Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/6fueTwx89YJUS6Dpp5Y2h_u_XrU.roa
File:                     6fueTwx89YJUS6Dpp5Y2h_u_XrU.roa (raw, json)
Hash identifier:          lzYvahX3CMPBOibhapx+4QK+QwG3tziddPkBj6Q8iy8=
Subject key identifier:   E9:FB:9E:4F:0C:7C:F5:82:54:4B:A0:E9:A7:96:36:87:FB:BF:5E:B5
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019D19A35E2EC66A15EC3DF800EE7212A36B
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/6fueTwx89YJUS6Dpp5Y2h_u_XrU.roa
Signing time:             Mon 23 Mar 2026 07:40:30 +0000
ROA not before:           Mon 23 Mar 2026 07:40:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208220
IP address blocks:        78.159.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:a3:5e:2e:c6:6a:15:ec:3d:f8:00:ee:72:12:a3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Mar 23 07:40:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9fb9e4f0c7cf582544ba0e9a7963687fbbf5eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2c:36:6c:54:35:81:78:19:16:3c:02:cb:1c:
                    a1:82:56:3a:0a:3c:38:fb:fb:f9:90:aa:a1:f2:fe:
                    f0:dc:4d:54:2c:f2:d2:60:83:cf:56:fd:be:c7:72:
                    6a:63:0b:be:e4:38:6f:06:72:ef:42:23:fd:89:ff:
                    34:38:7c:b8:37:6f:cb:84:cd:b9:e2:30:55:47:4c:
                    f4:d8:dd:45:34:79:31:79:8f:af:b4:4b:c5:eb:2a:
                    c9:d2:fb:c6:a8:6f:01:96:3c:c0:a7:29:7b:ee:70:
                    15:d8:7f:88:9a:5f:2d:13:88:35:3f:17:11:22:da:
                    1f:c7:df:05:a5:44:32:d8:e4:61:fe:99:9b:bb:19:
                    6e:74:32:06:3f:5c:81:15:2b:be:1a:a6:e9:02:ef:
                    2d:74:94:64:d1:72:e3:f5:67:83:45:f4:38:91:10:
                    82:d8:1c:12:b6:85:27:77:82:d3:dc:64:11:eb:5e:
                    a6:7d:f4:ba:84:a7:a6:cd:ae:8a:d2:8a:21:6e:09:
                    46:a0:6c:39:f8:3b:93:6f:6f:3a:cd:b6:9a:ec:7b:
                    ab:43:ab:da:18:ef:0a:de:ad:8f:00:d3:d3:c2:dc:
                    49:0c:42:2d:ac:ad:36:19:97:7d:0e:00:f5:60:29:
                    46:86:1a:65:b0:04:18:45:70:6d:04:b6:82:1d:a3:
                    9f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FB:9E:4F:0C:7C:F5:82:54:4B:A0:E9:A7:96:36:87:FB:BF:5E:B5
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/6fueTwx89YJUS6Dpp5Y2h_u_XrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:85:4f:9f:05:40:e7:39:e7:2b:e4:ce:e2:51:74:ef:c8:d9:
         4d:af:b4:60:e7:0e:75:cd:41:a7:6f:ff:33:37:f6:fe:b7:bc:
         df:d2:df:94:91:20:b4:32:75:51:75:e1:49:7f:c4:a5:63:b0:
         4f:24:47:03:38:b6:b8:5f:8a:81:47:e1:cd:3c:a5:d0:8e:b8:
         c1:d1:45:9a:a8:1d:ef:93:e0:83:0c:c2:a0:62:8f:20:3e:1e:
         17:f2:ee:d2:49:d5:66:17:de:54:72:36:41:69:93:56:21:25:
         97:bf:77:6d:b4:1d:45:86:34:40:49:c0:e9:2c:a1:47:d4:61:
         56:2a:58:58:05:91:17:d4:b8:e7:57:29:58:c2:ff:40:5e:14:
         f2:3f:94:98:ab:ae:72:58:ad:b3:83:89:d9:f9:a2:a6:5b:d2:
         59:cb:4e:c7:f5:19:e8:56:b2:38:00:39:94:54:b4:ba:29:55:
         43:59:d3:cc:d3:eb:a3:4f:f9:3b:65:d0:ca:c6:99:39:17:3e:
         ce:60:0a:c5:d8:79:87:08:8b:fe:8c:e6:5c:c1:a5:62:06:41:
         8e:bf:6d:b4:47:f5:36:1f:e5:29:ae:fd:56:87:dd:68:9c:7c:
         26:9f:2c:8d:60:2d:30:61:3a:de:01:ed:57:89:db:de:e0:3b:
         78:93:55:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Zo14uxmoV7D34AO5yEqNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMzIzMDc0MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZiOWU0ZjBjN2NmNTgyNTQ0YmEwZTlhNzk2MzY4N2ZiYmY1ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Cw2bFQ1gXgZFjwCyxyhglY6Cjw4
+/v5kKqh8v7w3E1ULPLSYIPPVv2+x3JqYwu+5DhvBnLvQiP9if80OHy4N2/LhM25
4jBVR0z02N1FNHkxeY+vtEvF6yrJ0vvGqG8BljzApyl77nAV2H+Iml8tE4g1PxcR
Itofx98FpUQy2ORh/pmbuxludDIGP1yBFSu+GqbpAu8tdJRk0XLj9WeDRfQ4kRCC
2BwStoUnd4LT3GQR616mffS6hKemza6K0oohbglGoGw5+DuTb286zbaa7HurQ6va
GO8K3q2PANPTwtxJDEItrK02GZd9DgD1YClGhhplsAQYRXBtBLaCHaOfDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn7nk8MfPWCVEug6aeWNof7v161MB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvNmZ1ZVR3eDg5WUpVUzZEcHA1WTJoX3VfWHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATp+cMA0G
CSqGSIb3DQEBCwUAA4IBAQBuhU+fBUDnOecr5M7iUXTvyNlNr7Rg5w51zUGnb/8z
N/b+t7zf0t+UkSC0MnVRdeFJf8SlY7BPJEcDOLa4X4qBR+HNPKXQjrjB0UWaqB3v
k+CDDMKgYo8gPh4X8u7SSdVmF95UcjZBaZNWISWXv3dttB1FhjRAScDpLKFH1GFW
KlhYBZEX1LjnVylYwv9AXhTyP5SYq65yWK2zg4nZ+aKmW9JZy07H9RnoVrI4ADmU
VLS6KVVDWdPM0+ujT/k7ZdDKxpk5Fz7OYArF2HmHCIv+jOZcwaViBkGOv220R/U2
H+Uprv1Wh91onHwmnyyNYC0wYTreAe1Xidve4Dt4k1Wo
-----END CERTIFICATE-----