Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/3gBbUpzoZ_NS48pVPCMN6ErX32g.roa
File:                     3gBbUpzoZ_NS48pVPCMN6ErX32g.roa (raw, json)
Hash identifier:          LdH7+fCou1DXhFQSVmkaHCyede3+anbIJwlMXR+OI+M=
Subject key identifier:   DE:00:5B:52:9C:E8:67:F3:52:E3:CA:55:3C:23:0D:E8:4A:D7:DF:68
Certificate issuer:       /CN=fdf54b1879a145397fac0d358efabd2f5fd0aca1
Certificate serial:       0196F884CC5A9704A21214C383E26CB15D68
Authority key identifier: FD:F5:4B:18:79:A1:45:39:7F:AC:0D:35:8E:FA:BD:2F:5F:D0:AC:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_fVLGHmhRTl_rA01jvq9L1_QrKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/3gBbUpzoZ_NS48pVPCMN6ErX32g.roa
Signing time:             Thu 22 May 2025 15:02:54 +0000
ROA not before:           Thu 22 May 2025 15:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211827
IP address blocks:        77.94.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/_fVLGHmhRTl_rA01jvq9L1_QrKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/_fVLGHmhRTl_rA01jvq9L1_QrKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_fVLGHmhRTl_rA01jvq9L1_QrKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:84:cc:5a:97:04:a2:12:14:c3:83:e2:6c:b1:5d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdf54b1879a145397fac0d358efabd2f5fd0aca1
        Validity
            Not Before: May 22 15:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de005b529ce867f352e3ca553c230de84ad7df68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:e8:6c:ac:c5:b0:19:7a:03:2f:37:cd:53:
                    71:a0:96:19:92:8e:a9:71:9c:8d:24:48:03:28:07:
                    9c:3c:4a:cb:56:9b:9e:32:ca:fb:73:8d:7e:aa:3e:
                    33:b3:fe:0b:e6:0e:05:83:08:70:68:da:29:62:8d:
                    e3:a6:8f:d3:60:02:b6:d8:55:d9:b3:d0:8e:06:6b:
                    87:17:b4:ed:a9:94:ba:15:3a:76:77:08:9f:e1:f3:
                    e7:75:47:fb:58:e7:20:25:5c:c2:c7:b5:03:02:69:
                    c7:31:f7:b5:27:b3:e6:12:cb:0b:d8:c6:6d:41:d4:
                    9c:52:68:b5:89:db:c2:ff:b9:b3:91:f7:aa:be:91:
                    33:a8:85:bb:df:bb:75:a6:e3:76:50:5b:6c:5e:c5:
                    5b:c3:2a:a4:85:31:80:bc:77:9a:b4:6c:5f:a3:f0:
                    71:cb:1b:06:25:0e:4b:00:71:1c:90:e3:5f:97:d4:
                    ad:79:a6:b0:13:40:55:5a:67:bc:6c:1b:4b:4f:1a:
                    eb:1d:30:27:8c:38:62:97:dd:ee:c4:cd:d7:f1:69:
                    c2:94:d1:3b:ce:55:5b:3f:24:a5:01:22:bd:93:65:
                    01:53:b6:55:e6:19:97:6a:f4:02:12:bc:16:d7:d3:
                    c3:b2:fa:52:e6:36:b4:c4:15:7b:ac:f7:90:9a:97:
                    ce:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:00:5B:52:9C:E8:67:F3:52:E3:CA:55:3C:23:0D:E8:4A:D7:DF:68
            X509v3 Authority Key Identifier:
                keyid:FD:F5:4B:18:79:A1:45:39:7F:AC:0D:35:8E:FA:BD:2F:5F:D0:AC:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_fVLGHmhRTl_rA01jvq9L1_QrKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/3gBbUpzoZ_NS48pVPCMN6ErX32g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/49b462-75ae-4acc-b52e-71186e2b516a/1/_fVLGHmhRTl_rA01jvq9L1_QrKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.94.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:01:42:55:d9:9b:1f:f5:de:94:85:c0:c0:73:77:d1:81:65:
         d6:eb:05:e4:35:b3:13:89:6c:9b:46:1d:10:a0:03:97:2a:08:
         db:a2:a1:43:5e:a5:7d:7b:6d:e4:18:d4:af:ab:45:74:9e:c4:
         01:19:07:a3:16:84:4b:ba:9d:b5:f8:55:16:e2:0c:43:bc:b6:
         49:94:3a:fc:cd:df:83:26:b4:82:2e:e4:fd:44:75:87:74:e3:
         db:83:76:52:f2:59:2d:0c:4d:dd:aa:1b:de:e5:37:10:40:ab:
         ae:2d:54:79:96:45:d5:56:56:6c:40:57:e2:d6:39:1e:b3:b0:
         44:47:58:61:0a:fe:b8:0f:8f:e5:5c:39:cf:32:46:d2:f0:e4:
         97:d3:b4:7a:4b:65:a8:5e:41:1c:07:a2:18:fb:ff:01:f0:17:
         99:53:c3:fc:cd:24:8b:cb:02:1e:4c:48:e1:90:54:7a:67:a5:
         16:15:93:f0:cc:81:7b:50:27:9e:17:52:6e:c5:b2:33:69:a7:
         33:7a:05:70:79:0a:5f:5a:3b:2d:af:c1:af:8e:79:34:35:94:
         d0:f1:58:0b:a1:08:a2:85:bc:e7:2d:1e:05:0e:b4:09:8c:f5:
         ce:63:09:83:2d:e3:4e:31:8c:89:60:bc:6a:43:ed:1d:70:99:
         bc:8f:a9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4hMxalwSiEhTDg+JssV1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZjU0YjE4NzlhMTQ1Mzk3ZmFjMGQzNThlZmFiZDJmNWZk
MGFjYTEwHhcNMjUwNTIyMTUwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTAwNWI1MjljZTg2N2YzNTJlM2NhNTUzYzIzMGRlODRhZDdkZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6LobKzFsBl6Ay83zVNxoJYZko6p
cZyNJEgDKAecPErLVpueMsr7c41+qj4zs/4L5g4FgwhwaNopYo3jpo/TYAK22FXZ
s9COBmuHF7TtqZS6FTp2dwif4fPndUf7WOcgJVzCx7UDAmnHMfe1J7PmEssL2MZt
QdScUmi1idvC/7mzkfeqvpEzqIW737t1puN2UFtsXsVbwyqkhTGAvHeatGxfo/Bx
yxsGJQ5LAHEckONfl9SteaawE0BVWme8bBtLTxrrHTAnjDhil93uxM3X8WnClNE7
zlVbPySlASK9k2UBU7ZV5hmXavQCErwW19PDsvpS5ja0xBV7rPeQmpfOlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4AW1Kc6GfzUuPKVTwjDehK199oMB8GA1UdIwQY
MBaAFP31Sxh5oUU5f6wNNY76vS9f0KyhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2ZWTEdIbWhSVGxfckEwMWp2cTlMMV9RcktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80OWI0NjItNzVhZS00YWNjLWI1MmUt
NzExODZlMmI1MTZhLzEvM2dCYlVwem9aX05TNDhwVlBDTU42RXJYMzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80OWI0NjItNzVhZS00YWNjLWI1MmUtNzExODZlMmI1MTZh
LzEvX2ZWTEdIbWhSVGxfckEwMWp2cTlMMV9RcktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV7hMA0G
CSqGSIb3DQEBCwUAA4IBAQArAUJV2Zsf9d6UhcDAc3fRgWXW6wXkNbMTiWybRh0Q
oAOXKgjboqFDXqV9e23kGNSvq0V0nsQBGQejFoRLup21+FUW4gxDvLZJlDr8zd+D
JrSCLuT9RHWHdOPbg3ZS8lktDE3dqhve5TcQQKuuLVR5lkXVVlZsQFfi1jkes7BE
R1hhCv64D4/lXDnPMkbS8OSX07R6S2WoXkEcB6IY+/8B8BeZU8P8zSSLywIeTEjh
kFR6Z6UWFZPwzIF7UCeeF1JuxbIzaaczegVweQpfWjstr8Gvjnk0NZTQ8VgLoQii
hbznLR4FDrQJjPXOYwmDLeNOMYyJYLxqQ+0dcJm8j6lj
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:20:25 2025 by rpki-client