Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/EXso7tzCAhfaJCky2E8mk6hxz0E.roa
File:                     EXso7tzCAhfaJCky2E8mk6hxz0E.roa (raw, json)
Hash identifier:          9/wsiraIK6tEnjIhsMzkIKM5OLlXL/pBel2txdfmR1w=
Subject key identifier:   11:7B:28:EE:DC:C2:02:17:DA:24:29:32:D8:4F:26:93:A8:71:CF:41
Certificate issuer:       /CN=d58214cfa326611e9d494135a12ce8276f0f1784
Certificate serial:       0197F96004329C8C35F6B226E733E9987360
Authority key identifier: D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/EXso7tzCAhfaJCky2E8mk6hxz0E.roa
Signing time:             Fri 11 Jul 2025 12:05:08 +0000
ROA not before:           Fri 11 Jul 2025 12:05:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216423
IP address blocks:        178.219.157.0/24 maxlen: 24
                          178.219.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:60:04:32:9c:8c:35:f6:b2:26:e7:33:e9:98:73:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58214cfa326611e9d494135a12ce8276f0f1784
        Validity
            Not Before: Jul 11 12:05:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=117b28eedcc20217da242932d84f2693a871cf41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bd:f7:37:51:7b:e1:c4:35:97:4d:ee:97:70:
                    bb:0a:7b:ac:a6:01:6a:a8:76:7c:89:91:c0:e3:22:
                    f6:36:b3:30:01:9d:eb:d6:a4:10:a1:e2:35:bd:16:
                    97:00:ce:1d:91:15:d4:b3:dc:36:07:f4:1c:0b:c1:
                    83:f4:36:e7:c4:09:07:70:0f:6c:a0:5d:aa:fa:9e:
                    2c:bf:65:2a:0b:0f:2e:0b:d9:68:5e:29:23:03:f8:
                    dc:ed:40:bb:ce:ab:72:5d:cd:75:46:43:96:c8:45:
                    ec:d6:cd:ce:a5:36:4f:33:c4:e6:2f:e3:e6:8a:9f:
                    3c:c6:78:55:5a:e2:6c:ee:87:05:e6:23:cf:29:ce:
                    fe:91:80:52:34:41:91:a7:05:06:96:df:6f:77:c6:
                    37:f9:ea:0f:f2:8a:1e:62:81:a0:b6:1e:76:2c:de:
                    78:20:00:25:14:20:b9:1d:9f:64:f8:6f:4d:0c:2a:
                    0d:b9:2c:e9:d3:5d:ef:42:7f:0a:32:84:67:c5:76:
                    28:12:8c:4b:6e:e3:56:d9:a3:e2:78:43:51:2b:51:
                    8d:f3:56:7e:e2:f2:77:6f:a2:8d:47:59:be:6d:f8:
                    7e:93:fa:88:eb:55:6d:d4:05:28:13:f8:57:2e:32:
                    cb:bd:98:46:17:dd:f4:ef:77:99:69:2d:aa:20:1c:
                    53:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7B:28:EE:DC:C2:02:17:DA:24:29:32:D8:4F:26:93:A8:71:CF:41
            X509v3 Authority Key Identifier:
                keyid:D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/EXso7tzCAhfaJCky2E8mk6hxz0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.157.0-178.219.158.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:7d:d0:41:29:28:ed:69:6b:fb:d7:a8:f9:06:0f:71:72:b3:
         2d:68:e4:4d:e3:66:8e:31:d8:02:c6:d6:81:c0:fa:8a:32:41:
         04:39:0e:91:25:04:66:f2:54:54:10:6f:22:94:e1:86:30:74:
         be:1f:47:88:8e:f8:85:64:13:23:96:3b:ea:c2:87:15:7e:ea:
         c7:9a:e9:5d:e1:fd:84:a5:8a:97:90:4f:eb:d2:37:0c:aa:2a:
         9a:86:b6:1c:ae:5f:83:96:75:05:a2:53:b8:6a:92:4b:59:b2:
         6a:ee:0e:61:1c:5d:d8:63:55:61:25:6a:49:fc:93:99:4e:cf:
         9e:ff:4f:74:31:f0:5a:08:74:f8:ec:68:d1:59:01:94:b5:75:
         3a:40:b5:f2:7c:d8:f8:85:f7:42:eb:91:8d:c4:9f:d2:10:6a:
         23:e2:18:98:dc:3b:6b:f6:ba:37:0d:21:8a:04:29:67:4d:ad:
         e1:ad:e7:66:5e:b4:b2:28:12:76:3f:e4:96:d5:b1:71:5f:3a:
         82:13:fa:58:a7:5f:ca:d4:9f:2c:9e:5a:c0:56:fe:d9:60:14:
         30:6b:10:ef:16:62:3b:ea:1c:a4:a5:56:90:ac:da:32:7d:32:
         df:6c:91:b1:81:a3:b7:88:0f:49:87:06:0e:60:62:93:06:d5:
         3c:d1:24:24
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf5YAQynIw19rIm5zPpmHNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODIxNGNmYTMyNjYxMWU5ZDQ5NDEzNWExMmNlODI3NmYw
ZjE3ODQwHhcNMjUwNzExMTIwNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdiMjhlZWRjYzIwMjE3ZGEyNDI5MzJkODRmMjY5M2E4NzFjZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur33N1F74cQ1l03ul3C7CnuspgFq
qHZ8iZHA4yL2NrMwAZ3r1qQQoeI1vRaXAM4dkRXUs9w2B/QcC8GD9DbnxAkHcA9s
oF2q+p4sv2UqCw8uC9loXikjA/jc7UC7zqtyXc11RkOWyEXs1s3OpTZPM8TmL+Pm
ip88xnhVWuJs7ocF5iPPKc7+kYBSNEGRpwUGlt9vd8Y3+eoP8ooeYoGgth52LN54
IAAlFCC5HZ9k+G9NDCoNuSzp013vQn8KMoRnxXYoEoxLbuNW2aPieENRK1GN81Z+
4vJ3b6KNR1m+bfh+k/qI61Vt1AUoE/hXLjLLvZhGF93073eZaS2qIBxT1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBF7KO7cwgIX2iQpMthPJpOocc9BMB8GA1UdIwQY
MBaAFNWCFM+jJmEenUlBNaEs6CdvDxeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQt
MTA3OWQ1NWFlZTkxLzEvRVhzbzd0ekNBaGZhSkNreTJFOG1rNmh4ejBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQtMTA3OWQ1NWFlZTkx
LzEvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACy250D
BACy254wDQYJKoZIhvcNAQELBQADggEBAJt90EEpKO1pa/vXqPkGD3Fysy1o5E3j
Zo4x2ALG1oHA+ooyQQQ5DpElBGbyVFQQbyKU4YYwdL4fR4iO+IVkEyOWO+rChxV+
6sea6V3h/YSlipeQT+vSNwyqKpqGthyuX4OWdQWiU7hqkktZsmruDmEcXdhjVWEl
akn8k5lOz57/T3Qx8FoIdPjsaNFZAZS1dTpAtfJ82PiF90LrkY3En9IQaiPiGJjc
O2v2ujcNIYoEKWdNreGt52ZetLIoEnY/5JbVsXFfOoIT+linX8rUnyyeWsBW/tlg
FDBrEO8WYjvqHKSlVpCs2jJ9Mt9skbGBo7eID0mHBg5gYpMG1TzRJCQ=
-----END CERTIFICATE-----