Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVFwHTvrBr3MaaT1GxfwFhQwlgc.roa
File:                     aVFwHTvrBr3MaaT1GxfwFhQwlgc.roa (raw, json)
Hash identifier:          Jx28FX3SHYUfXV2//LO+eZWptV/ZkvXBO4d6ecz0axc=
Subject key identifier:   69:51:70:1D:3B:EB:06:BD:CC:69:A4:F5:1B:17:F0:16:14:30:96:07
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01981F394D0A24A17CBB38E4664E09D42827
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVFwHTvrBr3MaaT1GxfwFhQwlgc.roa
Signing time:             Fri 18 Jul 2025 20:28:25 +0000
ROA not before:           Fri 18 Jul 2025 20:28:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329007
IP address blocks:        77.246.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1f:39:4d:0a:24:a1:7c:bb:38:e4:66:4e:09:d4:28:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jul 18 20:28:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6951701d3beb06bdcc69a4f51b17f01614309607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ed:98:cb:6f:dc:23:6e:c6:73:3b:d2:76:3f:
                    4f:9b:19:1f:63:2b:5b:03:e1:46:b2:d0:e4:4f:cb:
                    fa:3e:eb:4d:8d:00:ec:6f:f1:a5:f7:dd:bd:02:66:
                    d5:b4:da:93:5b:12:e8:f4:ed:71:c3:0b:b5:ea:34:
                    97:e2:33:18:9d:c9:1a:e1:33:e2:7c:cf:4e:df:20:
                    fc:0e:c0:22:0d:f9:8f:8b:ce:67:97:f0:32:96:b8:
                    d9:18:87:a1:f0:03:40:74:44:6e:af:d8:d6:c9:af:
                    9e:78:7e:6a:f7:90:67:62:23:f2:57:69:e8:61:de:
                    98:5b:bb:bc:6b:a9:ca:7a:50:c2:e2:1d:5c:9e:aa:
                    95:89:9b:4b:40:7b:95:a3:2b:42:1c:27:ab:0f:55:
                    8b:e1:75:3c:34:08:6c:46:f1:77:66:88:40:e1:57:
                    ee:31:71:4a:a1:e0:b5:f1:8e:27:41:62:e3:c5:50:
                    a5:54:e6:53:98:e3:1d:5a:3d:6a:14:b4:f2:f9:62:
                    40:c2:cd:de:10:a2:a7:14:0f:30:f3:a8:e0:80:f5:
                    70:21:24:4c:67:c6:cf:d5:d0:35:c9:16:eb:61:e9:
                    c3:99:31:d9:d7:9d:e8:35:ed:65:7f:2b:a0:29:ab:
                    fd:b4:e9:08:b2:0b:84:72:30:f1:33:a6:0e:9f:0e:
                    f9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:51:70:1D:3B:EB:06:BD:CC:69:A4:F5:1B:17:F0:16:14:30:96:07
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/aVFwHTvrBr3MaaT1GxfwFhQwlgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ea:42:c7:3d:61:1d:13:85:c1:02:ab:d2:e5:48:c2:3f:15:
         f3:16:cb:49:ee:89:4b:7a:43:14:42:ca:43:e8:03:15:18:e1:
         a6:e9:24:2e:c5:21:2a:8d:64:61:7f:f1:19:e3:6e:3e:03:e3:
         dd:a1:5b:a0:92:4e:ef:c2:85:03:53:a0:9d:75:8e:de:51:12:
         08:e8:b7:d3:90:df:18:aa:4e:71:ad:9a:c4:f3:57:96:a2:4f:
         bd:5c:8b:06:a2:53:db:1c:83:96:eb:a6:4b:09:4d:d5:35:c2:
         ee:82:1a:b2:a1:a7:a1:de:b6:bb:d4:f3:6c:4c:6e:9f:32:59:
         29:2f:21:51:39:ea:3e:16:09:7b:f9:c8:0d:f2:6a:40:8b:68:
         34:6b:ad:6c:57:8d:35:94:39:f4:1e:26:1c:f3:6e:d0:1d:30:
         12:d7:1c:ac:d4:4f:70:e5:28:b4:3e:3d:c4:d3:6c:33:bf:1e:
         78:3f:c1:82:2e:cd:08:5c:e3:26:47:9b:99:57:de:5f:7c:46:
         15:be:a4:ad:cc:93:d1:01:58:1f:87:1a:64:db:27:92:fd:2f:
         c2:11:15:58:e5:3a:53:88:86:f3:ba:f8:a7:09:eb:d9:c0:4d:
         34:30:96:31:84:ef:85:77:96:77:af:35:fb:1b:fd:4c:b2:e3:
         fd:17:8d:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgfOU0KJKF8uzjkZk4J1CgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwNzE4MjAyODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTUxNzAxZDNiZWIwNmJkY2M2OWE0ZjUxYjE3ZjAxNjE0MzA5NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+2Yy2/cI27GczvSdj9PmxkfYytb
A+FGstDkT8v6PutNjQDsb/Gl9929AmbVtNqTWxLo9O1xwwu16jSX4jMYncka4TPi
fM9O3yD8DsAiDfmPi85nl/AylrjZGIeh8ANAdERur9jWya+eeH5q95BnYiPyV2no
Yd6YW7u8a6nKelDC4h1cnqqViZtLQHuVoytCHCerD1WL4XU8NAhsRvF3ZohA4Vfu
MXFKoeC18Y4nQWLjxVClVOZTmOMdWj1qFLTy+WJAws3eEKKnFA8w86jggPVwISRM
Z8bP1dA1yRbrYenDmTHZ153oNe1lfyugKav9tOkIsguEcjDxM6YOnw75/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlRcB076wa9zGmk9RsX8BYUMJYHMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvYVZGd0hUdnJCcjNNYWFUMUd4ZndGaFF3bGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBz6kLHPWEdE4XBAqvS5UjCPxXzFstJ7olLekMUQspD
6AMVGOGm6SQuxSEqjWRhf/EZ424+A+PdoVugkk7vwoUDU6CddY7eURII6LfTkN8Y
qk5xrZrE81eWok+9XIsGolPbHIOW66ZLCU3VNcLughqyoaeh3ra71PNsTG6fMlkp
LyFROeo+Fgl7+cgN8mpAi2g0a61sV401lDn0HiYc827QHTAS1xys1E9w5Si0Pj3E
02wzvx54P8GCLs0IXOMmR5uZV95ffEYVvqStzJPRAVgfhxpk2yeS/S/CERVY5TpT
iIbzuvinCevZwE00MJYxhO+Fd5Z3rzX7G/1MsuP9F41e
-----END CERTIFICATE-----