Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/rW5rmL1uQgdMSDTmKTxLDub9Rx4.roa
File:                     rW5rmL1uQgdMSDTmKTxLDub9Rx4.roa (raw, json)
Hash identifier:          882yZaThDdB1XJNV9Y4bdqLZR3muzTyFSdsUOwU4kKo=
Subject key identifier:   AD:6E:6B:98:BD:6E:42:07:4C:48:34:E6:29:3C:4B:0E:E6:FD:47:1E
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01979BC3185241528DDF66ABCBAA6AB09384
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/rW5rmL1uQgdMSDTmKTxLDub9Rx4.roa
Signing time:             Mon 23 Jun 2025 07:49:03 +0000
ROA not before:           Mon 23 Jun 2025 07:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208370
IP address blocks:        78.128.115.0/24 maxlen: 24
                          78.142.9.0/24 maxlen: 24
                          79.124.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:c3:18:52:41:52:8d:df:66:ab:cb:aa:6a:b0:93:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jun 23 07:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad6e6b98bd6e42074c4834e6293c4b0ee6fd471e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a3:49:83:27:22:44:3d:34:0b:65:60:bf:f8:
                    54:7c:f6:79:a0:08:38:d4:0e:42:44:f0:04:a3:88:
                    da:64:af:f2:6b:df:7c:f1:60:e9:67:f2:c4:78:27:
                    d8:f3:1f:2e:38:05:0b:c8:49:01:71:51:16:04:8e:
                    6a:02:ac:cc:57:81:2f:3b:7b:ac:2c:0f:33:a7:c4:
                    3f:f7:14:00:f7:a9:08:f0:e6:41:1c:a8:72:a8:10:
                    c2:46:62:b8:02:1d:b8:ab:ec:3e:eb:6d:db:55:88:
                    0e:b1:f3:24:24:5b:f7:d9:be:3e:60:d1:e0:a1:33:
                    26:e0:b2:ce:c6:5c:43:fb:77:f9:3f:e9:69:41:5b:
                    f3:03:78:2d:a3:51:58:ab:0f:f9:aa:ce:aa:e1:65:
                    f8:f2:19:34:1e:f1:a2:7f:eb:df:2a:f6:f2:6d:b8:
                    75:7f:e0:2c:ce:b1:92:2b:ee:57:12:ea:fb:19:b3:
                    da:54:bc:ef:82:66:2b:f7:ee:09:c0:3d:fb:40:c3:
                    39:b9:39:99:69:b2:d1:55:26:8d:ad:3f:41:04:40:
                    fc:d0:cf:1a:86:08:dc:58:78:e5:bb:77:26:2b:fe:
                    f7:ea:59:58:03:2a:e1:9b:f2:ea:fb:b4:be:a4:be:
                    c9:38:80:64:4c:3d:1c:60:fd:69:43:27:71:d7:81:
                    39:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:6E:6B:98:BD:6E:42:07:4C:48:34:E6:29:3C:4B:0E:E6:FD:47:1E
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/rW5rmL1uQgdMSDTmKTxLDub9Rx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.115.0/24
                  78.142.9.0/24
                  79.124.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1e:cb:2c:e5:63:3a:ff:eb:41:eb:c2:3a:1d:16:48:90:00:
         04:5c:e2:d3:25:cc:6b:1a:0d:57:af:1f:a9:7d:d2:79:7d:61:
         21:27:2e:47:bf:7e:07:5a:aa:fe:99:4e:d2:7f:79:50:60:73:
         d5:40:8c:32:89:bc:7d:f5:05:86:7b:73:46:0b:9b:23:aa:fb:
         0a:24:cd:ca:a2:9d:a6:d3:fd:5b:e3:27:14:da:40:98:b6:f6:
         a4:63:b0:ae:1a:5f:b1:27:16:b2:92:01:55:15:83:24:13:17:
         a8:24:fe:98:29:e4:c2:63:d0:f1:f5:38:d1:74:c4:12:9e:98:
         21:bb:24:ed:70:5c:06:b9:0b:e6:a4:f7:d0:ce:87:30:f0:f2:
         83:67:28:aa:c8:49:05:20:a0:68:76:64:cd:ce:76:a0:1b:64:
         05:90:41:16:43:ab:90:f5:b6:36:fa:62:77:74:39:d1:00:31:
         0f:06:a9:19:3f:69:66:fe:f8:4c:a5:07:00:fc:79:17:d9:a0:
         eb:3f:61:0b:0e:d6:12:ed:23:2d:1c:e3:88:df:b5:25:46:18:
         ee:f2:ea:2f:71:1a:fe:0c:85:82:f2:04:ec:53:b7:87:1f:e6:
         65:ee:61:d7:ba:74:39:c1:c7:5d:d7:ca:04:91:6f:35:3d:b9:
         9c:29:93:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZebwxhSQVKN32ary6pqsJOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNjIzMDc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDZlNmI5OGJkNmU0MjA3NGM0ODM0ZTYyOTNjNGIwZWU2ZmQ0NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aNJgyciRD00C2Vgv/hUfPZ5oAg4
1A5CRPAEo4jaZK/ya9988WDpZ/LEeCfY8x8uOAULyEkBcVEWBI5qAqzMV4EvO3us
LA8zp8Q/9xQA96kI8OZBHKhyqBDCRmK4Ah24q+w+623bVYgOsfMkJFv32b4+YNHg
oTMm4LLOxlxD+3f5P+lpQVvzA3gto1FYqw/5qs6q4WX48hk0HvGif+vfKvbybbh1
f+AszrGSK+5XEur7GbPaVLzvgmYr9+4JwD37QMM5uTmZabLRVSaNrT9BBED80M8a
hgjcWHjlu3cmK/736llYAyrhm/Lq+7S+pL7JOIBkTD0cYP1pQydx14E5MQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK1ua5i9bkIHTEg05ik8Sw7m/UceMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvclc1cm1MMXVRZ2RNU0RUbUtUeExEdWI5Ung0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAToBzAwQA
To4JAwQAT3xOMA0GCSqGSIb3DQEBCwUAA4IBAQBkHsss5WM6/+tB68I6HRZIkAAE
XOLTJcxrGg1Xrx+pfdJ5fWEhJy5Hv34HWqr+mU7Sf3lQYHPVQIwyibx99QWGe3NG
C5sjqvsKJM3Kop2m0/1b4ycU2kCYtvakY7CuGl+xJxaykgFVFYMkExeoJP6YKeTC
Y9Dx9TjRdMQSnpghuyTtcFwGuQvmpPfQzocw8PKDZyiqyEkFIKBodmTNznagG2QF
kEEWQ6uQ9bY2+mJ3dDnRADEPBqkZP2lm/vhMpQcA/HkX2aDrP2ELDtYS7SMtHOOI
37UlRhju8uovcRr+DIWC8gTsU7eHH+Zl7mHXunQ5wcdd18oEkW81PbmcKZMq
-----END CERTIFICATE-----