Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ZEh3Y_7VDHkL8fnCRdlRBdMNjSs.roa
File:                     ZEh3Y_7VDHkL8fnCRdlRBdMNjSs.roa (raw, json)
Hash identifier:          9tGGpEhNIUdMmTNT3BtQPbBWAhfLGDnPCij6bP6MIf4=
Subject key identifier:   64:48:77:63:FE:D5:0C:79:0B:F1:F9:C2:45:D9:51:05:D3:0D:8D:2B
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       0197970C6CE75AC0434311339904ED822D7F
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ZEh3Y_7VDHkL8fnCRdlRBdMNjSs.roa
Signing time:             Sun 22 Jun 2025 09:51:03 +0000
ROA not before:           Sun 22 Jun 2025 09:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61003
IP address blocks:        77.74.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:97:0c:6c:e7:5a:c0:43:43:11:33:99:04:ed:82:2d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Jun 22 09:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64487763fed50c790bf1f9c245d95105d30d8d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:91:99:7f:2c:88:7c:51:ab:68:a7:13:0b:99:
                    a6:7a:6e:67:37:6d:eb:ee:c6:66:5e:c4:05:ae:a7:
                    da:f7:34:62:b1:97:f7:eb:dc:99:9b:d7:3f:2c:72:
                    23:d2:ad:67:e8:0f:3f:7f:a0:1e:b9:f9:2e:43:02:
                    75:fb:bd:4c:c0:b4:05:b4:be:73:5a:fa:34:e1:4a:
                    3a:ac:3f:4d:ae:d1:5f:01:d3:43:ea:ac:17:26:e2:
                    d7:7b:70:e0:d2:ce:74:58:67:f2:1d:ac:56:9b:ca:
                    a1:2f:b5:a3:9f:79:b5:b2:5b:d6:f4:6b:d6:da:32:
                    dd:81:f6:3f:a7:2c:d2:da:ce:db:78:61:f5:e0:e2:
                    22:67:85:82:de:2b:79:c9:b3:43:82:ba:2d:92:92:
                    14:ba:46:28:06:bf:49:7b:fc:47:f1:0d:0a:b7:11:
                    de:d3:1e:20:0f:14:a3:05:f2:18:36:f2:4b:af:5f:
                    46:1b:8b:cb:05:46:d9:33:38:85:26:81:35:4f:07:
                    c9:38:40:43:72:68:ee:77:c8:0d:7f:44:7d:9e:22:
                    a2:3f:4c:90:b0:34:13:6f:c9:de:20:ae:23:55:60:
                    1b:38:03:60:2b:20:44:60:b5:93:59:61:da:7d:22:
                    b7:d6:c0:bf:2e:8b:bf:d6:c0:2c:40:f4:e9:25:a5:
                    b1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:48:77:63:FE:D5:0C:79:0B:F1:F9:C2:45:D9:51:05:D3:0D:8D:2B
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ZEh3Y_7VDHkL8fnCRdlRBdMNjSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:2b:9d:fd:6c:94:8a:ca:3e:f6:6c:6b:74:36:31:be:65:20:
         7a:db:6d:75:75:8e:1b:89:54:2f:66:6e:12:50:d6:e0:d6:1a:
         82:ac:8e:73:da:71:08:65:15:e7:6c:47:7d:30:01:c7:52:45:
         0e:a6:50:6d:99:a2:43:b9:11:8b:34:1c:d7:da:3a:f1:59:d4:
         94:7b:1e:28:fd:85:02:c6:2c:75:33:bf:a7:31:02:68:bf:87:
         73:4f:da:a6:8f:db:b1:d6:1e:a1:7b:be:a3:eb:24:89:05:b2:
         05:78:92:4d:e0:58:e3:67:f5:bc:5d:76:bd:72:b6:8e:65:96:
         4c:97:76:18:18:41:37:24:c8:a0:52:5f:65:ca:6d:a7:a2:08:
         14:8b:91:74:f4:52:06:f6:8f:89:f9:71:06:c4:76:45:4b:2b:
         7b:ce:6f:7c:dd:a0:bd:36:9f:ad:ef:08:9b:1a:37:70:a2:a6:
         a1:8a:1c:ff:78:94:92:ed:28:b7:d5:49:2e:98:94:2c:53:03:
         da:8b:5a:72:c1:d1:40:ba:67:58:5d:05:c7:59:98:3e:44:35:
         21:b6:2c:5b:36:40:13:44:88:b6:b3:eb:cc:45:6f:85:4b:40:
         4c:ac:d4:56:cf:86:e9:41:1a:57:26:a3:9a:cb:30:6d:16:e8:
         7a:3a:ab:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeXDGznWsBDQxEzmQTtgi1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjUwNjIyMDk1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDQ4Nzc2M2ZlZDUwYzc5MGJmMWY5YzI0NWQ5NTEwNWQzMGQ4ZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpGZfyyIfFGraKcTC5mmem5nN23r
7sZmXsQFrqfa9zRisZf369yZm9c/LHIj0q1n6A8/f6AeufkuQwJ1+71MwLQFtL5z
Wvo04Uo6rD9NrtFfAdND6qwXJuLXe3Dg0s50WGfyHaxWm8qhL7Wjn3m1slvW9GvW
2jLdgfY/pyzS2s7beGH14OIiZ4WC3it5ybNDgrotkpIUukYoBr9Je/xH8Q0KtxHe
0x4gDxSjBfIYNvJLr19GG4vLBUbZMziFJoE1TwfJOEBDcmjud8gNf0R9niKiP0yQ
sDQTb8neIK4jVWAbOANgKyBEYLWTWWHafSK31sC/Lou/1sAsQPTpJaWxlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRId2P+1Qx5C/H5wkXZUQXTDY0rMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvWkVoM1lfN1ZESGtMOGZuQ1JkbFJCZE1OalNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUrmMA0G
CSqGSIb3DQEBCwUAA4IBAQBRK539bJSKyj72bGt0NjG+ZSB62211dY4biVQvZm4S
UNbg1hqCrI5z2nEIZRXnbEd9MAHHUkUOplBtmaJDuRGLNBzX2jrxWdSUex4o/YUC
xix1M7+nMQJov4dzT9qmj9ux1h6he76j6ySJBbIFeJJN4FjjZ/W8XXa9craOZZZM
l3YYGEE3JMigUl9lym2noggUi5F09FIG9o+J+XEGxHZFSyt7zm983aC9Np+t7wib
Gjdwoqahihz/eJSS7Si31UkumJQsUwPai1pywdFAumdYXQXHWZg+RDUhtixbNkAT
RIi2s+vMRW+FS0BMrNRWz4bpQRpXJqOayzBtFuh6OquT
-----END CERTIFICATE-----