Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/zrOybo8OUdo1YWpvdexahXHtucc.roa
File:                     zrOybo8OUdo1YWpvdexahXHtucc.roa (raw, json)
Hash identifier:          EWyOKZff8iXaRwsSXU+RwbJXdez1LiNZod4BRpq2JDU=
Subject key identifier:   CE:B3:B2:6E:8F:0E:51:DA:35:61:6A:6F:75:EC:5A:85:71:ED:B9:C7
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       0196A0965516565DAE6CE03BCE25A7E0F222
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/zrOybo8OUdo1YWpvdexahXHtucc.roa
Signing time:             Mon 05 May 2025 13:15:28 +0000
ROA not before:           Mon 05 May 2025 13:15:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214422
IP address blocks:        77.105.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:96:55:16:56:5d:ae:6c:e0:3b:ce:25:a7:e0:f2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: May  5 13:15:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceb3b26e8f0e51da35616a6f75ec5a8571edb9c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:85:5b:05:7e:1b:18:a2:1c:df:0f:b9:f7:1f:
                    1f:aa:ad:96:11:a4:d2:a2:80:23:36:57:24:d9:2f:
                    b0:13:01:d6:22:74:1a:81:35:b8:01:87:50:1d:c3:
                    de:13:03:9c:c2:80:d6:27:1c:70:37:1c:48:ee:cc:
                    ca:a2:13:4d:5f:4d:c6:bc:f7:f8:7d:21:11:e2:e0:
                    1c:bb:76:5d:1b:ef:ac:ef:ac:e6:bf:fa:e3:7a:10:
                    34:cc:b5:5f:c4:e8:3c:01:d7:14:5e:d7:59:af:b8:
                    7e:f2:4c:1e:69:5e:f7:19:e3:8c:e6:02:ef:1d:fa:
                    0d:68:f8:d4:b0:c4:6b:7d:2f:fb:a7:1f:29:42:80:
                    3a:1f:ff:4b:73:83:fd:48:80:e9:c0:6f:53:95:81:
                    be:a9:28:3f:21:2a:ff:b5:41:ed:9f:3f:f8:8b:25:
                    4f:cd:cb:47:cb:4f:89:82:e1:50:17:c5:a1:ce:8b:
                    8c:9d:d8:6b:57:31:b8:8b:13:4e:eb:f2:21:2b:9d:
                    20:66:2b:3a:76:08:a5:c3:ca:f0:b3:eb:b5:28:0e:
                    68:69:12:e3:78:e0:7e:7d:1b:77:d1:b5:f3:94:82:
                    a5:12:3d:36:18:9d:b1:a1:60:6c:68:1b:4b:05:7d:
                    b7:30:91:60:53:36:cb:4d:8f:78:dc:37:58:3b:39:
                    79:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B3:B2:6E:8F:0E:51:DA:35:61:6A:6F:75:EC:5A:85:71:ED:B9:C7
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/zrOybo8OUdo1YWpvdexahXHtucc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:16:c1:79:f8:e0:42:7e:70:f6:51:07:ad:28:ec:16:1d:96:
         82:bd:37:5d:4a:da:06:1c:2a:12:2e:5d:8a:09:2a:c6:6a:51:
         1a:5d:83:09:85:03:5c:e5:e5:51:62:af:17:a1:0a:a4:d5:b0:
         8f:e0:51:33:34:3c:80:ac:49:3e:a3:56:c8:f5:f4:f5:3c:8c:
         b5:3f:b3:2f:8f:1a:6e:ce:a7:10:91:5e:6b:13:38:ef:2e:36:
         1e:b9:47:ae:02:ce:90:7e:57:b6:bf:d9:fd:97:dc:09:5c:87:
         68:2d:02:7b:41:bf:06:5a:94:3e:96:5c:b6:c2:6d:2b:5b:96:
         9a:b9:c9:8d:16:01:2a:7a:39:31:f0:1e:aa:88:52:95:99:84:
         04:c1:f3:c8:09:79:89:4f:ff:0d:b1:cc:2c:a0:d0:1a:77:bc:
         0e:2c:bd:0d:6f:01:99:7f:a7:18:a3:b0:3d:9e:66:3b:45:ad:
         f3:d2:11:33:dd:7a:bf:9e:47:a7:87:62:13:06:9f:68:88:2b:
         6d:f7:38:b1:e0:4e:41:25:13:f0:75:7f:3d:19:1b:aa:20:bd:
         02:51:47:cb:3a:a0:32:17:ab:1e:97:60:42:83:a0:71:c6:e5:
         58:a7:b7:ab:68:18:6e:bd:8a:3b:7f:5e:90:22:e6:59:1a:a5:
         22:f8:71:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZagllUWVl2ubOA7ziWn4PIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwNTA1MTMxNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIzYjI2ZThmMGU1MWRhMzU2MTZhNmY3NWVjNWE4NTcxZWRiOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIVbBX4bGKIc3w+59x8fqq2WEaTS
ooAjNlck2S+wEwHWInQagTW4AYdQHcPeEwOcwoDWJxxwNxxI7szKohNNX03GvPf4
fSER4uAcu3ZdG++s76zmv/rjehA0zLVfxOg8AdcUXtdZr7h+8kweaV73GeOM5gLv
HfoNaPjUsMRrfS/7px8pQoA6H/9Lc4P9SIDpwG9TlYG+qSg/ISr/tUHtnz/4iyVP
zctHy0+JguFQF8WhzouMndhrVzG4ixNO6/IhK50gZis6dgilw8rws+u1KA5oaRLj
eOB+fRt30bXzlIKlEj02GJ2xoWBsaBtLBX23MJFgUzbLTY943DdYOzl5tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6zsm6PDlHaNWFqb3XsWoVx7bnHMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvenJPeWJvOE9VZG8xWVdwdmRleGFoWEh0dWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmkMA0G
CSqGSIb3DQEBCwUAA4IBAQBmFsF5+OBCfnD2UQetKOwWHZaCvTddStoGHCoSLl2K
CSrGalEaXYMJhQNc5eVRYq8XoQqk1bCP4FEzNDyArEk+o1bI9fT1PIy1P7Mvjxpu
zqcQkV5rEzjvLjYeuUeuAs6Qfle2v9n9l9wJXIdoLQJ7Qb8GWpQ+lly2wm0rW5aa
ucmNFgEqejkx8B6qiFKVmYQEwfPICXmJT/8NscwsoNAad7wOLL0NbwGZf6cYo7A9
nmY7Ra3z0hEz3Xq/nkenh2ITBp9oiCtt9zix4E5BJRPwdX89GRuqIL0CUUfLOqAy
F6sel2BCg6BxxuVYp7eraBhuvYo7f16QIuZZGqUi+HFG
-----END CERTIFICATE-----