d4:fe:79:ae:c2:35:15:8f:2c:69:aa:
         d4:ab:13:4e:c9:24:cd:f5:a0:4c:6b:00:20:3e:e0:48:2f:46:
         e3:c4:9f:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd5eKfMjPXGId3gT5HEuoF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNjE2MTYwMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc0ODY3NWEwODlkZGUyOWJlMjJmYmEzNmVlOWQ4NmYwMjVhZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MZq6kcMIIJcT1NQfq2InFfilGZO
hccfUlwjWU2c4T215LUGsG1TjA9IXU8KjX6iXMSaWXnhojIZ0f/cLvyTiDi7dVEn
XoFBR2UdOgOEr8LX+ireMoKUg2VvqDuVQBfO26+VBdAoZTJ30g0vtuIXxxvXSUrA
UaKZWzyiyfOY8fZov+JPs36OF/DkkrAt3htK+8FOXBQyGKB2bLisSR4wwnqr6+we
MqhzzXgRqzjUtyjc0Yw2Eh9BwvKr3j+OeKMQzopA1ErEMSfdyy/FUaitqtuZJsad
URdHQ57oDuGqY1Bdgn33oQSAY8g1d07uH8BrAJLkYgf5dmVAOmgiRHNKdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF50hnWgid3im+IvujbunYbwJa8eMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvWG5TR2RhQ0ozZUtiNGktNk51NmRodkFscng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmw6MA0G
CSqGSIb3DQEBCwUAA4IBAQBW7ADgrXBUz5sd/k5RL2qt41OCVQgqUvroEWChKfr5
KbsuieunA2IpQUZvY4H2T9SLcJagm/Hhf7f97Vg5StBK18TAh6GujX1Qp1lVnuu+
jMFEuCnDT5g9sfZ2jZrx2vH9ufgTn2u9UabA6XNWRnEXAkh2y1vZPmTVdJ4w25Wi
WR4vNbKuvvw+HljlE6S4+vW0oq14K2AvhBn6G+YOCMyTLYnmtgVYLjSDXig+7PZm
ZPQ9sKfT5YY9AgE0C/UA29tltSBQo0avZz21f6muj9N4JUurNxU4SfdJVxXOENLg
1P55rsI1FY8saarUqxNOySTN9aBMawAgPuBIL0bjxJ/C
-----END CERTIFICATE-----