Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/dM23tRMrfeVMohMV97WFUTG8sLM.roa
File:                     dM23tRMrfeVMohMV97WFUTG8sLM.roa (raw, json)
Hash identifier:          OTTmI9o/dreNgVKL2IIkBGf7NtGEVJVZuJN7RdVlcwY=
Subject key identifier:   74:CD:B7:B5:13:2B:7D:E5:4C:A2:13:15:F7:B5:85:51:31:BC:B0:B3
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       0196437B366FD4758FC37A640FEED208E517
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/dM23tRMrfeVMohMV97WFUTG8sLM.roa
Signing time:             Thu 17 Apr 2025 11:21:10 +0000
ROA not before:           Thu 17 Apr 2025 11:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        77.246.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:7b:36:6f:d4:75:8f:c3:7a:64:0f:ee:d2:08:e5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Apr 17 11:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74cdb7b5132b7de54ca21315f7b5855131bcb0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:80:0c:6a:7f:0e:ab:e5:8a:c7:65:4d:75:8e:
                    96:51:c7:78:73:05:22:30:96:06:6e:e2:85:94:63:
                    d9:e8:51:ad:09:ef:07:f4:81:d8:26:6e:c2:9f:17:
                    af:d7:73:c3:4d:6a:3f:64:30:5e:4e:77:c7:39:da:
                    35:a1:19:5d:9e:68:12:1a:68:20:d3:4e:57:d8:6a:
                    7d:19:2b:0a:b9:3d:bf:b1:fc:d3:ff:8f:0c:37:15:
                    88:b9:e1:56:83:fe:e2:82:93:31:9c:18:cb:d8:c6:
                    16:e6:a5:12:08:82:27:1c:f9:cd:a7:91:fa:89:b1:
                    0c:76:fd:f6:9d:d2:b0:fa:cb:96:db:06:c6:22:f7:
                    8c:a3:b6:42:01:27:52:36:c0:5b:35:75:87:c1:26:
                    de:5c:c4:22:dd:71:11:c6:49:53:14:21:7f:29:8e:
                    e5:93:18:2c:b4:5a:87:30:a3:78:0a:4a:7f:23:1b:
                    10:5f:01:ab:fd:8e:36:53:97:c8:e7:41:c5:69:95:
                    3d:23:17:28:ef:11:87:48:e0:ec:fc:61:28:51:77:
                    4e:ec:6a:36:84:d9:d2:0f:a2:f7:f3:e6:62:58:e3:
                    1f:e1:c8:7a:bd:c6:49:38:2c:44:ae:60:50:9a:3c:
                    ee:1d:82:2d:e9:7c:42:37:3e:ba:64:70:3a:5b:78:
                    d9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:CD:B7:B5:13:2B:7D:E5:4C:A2:13:15:F7:B5:85:51:31:BC:B0:B3
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/dM23tRMrfeVMohMV97WFUTG8sLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:2e:b2:5d:02:5b:b8:22:66:69:53:c1:fc:a1:25:2c:ac:5c:
         97:1b:2e:a6:e6:ae:bc:54:b4:7f:ae:a1:6e:5a:f1:b9:a1:f4:
         2f:9d:ca:e6:a7:10:37:ff:c6:47:54:2d:84:ed:bc:8e:4e:36:
         20:a7:cc:31:01:ac:a1:40:bc:0b:2d:2b:88:f1:4d:b6:40:76:
         73:5b:2d:d8:3f:bf:ca:d3:68:af:1c:10:d3:67:3a:45:88:ba:
         3a:71:49:c1:cb:5c:80:60:46:ae:3a:d2:b5:e9:8d:77:90:ed:
         1a:cd:6e:4a:5c:c9:c3:23:2b:e4:7b:d3:6f:54:c3:89:07:1c:
         fa:be:70:27:3f:1e:47:cb:76:89:b6:fa:54:fe:33:2e:4b:d2:
         1b:11:d0:16:08:ec:f7:01:5b:5a:85:87:a2:88:d8:50:c5:59:
         90:5c:61:24:8d:0a:0e:b5:28:7a:40:03:31:c9:e3:90:b2:58:
         db:e6:fc:80:58:67:d8:3c:ff:54:8e:0d:a1:3a:87:3d:2c:ca:
         cd:b7:ce:4a:7d:24:fc:b3:7e:54:2a:3a:10:22:57:cc:31:5b:
         a5:86:c6:72:29:8f:69:6a:81:ed:fc:4f:51:09:6f:a9:01:90:
         1d:fe:54:01:86:e4:57:4b:d4:f2:93:13:81:07:f1:8d:11:76:
         6b:b4:de:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZDezZv1HWPw3pkD+7SCOUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwNDE3MTEyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGNkYjdiNTEzMmI3ZGU1NGNhMjEzMTVmN2I1ODU1MTMxYmNiMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIAMan8Oq+WKx2VNdY6WUcd4cwUi
MJYGbuKFlGPZ6FGtCe8H9IHYJm7Cnxev13PDTWo/ZDBeTnfHOdo1oRldnmgSGmgg
005X2Gp9GSsKuT2/sfzT/48MNxWIueFWg/7igpMxnBjL2MYW5qUSCIInHPnNp5H6
ibEMdv32ndKw+suW2wbGIveMo7ZCASdSNsBbNXWHwSbeXMQi3XERxklTFCF/KY7l
kxgstFqHMKN4Ckp/IxsQXwGr/Y42U5fI50HFaZU9Ixco7xGHSODs/GEoUXdO7Go2
hNnSD6L38+ZiWOMf4ch6vcZJOCxErmBQmjzuHYIt6XxCNz66ZHA6W3jZkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTNt7UTK33lTKITFfe1hVExvLCzMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvZE0yM3RSTXJmZVZNb2hNVjk3V0ZVVEc4c0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBfLrJdAlu4ImZpU8H8oSUsrFyXGy6m5q68VLR/rqFu
WvG5ofQvncrmpxA3/8ZHVC2E7byOTjYgp8wxAayhQLwLLSuI8U22QHZzWy3YP7/K
02ivHBDTZzpFiLo6cUnBy1yAYEauOtK16Y13kO0azW5KXMnDIyvke9NvVMOJBxz6
vnAnPx5Hy3aJtvpU/jMuS9IbEdAWCOz3AVtahYeiiNhQxVmQXGEkjQoOtSh6QAMx
yeOQsljb5vyAWGfYPP9Ujg2hOoc9LMrNt85KfST8s35UKjoQIlfMMVulhsZyKY9p
aoHt/E9RCW+pAZAd/lQBhuRXS9TykxOBB/GNEXZrtN41
-----END CERTIFICATE-----