Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RT8NkDnR1tDxvHYXGafjSLnASl8.roa
File:                     RT8NkDnR1tDxvHYXGafjSLnASl8.roa (raw, json)
Hash identifier:          iFdcR4BTntdaTDiIw6MbkCIn4/0B3ua6dyor3pDbBrs=
Subject key identifier:   45:3F:0D:90:39:D1:D6:D0:F1:BC:76:17:19:A7:E3:48:B9:C0:4A:5F
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DE475F75EDD399B91EB7443A649466A9D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RT8NkDnR1tDxvHYXGafjSLnASl8.roa
Signing time:             Fri 01 May 2026 16:53:49 +0000
ROA not before:           Fri 01 May 2026 16:53:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214083
IP address blocks:        77.105.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:75:f7:5e:dd:39:9b:91:eb:74:43:a6:49:46:6a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May  1 16:53:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=453f0d9039d1d6d0f1bc761719a7e348b9c04a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a9:42:8e:15:c9:05:d3:ca:91:95:c1:2c:25:
                    70:c4:b8:8c:2e:23:e4:d7:08:31:26:0b:a1:72:1b:
                    73:7b:e0:69:7c:95:aa:6d:42:5a:1d:3a:e4:ac:92:
                    76:97:ad:d2:f5:9e:e2:a0:e7:6a:07:c7:b6:3a:85:
                    e3:1d:8a:00:7c:cc:6d:3e:3b:e9:93:a8:c9:06:1c:
                    b1:8d:7d:7d:ec:85:ed:c3:e2:e9:72:cc:58:16:2e:
                    88:64:34:1f:9f:f7:49:be:51:44:34:d7:c7:e7:a6:
                    90:bf:ed:b0:3c:05:42:71:37:e7:92:45:e8:04:61:
                    22:db:d4:b4:7d:69:6a:05:08:b4:e0:32:7a:38:ed:
                    46:57:72:87:82:52:06:2f:87:69:83:f2:e6:c2:1d:
                    71:99:de:06:10:6e:bd:8d:64:dd:80:ce:87:d4:94:
                    90:fd:0f:b3:85:15:e8:f5:b1:95:72:0d:aa:30:0d:
                    b1:c5:9b:af:b2:c8:f0:64:99:7b:af:03:f6:0a:aa:
                    7c:0c:f7:e3:84:df:99:24:83:e9:31:04:9e:d9:22:
                    28:38:03:93:d7:57:bb:3d:21:c6:b5:23:a6:47:e7:
                    e6:e1:a1:e1:7b:10:d6:21:c1:4c:2c:c2:87:8d:24:
                    73:96:a9:8c:ec:f7:ff:de:d8:74:99:db:63:12:b1:
                    9d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:3F:0D:90:39:D1:D6:D0:F1:BC:76:17:19:A7:E3:48:B9:C0:4A:5F
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/RT8NkDnR1tDxvHYXGafjSLnASl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:a8:56:17:b9:ea:87:9b:7c:92:cb:b6:4f:05:33:47:87:39:
         9c:3f:fb:4d:14:7c:23:60:c8:e7:b4:93:ee:e0:eb:ef:cf:da:
         9a:55:b1:aa:d1:f7:8f:69:90:32:9a:12:09:2e:c5:e8:b9:6e:
         b0:f3:e3:34:ff:fd:1b:9e:8b:de:18:5c:b1:d7:a3:af:d3:a3:
         f0:d0:7b:e0:d4:4b:93:fc:b5:e5:51:23:79:84:b2:a4:e6:e5:
         7c:ef:66:fe:43:f1:17:6f:85:a7:42:c8:c9:d3:73:ed:aa:a8:
         f3:55:be:24:41:c2:ef:6d:7a:8a:0a:25:48:17:53:dc:9b:38:
         d2:b2:8a:98:26:69:c6:dc:ba:b2:a7:ee:50:df:52:e9:8c:bf:
         67:af:e4:57:c4:79:3c:e3:20:9a:cc:45:bf:2b:c3:ee:5d:ba:
         a8:1b:dd:08:13:02:34:b8:38:e7:e3:c7:b8:14:ee:c5:5b:b9:
         de:0f:9e:98:18:2c:36:b9:8a:b0:c8:31:45:87:7b:b8:cf:23:
         73:07:7c:c2:b5:df:90:eb:35:77:ae:51:53:c3:f3:74:69:97:
         fd:52:30:b3:48:33:71:47:dc:b8:0a:8a:0b:a6:09:57:d1:b6:
         7b:30:d9:15:dd:12:9f:fc:35:0e:08:91:11:4d:40:66:9e:ff:
         db:40:b5:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3kdfde3Tmbket0Q6ZJRmqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTAxMTY1MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTNmMGQ5MDM5ZDFkNmQwZjFiYzc2MTcxOWE3ZTM0OGI5YzA0YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6lCjhXJBdPKkZXBLCVwxLiMLiPk
1wgxJguhchtze+BpfJWqbUJaHTrkrJJ2l63S9Z7ioOdqB8e2OoXjHYoAfMxtPjvp
k6jJBhyxjX197IXtw+LpcsxYFi6IZDQfn/dJvlFENNfH56aQv+2wPAVCcTfnkkXo
BGEi29S0fWlqBQi04DJ6OO1GV3KHglIGL4dpg/Lmwh1xmd4GEG69jWTdgM6H1JSQ
/Q+zhRXo9bGVcg2qMA2xxZuvssjwZJl7rwP2Cqp8DPfjhN+ZJIPpMQSe2SIoOAOT
11e7PSHGtSOmR+fm4aHhexDWIcFMLMKHjSRzlqmM7Pf/3th0mdtjErGddQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEU/DZA50dbQ8bx2Fxmn40i5wEpfMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvUlQ4TmtEblIxdER4dkhZWEdhZmpTTG5BU2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWk9MA0G
CSqGSIb3DQEBCwUAA4IBAQAwqFYXueqHm3ySy7ZPBTNHhzmcP/tNFHwjYMjntJPu
4Ovvz9qaVbGq0fePaZAymhIJLsXouW6w8+M0//0bnoveGFyx16Ov06Pw0Hvg1EuT
/LXlUSN5hLKk5uV872b+Q/EXb4WnQsjJ03PtqqjzVb4kQcLvbXqKCiVIF1PcmzjS
soqYJmnG3Lqyp+5Q31LpjL9nr+RXxHk84yCazEW/K8PuXbqoG90IEwI0uDjn48e4
FO7FW7neD56YGCw2uYqwyDFFh3u4zyNzB3zCtd+Q6zV3rlFTw/N0aZf9UjCzSDNx
R9y4CooLpglX0bZ7MNkV3RKf/DUOCJERTUBmnv/bQLUE
-----END CERTIFICATE-----