Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EZZjtsRZB4At2QcIZcqmfQeU5tg.roa
File:                     EZZjtsRZB4At2QcIZcqmfQeU5tg.roa (raw, json)
Hash identifier:          vbbShe8wdndeEL7lS6dm5FZSSpF2qDaTf1tgRMD7QrU=
Subject key identifier:   11:96:63:B6:C4:59:07:80:2D:D9:07:08:65:CA:A6:7D:07:94:E6:D8
Certificate issuer:       /CN=10fe683b1d7e47b7c7eda15501627b70920853a1
Certificate serial:       01988B8809C3D480C9AE7F5D3B83BD1CE06B
Authority key identifier: 10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EZZjtsRZB4At2QcIZcqmfQeU5tg.roa
Signing time:             Fri 08 Aug 2025 21:13:24 +0000
ROA not before:           Fri 08 Aug 2025 21:13:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        158.94.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:8b:88:09:c3:d4:80:c9:ae:7f:5d:3b:83:bd:1c:e0:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10fe683b1d7e47b7c7eda15501627b70920853a1
        Validity
            Not Before: Aug  8 21:13:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=119663b6c45907802dd9070865caa67d0794e6d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0e:11:35:d4:3c:d6:33:cf:94:c4:f0:2f:bc:
                    43:cc:a3:0e:c0:a3:af:52:25:dc:fd:fd:ec:11:e6:
                    e9:6b:86:f2:2d:a2:81:aa:de:91:7e:50:74:85:ef:
                    1b:0b:57:cf:d1:46:31:a2:45:fb:4d:84:9a:87:2f:
                    46:63:14:a2:40:c5:00:19:d7:64:61:79:f1:ed:ab:
                    5e:8f:21:ce:52:a3:44:1b:00:8d:fc:7e:2d:a8:ec:
                    39:de:c3:e7:91:67:62:45:1f:b8:00:9a:79:e6:c1:
                    57:3f:80:15:b5:22:b1:49:2f:cb:fd:b7:2e:af:22:
                    d2:ea:46:35:86:68:fd:2b:4b:8a:7e:0e:e2:68:3b:
                    fe:cd:14:99:62:f0:0a:df:f7:6f:d6:21:bb:35:9d:
                    b2:e7:aa:73:af:98:36:92:48:84:12:6a:31:29:2e:
                    97:76:7c:5c:e0:3a:00:2d:20:79:23:b8:15:ab:7e:
                    6c:a3:3a:a2:aa:20:e6:72:ec:77:c7:52:7c:98:26:
                    e5:4e:d3:a2:8f:7a:ec:bd:29:a3:41:ef:88:8c:da:
                    de:bc:ac:7a:d9:11:b2:d1:e1:8f:42:fd:8d:3a:3c:
                    c0:cc:aa:22:f4:f4:3b:36:0e:f3:15:76:f8:4a:07:
                    d4:d9:e9:ff:18:16:1a:5e:8e:4f:ef:6d:b4:af:95:
                    9a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:96:63:B6:C4:59:07:80:2D:D9:07:08:65:CA:A6:7D:07:94:E6:D8
            X509v3 Authority Key Identifier:
                keyid:10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EZZjtsRZB4At2QcIZcqmfQeU5tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         ab:04:b7:4b:d0:17:94:a5:a9:d9:b2:bb:d4:aa:e1:f2:77:9e:
         ed:6e:81:1b:3a:51:ab:31:4e:1b:37:53:a7:09:fc:d6:d0:0d:
         a1:f1:1f:06:05:02:56:12:72:ac:cd:41:6d:00:2d:b2:df:d0:
         b5:4f:b5:f6:a7:6c:0f:4e:04:a8:32:ef:9b:23:13:7c:e1:80:
         92:64:77:dc:da:54:f8:8e:4d:cc:86:27:2c:ee:fa:59:0b:80:
         e8:e6:82:77:6c:3a:e3:f8:9a:74:4f:fd:11:45:79:e0:13:c9:
         e4:fe:ce:d5:08:a5:65:27:99:bc:3a:0e:7b:14:fb:28:a2:e3:
         65:c4:f9:fc:57:29:4f:72:59:29:79:6e:a2:03:4a:70:41:cc:
         6b:33:ee:14:45:e9:19:14:c8:ac:0b:6f:36:38:5a:e7:4f:63:
         8d:6a:52:21:bb:f7:ef:48:a0:39:ed:8b:2d:46:fb:31:78:d8:
         f8:ff:74:7b:a3:02:eb:35:f1:e6:d6:cd:ac:97:00:45:b2:95:
         c7:7b:32:29:20:fb:af:29:05:73:42:7e:29:da:1d:53:7f:88:
         61:7e:ae:c5:52:e1:91:f2:3e:e2:06:d7:b5:a7:c5:a7:46:b4:
         af:05:ea:ec:4b:c5:20:64:e2:fa:23:69:1e:f9:d6:82:1e:d0:
         c9:0e:af:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiLiAnD1IDJrn9dO4O9HOBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZmU2ODNiMWQ3ZTQ3YjdjN2VkYTE1NTAxNjI3YjcwOTIw
ODUzYTEwHhcNMjUwODA4MjExMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTk2NjNiNmM0NTkwNzgwMmRkOTA3MDg2NWNhYTY3ZDA3OTRlNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ4RNdQ81jPPlMTwL7xDzKMOwKOv
UiXc/f3sEebpa4byLaKBqt6RflB0he8bC1fP0UYxokX7TYSahy9GYxSiQMUAGddk
YXnx7atejyHOUqNEGwCN/H4tqOw53sPnkWdiRR+4AJp55sFXP4AVtSKxSS/L/bcu
ryLS6kY1hmj9K0uKfg7iaDv+zRSZYvAK3/dv1iG7NZ2y56pzr5g2kkiEEmoxKS6X
dnxc4DoALSB5I7gVq35sozqiqiDmcux3x1J8mCblTtOij3rsvSmjQe+IjNrevKx6
2RGy0eGPQv2NOjzAzKoi9PQ7Ng7zFXb4SgfU2en/GBYaXo5P7220r5WahQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGWY7bEWQeALdkHCGXKpn0HlObYMB8GA1UdIwQY
MBaAFBD+aDsdfke3x+2hVQFie3CSCFOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTIt
YzRiZWZiMjU2MjJjLzEvRVpaanRzUlpCNEF0MlFjSVpjcW1mUWVVNXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTItYzRiZWZiMjU2MjJj
LzEvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFnl6AMA0G
CSqGSIb3DQEBCwUAA4IBAQCrBLdL0BeUpanZsrvUquHyd57tboEbOlGrMU4bN1On
CfzW0A2h8R8GBQJWEnKszUFtAC2y39C1T7X2p2wPTgSoMu+bIxN84YCSZHfc2lT4
jk3Mhics7vpZC4Do5oJ3bDrj+Jp0T/0RRXngE8nk/s7VCKVlJ5m8Og57FPsoouNl
xPn8VylPclkpeW6iA0pwQcxrM+4URekZFMisC282OFrnT2ONalIhu/fvSKA57Yst
RvsxeNj4/3R7owLrNfHm1s2slwBFspXHezIpIPuvKQVzQn4p2h1Tf4hhfq7FUuGR
8j7iBte1p8WnRrSvBersS8UgZOL6I2ke+daCHtDJDq8r
-----END CERTIFICATE-----