Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MlnaUFzK2OeQZ8wW3FiFRT8_NVs.roa
File:                     MlnaUFzK2OeQZ8wW3FiFRT8_NVs.roa (raw, json)
Hash identifier:          0spS/77DixuF6Ny5vcpTBinfdQ4ISCLe84xsk4YY3yc=
Subject key identifier:   32:59:DA:50:5C:CA:D8:E7:90:67:CC:16:DC:58:85:45:3F:3F:35:5B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0197D709A3899047B8CAAE915528BBFECED3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MlnaUFzK2OeQZ8wW3FiFRT8_NVs.roa
Signing time:             Fri 04 Jul 2025 20:03:42 +0000
ROA not before:           Fri 04 Jul 2025 20:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401152
IP address blocks:        77.239.96.0/24 maxlen: 24
                          77.239.97.0/24 maxlen: 24
                          77.239.98.0/24 maxlen: 24
                          77.239.99.0/24 maxlen: 24
                          77.239.100.0/24 maxlen: 24
                          77.239.101.0/24 maxlen: 24
                          77.239.102.0/24 maxlen: 24
                          77.239.103.0/24 maxlen: 24
                          77.239.112.0/24 maxlen: 24
                          77.239.113.0/24 maxlen: 24
                          77.239.114.0/24 maxlen: 24
                          77.239.115.0/24 maxlen: 24
                          77.239.116.0/24 maxlen: 24
                          77.239.117.0/24 maxlen: 24
                          77.239.118.0/24 maxlen: 24
                          77.239.119.0/24 maxlen: 24
                          77.239.120.0/24 maxlen: 24
                          77.239.121.0/24 maxlen: 24
                          77.239.122.0/24 maxlen: 24
                          77.239.123.0/24 maxlen: 24
                          77.239.124.0/24 maxlen: 24
                          77.239.125.0/24 maxlen: 24
                          150.241.64.0/24 maxlen: 24
                          150.241.65.0/24 maxlen: 24
                          150.241.66.0/24 maxlen: 24
                          150.241.67.0/24 maxlen: 24
                          150.241.68.0/24 maxlen: 24
                          150.241.69.0/24 maxlen: 24
                          150.241.70.0/24 maxlen: 24
                          150.241.71.0/24 maxlen: 24
                          150.241.72.0/24 maxlen: 24
                          150.241.73.0/24 maxlen: 24
                          150.241.74.0/24 maxlen: 24
                          150.241.75.0/24 maxlen: 24
                          150.241.76.0/24 maxlen: 24
                          150.241.77.0/24 maxlen: 24
                          150.241.78.0/24 maxlen: 24
                          150.241.79.0/24 maxlen: 24
                          150.241.80.0/24 maxlen: 24
                          150.241.81.0/24 maxlen: 24
                          150.241.82.0/24 maxlen: 24
                          150.241.83.0/24 maxlen: 24
                          150.241.84.0/24 maxlen: 24
                          150.241.85.0/24 maxlen: 24
                          150.241.86.0/24 maxlen: 24
                          150.241.87.0/24 maxlen: 24
                          150.241.88.0/24 maxlen: 24
                          150.241.89.0/24 maxlen: 24
                          150.241.90.0/24 maxlen: 24
                          150.241.91.0/24 maxlen: 24
                          150.241.92.0/24 maxlen: 24
                          150.241.93.0/24 maxlen: 24
                          150.241.94.0/24 maxlen: 24
                          150.241.95.0/24 maxlen: 24
                          150.241.96.0/24 maxlen: 24
                          150.241.97.0/24 maxlen: 24
                          150.241.98.0/24 maxlen: 24
                          150.241.99.0/24 maxlen: 24
                          150.241.100.0/24 maxlen: 24
                          150.241.101.0/24 maxlen: 24
                          150.241.102.0/24 maxlen: 24
                          150.241.103.0/24 maxlen: 24
                          193.23.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d7:09:a3:89:90:47:b8:ca:ae:91:55:28:bb:fe:ce:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jul  4 20:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3259da505ccad8e79067cc16dc5885453f3f355b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:86:b8:28:de:74:a2:8c:d6:e5:1f:23:1c:37:
                    6e:a3:89:71:b0:9e:a4:8a:9a:a9:41:8b:d2:ee:eb:
                    19:e6:1c:f1:16:c6:a3:a9:e3:72:93:64:b9:bb:f9:
                    e8:97:93:5c:10:d4:90:22:ee:c6:a8:dc:8c:cd:83:
                    66:bf:de:0f:98:50:88:0a:e8:ed:8d:8a:2b:83:d9:
                    f0:81:9d:e3:c2:c0:f9:39:5a:8c:e4:5e:6f:62:be:
                    f1:cb:de:2b:b0:b9:27:e8:3c:13:06:d0:34:7a:5a:
                    24:09:a4:e6:11:8b:c1:9c:a8:1f:a3:2a:a6:ec:43:
                    62:26:08:09:2a:36:1e:ae:59:16:9a:65:bf:d4:a1:
                    f1:05:3c:2e:9b:dd:37:e3:e7:35:2f:d9:9c:f8:b4:
                    70:34:ae:c3:7f:64:95:57:3e:9f:3a:ef:b4:27:9e:
                    61:d6:83:21:f6:7c:5e:3f:33:4c:b0:c1:04:75:51:
                    02:db:ca:c9:50:89:25:3a:43:27:8f:f1:ff:84:39:
                    f5:a0:02:62:ce:3a:0c:21:59:7b:e8:b7:fa:75:a7:
                    f9:cb:1e:15:84:30:22:04:88:8d:b5:c5:7a:81:36:
                    0c:82:bb:75:a0:b4:18:ed:d9:72:bc:3e:f3:08:05:
                    e1:23:77:15:9c:e5:6c:60:00:71:ea:61:7f:95:26:
                    ab:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:59:DA:50:5C:CA:D8:E7:90:67:CC:16:DC:58:85:45:3F:3F:35:5B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MlnaUFzK2OeQZ8wW3FiFRT8_NVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.96.0/21
                  77.239.112.0-77.239.125.255
                  150.241.64.0-150.241.103.255
                  193.23.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:99:61:2c:0d:23:8b:93:12:f0:c5:3f:85:6f:38:b9:1a:4b:
         e8:43:5b:21:75:82:49:d5:83:8f:06:6e:3d:65:b7:67:de:26:
         61:82:01:6a:eb:f4:65:61:d4:5b:49:6a:3b:3a:2b:bb:e1:ab:
         1a:14:74:00:db:28:d8:ce:e1:65:80:68:29:33:7a:02:9f:51:
         3f:92:fc:3e:66:15:e8:a1:10:15:a0:db:5c:96:1e:89:27:72:
         23:1b:ca:27:47:28:40:55:be:9a:6f:45:27:80:8e:e8:9e:90:
         67:b5:0b:3e:ce:7d:59:ce:d7:f5:f0:32:ad:08:4d:e0:84:36:
         4e:3b:d4:ee:d0:19:2a:0a:31:e0:f5:71:36:d0:13:b8:a8:4b:
         85:3f:7c:21:46:e7:ee:af:44:d1:94:ea:6e:12:39:78:b0:42:
         90:ac:b8:dd:63:4c:37:02:af:33:ed:36:c6:1e:34:0a:6a:59:
         db:f1:a6:03:ee:0e:79:a2:a8:18:22:3c:ec:b5:1b:d0:5f:7d:
         96:f1:39:37:6d:16:3b:01:59:9d:24:f2:da:34:ee:8c:7e:0f:
         dc:22:bf:07:da:ea:fb:6e:77:30:fe:a4:67:17:64:e1:4f:85:
         10:37:68:29:bb:3e:69:d9:ca:91:47:60:87:b8:55:cf:3b:bd:
         bf:5e:3b:44
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZfXCaOJkEe4yq6RVSi7/s7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzA0MjAwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU5ZGE1MDVjY2FkOGU3OTA2N2NjMTZkYzU4ODU0NTNmM2YzNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYa4KN50oozW5R8jHDduo4lxsJ6k
ipqpQYvS7usZ5hzxFsajqeNyk2S5u/nol5NcENSQIu7GqNyMzYNmv94PmFCICujt
jYorg9nwgZ3jwsD5OVqM5F5vYr7xy94rsLkn6DwTBtA0elokCaTmEYvBnKgfoyqm
7ENiJggJKjYerlkWmmW/1KHxBTwum9034+c1L9mc+LRwNK7Df2SVVz6fOu+0J55h
1oMh9nxePzNMsMEEdVEC28rJUIklOkMnj/H/hDn1oAJizjoMIVl76Lf6daf5yx4V
hDAiBIiNtcV6gTYMgrt1oLQY7dlyvD7zCAXhI3cVnOVsYABx6mF/lSarKwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDJZ2lBcytjnkGfMFtxYhUU/PzVbMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTWxuYVVGeksyT2VRWjh3VzNGaUZSVDhfTlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQDTe9gMAwD
BARN73ADBAFN73wwDAMEBpbxQAMEA5bxYAMEAMEXxDANBgkqhkiG9w0BAQsFAAOC
AQEAdJlhLA0ji5MS8MU/hW84uRpL6ENbIXWCSdWDjwZuPWW3Z94mYYIBauv0ZWHU
W0lqOzoru+GrGhR0ANso2M7hZYBoKTN6Ap9RP5L8PmYV6KEQFaDbXJYeiSdyIxvK
J0coQFW+mm9FJ4CO6J6QZ7ULPs59Wc7X9fAyrQhN4IQ2TjvU7tAZKgox4PVxNtAT
uKhLhT98IUbn7q9E0ZTqbhI5eLBCkKy43WNMNwKvM+02xh40CmpZ2/GmA+4OeaKo
GCI87LUb0F99lvE5N20WOwFZnSTy2jTujH4P3CK/B9rq+253MP6kZxdk4U+FEDdo
Kbs+adnKkUdgh7hVzzu9v147RA==
-----END CERTIFICATE-----
Generated at Sun Jul 6 09:01:08 2025 by rpki-client