Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/JXgg0_l5GaO7jP1zJeiTZnzRqjE.roa
File:                     JXgg0_l5GaO7jP1zJeiTZnzRqjE.roa (raw, json)
Hash identifier:          4YX6bHKXPEIoYDxsMxDe1UOLGJ38lDkQmJub7lQqJ88=
Subject key identifier:   25:78:20:D3:F9:79:19:A3:BB:8C:FD:73:25:E8:93:66:7C:D1:AA:31
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       019696FF85D11728C1DF2DE285158685FC0C
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/JXgg0_l5GaO7jP1zJeiTZnzRqjE.roa
Signing time:             Sat 03 May 2025 16:34:10 +0000
ROA not before:           Sat 03 May 2025 16:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        178.236.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 20:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:96:ff:85:d1:17:28:c1:df:2d:e2:85:15:86:85:fc:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: May  3 16:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=257820d3f97919a3bb8cfd7325e893667cd1aa31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f3:14:a0:a4:82:c7:25:68:59:da:ac:ad:98:
                    10:58:43:bc:10:76:2b:d3:6c:e7:40:9e:66:83:8b:
                    c2:8b:51:55:38:a3:6d:fd:53:c1:1d:d3:41:64:93:
                    17:b5:ed:03:33:35:e6:5e:fb:16:7b:0a:4f:1c:69:
                    93:f7:35:b1:30:e6:16:eb:f5:cc:6b:02:11:98:c1:
                    58:30:5a:6b:98:13:92:67:08:a3:d5:26:08:7d:46:
                    5f:71:d7:e1:4c:4b:f2:7f:da:26:fb:00:3d:f6:61:
                    87:5f:ba:d5:59:c1:28:3f:92:7b:f0:6c:76:b5:33:
                    5e:6b:91:b3:d4:11:22:9d:7d:81:f0:57:c9:9c:58:
                    a6:98:ca:f7:df:df:15:5b:9c:09:94:9e:37:26:57:
                    60:0a:95:e6:22:38:7e:f8:25:d2:b9:8d:66:0a:09:
                    78:f1:36:45:8c:d8:c8:e5:0e:68:d0:42:4c:61:19:
                    93:fd:7a:a0:d6:26:1a:e3:07:cf:a4:79:82:e8:9a:
                    dc:b8:ad:b7:6a:4e:2b:23:0a:83:77:80:54:0e:14:
                    1e:87:ec:80:a4:7c:01:3a:b6:9f:4a:5e:46:3c:20:
                    16:6b:90:d7:f5:8b:cc:a9:fc:5b:76:f0:ea:e1:5c:
                    03:8b:a7:99:66:08:90:63:ec:bb:9d:ab:72:12:32:
                    17:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:78:20:D3:F9:79:19:A3:BB:8C:FD:73:25:E8:93:66:7C:D1:AA:31
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/JXgg0_l5GaO7jP1zJeiTZnzRqjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:d5:16:f2:f5:6d:21:87:5e:d8:1f:7a:be:8f:a0:1d:b1:69:
         f5:c7:db:2c:e2:41:84:30:ce:af:ab:f8:79:07:f5:38:dd:98:
         b8:35:f1:0b:12:59:f9:1d:34:5d:03:05:16:ef:cd:e2:72:92:
         e3:40:e5:61:b9:88:50:41:cd:d5:84:58:82:51:82:fa:97:15:
         12:7a:b9:33:c3:7e:cd:af:1f:0f:04:5a:a5:5e:91:a5:8b:89:
         c4:18:08:68:22:c9:f3:22:91:da:ff:a8:fc:59:43:d0:4f:f0:
         ba:16:4a:4f:43:53:d0:b5:8d:6d:56:66:39:fe:b3:03:ef:90:
         40:84:03:d4:c7:c5:1e:0d:a3:99:1b:1f:86:a7:f2:65:7a:62:
         28:87:44:51:19:79:86:bf:7a:8c:f8:bc:d2:b9:1b:41:a7:aa:
         15:79:be:76:ac:22:f8:53:dd:7c:48:3f:41:aa:2a:58:be:81:
         87:f0:fe:0c:23:a1:c3:c3:c1:74:03:5b:f5:de:ae:41:74:f3:
         00:2c:71:05:3d:af:02:af:66:7c:e7:ec:6c:b1:d4:f1:78:8d:
         b1:af:fc:86:b1:6d:ba:4e:4d:14:c0:ff:35:d5:40:45:06:d3:
         af:ad:c5:fe:dd:b2:99:bf:21:69:c6:cf:c1:40:e2:69:6e:4f:
         ed:9a:ca:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaW/4XRFyjB3y3ihRWGhfwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjUwNTAzMTYzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc4MjBkM2Y5NzkxOWEzYmI4Y2ZkNzMyNWU4OTM2NjdjZDFhYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vMUoKSCxyVoWdqsrZgQWEO8EHYr
02znQJ5mg4vCi1FVOKNt/VPBHdNBZJMXte0DMzXmXvsWewpPHGmT9zWxMOYW6/XM
awIRmMFYMFprmBOSZwij1SYIfUZfcdfhTEvyf9om+wA99mGHX7rVWcEoP5J78Gx2
tTNea5Gz1BEinX2B8FfJnFimmMr3398VW5wJlJ43JldgCpXmIjh++CXSuY1mCgl4
8TZFjNjI5Q5o0EJMYRmT/Xqg1iYa4wfPpHmC6JrcuK23ak4rIwqDd4BUDhQeh+yA
pHwBOrafSl5GPCAWa5DX9YvMqfxbdvDq4VwDi6eZZgiQY+y7natyEjIX8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV4INP5eRmju4z9cyXok2Z80aoxMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvSlhnZzBfbDVHYU83alAxekplaVRabnpScWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuz+MA0G
CSqGSIb3DQEBCwUAA4IBAQC31Rby9W0hh17YH3q+j6AdsWn1x9ss4kGEMM6vq/h5
B/U43Zi4NfELEln5HTRdAwUW783icpLjQOVhuYhQQc3VhFiCUYL6lxUSerkzw37N
rx8PBFqlXpGli4nEGAhoIsnzIpHa/6j8WUPQT/C6FkpPQ1PQtY1tVmY5/rMD75BA
hAPUx8UeDaOZGx+Gp/JlemIoh0RRGXmGv3qM+LzSuRtBp6oVeb52rCL4U918SD9B
qipYvoGH8P4MI6HDw8F0A1v13q5BdPMALHEFPa8Cr2Z85+xssdTxeI2xr/yGsW26
Tk0UwP811UBFBtOvrcX+3bKZvyFpxs/BQOJpbk/tmspr
-----END CERTIFICATE-----