Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6gn8D0bCNNy_NHNGg6olZCjJ38U.roa
File:                     6gn8D0bCNNy_NHNGg6olZCjJ38U.roa (raw, json)
Hash identifier:          xw5nqkOFXc/gnb6kTCjNsbFvOautT4PbRs2mLQwjGR0=
Subject key identifier:   EA:09:FC:0F:46:C2:34:DC:BF:34:73:46:83:AA:25:64:28:C9:DF:C5
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0198C78208CBF0336F6B8A428CED00C49793
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6gn8D0bCNNy_NHNGg6olZCjJ38U.roa
Signing time:             Wed 20 Aug 2025 12:44:04 +0000
ROA not before:           Wed 20 Aug 2025 12:44:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        78.128.122.0/24 maxlen: 24
                          82.118.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c7:82:08:cb:f0:33:6f:6b:8a:42:8c:ed:00:c4:97:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Aug 20 12:44:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea09fc0f46c234dcbf34734683aa256428c9dfc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:02:d9:c1:01:96:08:cd:22:52:bb:6a:af:3a:
                    32:db:d5:61:30:af:ca:01:09:6d:70:01:8c:60:15:
                    9f:48:81:b7:40:ff:f5:95:34:b3:54:c3:30:45:33:
                    96:10:d1:6d:02:61:e2:3f:f2:f3:fd:df:5c:fe:fe:
                    6c:90:53:37:21:46:a3:77:69:67:4e:1f:1e:54:2c:
                    b3:88:b7:3d:c7:bc:02:71:b4:b5:45:9e:f6:18:05:
                    a4:4f:d9:9b:c8:2a:fc:ba:a6:5e:6f:aa:cb:a2:30:
                    9f:88:c3:48:91:78:68:ca:4e:69:00:46:c0:b7:a7:
                    34:7c:59:b2:97:b7:98:82:43:c8:30:59:c4:f2:2f:
                    c6:e1:b2:23:45:a6:f8:3e:6b:57:5f:44:ed:21:8e:
                    9f:19:4a:c5:11:2a:ce:70:81:39:8f:84:4e:78:44:
                    e3:68:1e:21:5b:e1:90:25:b9:2e:fa:86:48:b7:0a:
                    3d:92:42:de:71:8c:f8:a5:05:3e:69:6c:aa:54:96:
                    fb:45:2b:f6:fc:37:dc:08:22:fa:6b:ac:b4:5e:ff:
                    4c:47:4a:f0:10:78:60:92:43:72:8c:b5:57:8b:95:
                    cd:0a:b9:2d:16:f0:ca:d5:bc:9a:03:06:bf:7b:74:
                    e0:47:e7:45:a4:af:64:78:2b:e3:73:4c:d6:98:22:
                    06:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:09:FC:0F:46:C2:34:DC:BF:34:73:46:83:AA:25:64:28:C9:DF:C5
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6gn8D0bCNNy_NHNGg6olZCjJ38U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.122.0/24
                  82.118.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:eb:4b:97:2e:c8:1c:29:c0:f5:81:8c:fc:dd:62:32:ab:88:
         d8:d3:71:ee:b7:c2:2c:9a:4f:38:b4:70:b0:77:8e:d2:12:46:
         9b:f5:79:cb:ad:71:6b:e1:10:32:2d:e6:d4:70:91:8e:e7:17:
         67:17:84:a8:0c:08:3d:c5:86:d2:54:fd:27:14:33:6f:f0:86:
         2c:04:59:63:9f:d6:24:1b:3e:79:99:f9:c1:31:a9:bb:c1:13:
         d9:25:97:d2:2a:d8:ad:fb:73:d1:17:3f:de:44:de:b9:6d:20:
         06:3c:a6:5c:76:2a:90:35:d0:05:78:d1:37:88:c9:b4:fe:ea:
         ba:33:56:03:b1:ee:91:2d:38:6a:c6:c4:56:68:62:f7:e0:5c:
         dc:a4:0b:6d:ae:ff:0f:4f:fc:59:f2:4c:08:c8:df:b0:47:22:
         0f:19:36:bf:9b:9b:0e:99:66:59:ec:62:b7:0c:0f:d8:75:38:
         da:ec:87:24:a2:47:be:b7:bd:2c:9a:88:62:21:9b:09:8e:bd:
         5d:83:1e:b4:1d:8e:05:e5:6e:31:1c:c4:6e:c7:48:77:95:cd:
         1e:fc:0c:1f:d1:f4:e9:8e:e5:76:c7:53:21:27:43:51:b9:58:
         c1:79:b3:79:b2:f6:1e:e5:be:b1:22:99:3a:48:58:65:d9:ff:
         15:f9:36:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjHggjL8DNva4pCjO0AxJeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwODIwMTI0NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTA5ZmMwZjQ2YzIzNGRjYmYzNDczNDY4M2FhMjU2NDI4YzlkZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgLZwQGWCM0iUrtqrzoy29VhMK/K
AQltcAGMYBWfSIG3QP/1lTSzVMMwRTOWENFtAmHiP/Lz/d9c/v5skFM3IUajd2ln
Th8eVCyziLc9x7wCcbS1RZ72GAWkT9mbyCr8uqZeb6rLojCfiMNIkXhoyk5pAEbA
t6c0fFmyl7eYgkPIMFnE8i/G4bIjRab4PmtXX0TtIY6fGUrFESrOcIE5j4ROeETj
aB4hW+GQJbku+oZItwo9kkLecYz4pQU+aWyqVJb7RSv2/DfcCCL6a6y0Xv9MR0rw
EHhgkkNyjLVXi5XNCrktFvDK1byaAwa/e3TgR+dFpK9keCvjc0zWmCIGRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOoJ/A9GwjTcvzRzRoOqJWQoyd/FMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvNmduOEQwYkNOTnlfTkhOR2c2b2xaQ2pKMzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAToB6AwQA
UnbyMA0GCSqGSIb3DQEBCwUAA4IBAQCI60uXLsgcKcD1gYz83WIyq4jY03Hut8Is
mk84tHCwd47SEkab9XnLrXFr4RAyLebUcJGO5xdnF4SoDAg9xYbSVP0nFDNv8IYs
BFljn9YkGz55mfnBMam7wRPZJZfSKtit+3PRFz/eRN65bSAGPKZcdiqQNdAFeNE3
iMm0/uq6M1YDse6RLThqxsRWaGL34FzcpAttrv8PT/xZ8kwIyN+wRyIPGTa/m5sO
mWZZ7GK3DA/YdTja7Ickoke+t70smohiIZsJjr1dgx60HY4F5W4xHMRux0h3lc0e
/Awf0fTpjuV2x1MhJ0NRuVjBebN5svYe5b6xIpk6SFhl2f8V+TbX
-----END CERTIFICATE-----