Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/B5mgROa_HhZghovwN5tBttE8vQ4.roa
File:                     B5mgROa_HhZghovwN5tBttE8vQ4.roa (raw, json)
Hash identifier:          htlrxZ1Q52aR4gDDugtXWGZbxc/WBqlk8qnt1UWg1Vo=
Subject key identifier:   07:99:A0:44:E6:BF:1E:16:60:86:8B:F0:37:9B:41:B6:D1:3C:BD:0E
Certificate issuer:       /CN=d58214cfa326611e9d494135a12ce8276f0f1784
Certificate serial:       019B79ED01646DCCC666EB852490A2D5528C
Authority key identifier: D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/B5mgROa_HhZghovwN5tBttE8vQ4.roa
Signing time:             Thu 01 Jan 2026 14:18:54 +0000
ROA not before:           Thu 01 Jan 2026 14:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208780
IP address blocks:        178.219.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:01:64:6d:cc:c6:66:eb:85:24:90:a2:d5:52:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58214cfa326611e9d494135a12ce8276f0f1784
        Validity
            Not Before: Jan  1 14:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0799a044e6bf1e1660868bf0379b41b6d13cbd0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:80:ea:89:fd:c4:8d:9e:24:cd:6c:69:29:43:
                    ba:e5:67:fd:96:3f:e5:b4:e3:67:af:bc:c5:fc:e1:
                    83:5c:42:4b:e2:02:7e:87:b3:23:61:03:6a:aa:53:
                    f9:47:d8:9e:6a:17:00:32:5b:45:01:72:f2:bc:82:
                    e5:83:d1:95:a9:60:fc:eb:a9:32:30:54:0d:03:da:
                    84:67:14:9c:83:45:9e:46:e6:1f:2c:02:56:9d:2c:
                    21:bb:5c:e8:81:1d:d2:42:1d:b8:54:f4:77:c0:72:
                    7b:bc:c2:84:36:1a:81:d7:ff:ff:80:98:f7:b1:c2:
                    8d:7e:b4:fc:b4:b8:12:e0:fd:06:42:8b:ab:ef:b1:
                    60:23:87:78:4d:32:0a:a2:8e:33:c6:9b:1d:16:60:
                    9b:78:ff:af:d3:62:d8:d3:c7:a5:f5:61:2a:dc:d8:
                    52:a2:84:00:b8:f7:6f:38:69:5b:ce:84:c6:ee:98:
                    05:ce:5b:eb:d3:6b:a6:df:1a:86:75:1e:55:79:8b:
                    e7:31:be:25:d9:6d:52:e5:d4:c4:b8:99:ef:bd:12:
                    d0:ab:23:43:4e:50:c8:cb:e1:43:08:76:90:2b:5c:
                    51:b5:73:86:20:1f:39:f4:5a:96:28:5a:1d:aa:75:
                    ff:2b:e1:87:36:3c:8b:a1:bb:a0:6a:52:46:9f:fe:
                    b4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:99:A0:44:E6:BF:1E:16:60:86:8B:F0:37:9B:41:B6:D1:3C:BD:0E
            X509v3 Authority Key Identifier:
                keyid:D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/B5mgROa_HhZghovwN5tBttE8vQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:5a:5e:b9:a0:af:c0:3e:df:89:64:fd:79:d2:77:9d:2c:f7:
         3e:16:09:bc:ba:dc:b0:18:d1:30:7e:d9:12:b3:55:e8:d1:e2:
         77:b6:64:89:86:79:8e:18:f5:0a:2b:65:ce:b1:13:b7:30:cd:
         d8:28:83:92:11:3b:c5:b0:e7:3a:db:91:04:fb:ba:26:88:31:
         a7:3d:f1:04:8b:80:19:77:fd:01:0d:66:6f:30:65:db:7e:44:
         37:4c:16:39:9b:ee:a8:02:21:57:84:64:c1:83:9e:1b:f3:1a:
         fa:99:d9:78:f6:f8:f3:99:06:a2:84:1b:24:eb:71:77:65:98:
         17:5e:0e:cc:63:45:82:ed:6e:eb:dc:c1:cc:1b:13:b0:68:2d:
         9f:2e:2e:9b:a5:fa:75:f9:aa:6a:f6:b7:5a:90:ef:56:37:c9:
         bb:0c:f3:bf:e3:d8:f7:56:0d:60:05:5d:fe:44:77:4d:dd:49:
         e4:b0:ed:b2:c9:ba:71:8c:26:3d:49:5f:cf:69:ba:d7:72:f0:
         f8:97:83:51:6b:0c:5a:bb:3f:c6:b2:ea:94:dc:00:5c:8e:ee:
         69:86:f6:45:db:10:b1:15:f0:2b:26:25:a1:2b:cb:e3:ad:e1:
         4a:ff:d6:fa:d5:29:60:4e:1d:18:ba:52:73:36:e5:09:48:75:
         7a:95:fa:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57QFkbczGZuuFJJCi1VKMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODIxNGNmYTMyNjYxMWU5ZDQ5NDEzNWExMmNlODI3NmYw
ZjE3ODQwHhcNMjYwMTAxMTQxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk5YTA0NGU2YmYxZTE2NjA4NjhiZjAzNzliNDFiNmQxM2NiZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YDqif3EjZ4kzWxpKUO65Wf9lj/l
tONnr7zF/OGDXEJL4gJ+h7MjYQNqqlP5R9ieahcAMltFAXLyvILlg9GVqWD866ky
MFQNA9qEZxScg0WeRuYfLAJWnSwhu1zogR3SQh24VPR3wHJ7vMKENhqB1///gJj3
scKNfrT8tLgS4P0GQour77FgI4d4TTIKoo4zxpsdFmCbeP+v02LY08el9WEq3NhS
ooQAuPdvOGlbzoTG7pgFzlvr02um3xqGdR5VeYvnMb4l2W1S5dTEuJnvvRLQqyND
TlDIy+FDCHaQK1xRtXOGIB859FqWKFodqnX/K+GHNjyLobugalJGn/60AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeZoETmvx4WYIaL8DebQbbRPL0OMB8GA1UdIwQY
MBaAFNWCFM+jJmEenUlBNaEs6CdvDxeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQt
MTA3OWQ1NWFlZTkxLzEvQjVtZ1JPYV9IaFpnaG92d041dEJ0dEU4dlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQtMTA3OWQ1NWFlZTkx
LzEvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstuZMA0G
CSqGSIb3DQEBCwUAA4IBAQAiWl65oK/APt+JZP150nedLPc+Fgm8utywGNEwftkS
s1Xo0eJ3tmSJhnmOGPUKK2XOsRO3MM3YKIOSETvFsOc625EE+7omiDGnPfEEi4AZ
d/0BDWZvMGXbfkQ3TBY5m+6oAiFXhGTBg54b8xr6mdl49vjzmQaihBsk63F3ZZgX
Xg7MY0WC7W7r3MHMGxOwaC2fLi6bpfp1+apq9rdakO9WN8m7DPO/49j3Vg1gBV3+
RHdN3UnksO2yybpxjCY9SV/PabrXcvD4l4NRawxauz/GsuqU3ABcju5phvZF2xCx
FfArJiWhK8vjreFK/9b61SlgTh0YulJzNuUJSHV6lfpM
-----END CERTIFICATE-----