Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/PSvL_tgB6M6i6mZojGVFQWuCecs.roa
File:                     PSvL_tgB6M6i6mZojGVFQWuCecs.roa (raw, json)
Hash identifier:          1JMNd0VqJPuF4b0I+ceST6y/nTTMR4IKg7gLgt4Hu3A=
Subject key identifier:   3D:2B:CB:FE:D8:01:E8:CE:A2:EA:66:68:8C:65:45:41:6B:82:79:CB
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0196B07D67DD2CEB0B19A6B9D79A524A2D5B
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/PSvL_tgB6M6i6mZojGVFQWuCecs.roa
Signing time:             Thu 08 May 2025 15:22:10 +0000
ROA not before:           Thu 08 May 2025 15:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9232
IP address blocks:        77.111.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 02:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:7d:67:dd:2c:eb:0b:19:a6:b9:d7:9a:52:4a:2d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May  8 15:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d2bcbfed801e8cea2ea66688c6545416b8279cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2f:6b:d6:06:cb:ea:c1:6b:e6:d7:d2:aa:93:
                    61:b1:dd:da:28:41:bb:66:ae:3f:35:36:e3:c0:3d:
                    64:07:ed:dc:69:b0:ce:e3:07:c5:2d:b5:1f:39:18:
                    3f:1d:1a:a8:13:4f:a1:c3:77:cb:e3:b8:6f:9c:89:
                    7b:8f:8b:19:53:d1:5a:31:c1:b1:e1:de:51:b9:2c:
                    ac:70:ab:12:38:ec:1b:67:b2:a2:c4:13:92:85:aa:
                    0b:ae:71:4c:87:3b:14:8d:21:9e:79:1b:9c:4c:0e:
                    ab:47:9b:54:18:43:b7:95:85:6e:0e:0a:13:74:09:
                    13:55:1e:c6:84:bf:74:b3:6d:d6:b3:48:8f:a4:37:
                    a8:2b:ef:93:9d:c4:91:b1:95:fe:57:74:18:e4:11:
                    64:6f:30:b6:04:a2:67:2f:58:cd:a5:5c:81:22:f2:
                    d1:3b:a2:70:5c:1a:b6:31:15:25:07:2b:19:aa:0d:
                    7e:fc:22:e8:ab:6f:7d:76:d5:c9:17:85:d9:2a:21:
                    ba:8f:75:0e:99:46:08:d5:ba:23:5a:4f:75:ea:ea:
                    23:61:15:5f:e5:d0:1c:33:1e:8a:a7:c1:95:aa:d7:
                    cd:fe:fb:59:86:d9:7a:ba:d2:3b:66:29:d3:de:fc:
                    bb:1e:5d:1f:24:98:6d:bd:72:b5:10:1c:e8:67:b0:
                    d8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2B:CB:FE:D8:01:E8:CE:A2:EA:66:68:8C:65:45:41:6B:82:79:CB
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/PSvL_tgB6M6i6mZojGVFQWuCecs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:eb:28:f0:72:10:e1:1d:20:7d:a4:d2:29:13:42:5a:9b:c4:
         66:73:21:a1:65:10:6a:3d:5c:76:f0:5c:41:0c:a8:7c:77:54:
         e9:53:5f:cc:b7:a4:3e:af:67:85:88:6e:64:73:1b:69:6f:ea:
         51:28:50:51:a6:f4:5c:89:ef:c6:59:d4:f6:40:20:8c:3f:f2:
         1a:3c:84:86:af:e2:56:3d:0f:a3:84:d4:ca:97:70:e1:09:91:
         9a:28:ce:b3:7f:57:9f:6d:d7:62:a3:c1:c2:0b:c2:75:68:c6:
         6e:91:03:43:14:d6:76:46:8d:4b:91:ac:c8:ce:9e:b2:d7:35:
         d8:ce:89:96:dd:ad:e1:d0:70:19:7a:42:1f:06:99:80:76:5d:
         2a:e8:c9:97:a6:e3:e0:8d:e9:f7:00:8d:c0:ac:2a:4d:4a:31:
         de:c7:39:7e:c0:20:a0:39:f8:ba:7f:d1:b7:d0:0b:a8:e0:9d:
         94:4f:0c:51:4b:49:f5:85:8a:01:80:f4:3e:d9:f7:2b:70:e1:
         33:26:dc:6d:39:58:b3:eb:97:b9:08:95:3d:ad:bf:f5:82:46:
         d3:7a:9e:61:34:98:9c:9b:03:3b:49:19:32:60:27:81:95:40:
         ac:18:ff:cc:ac:1c:c1:c6:c7:19:ab:86:ef:13:6b:01:25:39:
         bb:a6:75:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZawfWfdLOsLGaa515pSSi1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNTA4MTUyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJiY2JmZWQ4MDFlOGNlYTJlYTY2Njg4YzY1NDU0MTZiODI3OWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS9r1gbL6sFr5tfSqpNhsd3aKEG7
Zq4/NTbjwD1kB+3cabDO4wfFLbUfORg/HRqoE0+hw3fL47hvnIl7j4sZU9FaMcGx
4d5RuSyscKsSOOwbZ7KixBOShaoLrnFMhzsUjSGeeRucTA6rR5tUGEO3lYVuDgoT
dAkTVR7GhL90s23Ws0iPpDeoK++TncSRsZX+V3QY5BFkbzC2BKJnL1jNpVyBIvLR
O6JwXBq2MRUlBysZqg1+/CLoq299dtXJF4XZKiG6j3UOmUYI1bojWk916uojYRVf
5dAcMx6Kp8GVqtfN/vtZhtl6utI7ZinT3vy7Hl0fJJhtvXK1EBzoZ7DYgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0ry/7YAejOoupmaIxlRUFrgnnLMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvUFN2TF90Z0I2TTZpNm1ab2pHVkZRV3VDZWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9pMA0G
CSqGSIb3DQEBCwUAA4IBAQAe6yjwchDhHSB9pNIpE0Jam8RmcyGhZRBqPVx28FxB
DKh8d1TpU1/Mt6Q+r2eFiG5kcxtpb+pRKFBRpvRcie/GWdT2QCCMP/IaPISGr+JW
PQ+jhNTKl3DhCZGaKM6zf1efbddio8HCC8J1aMZukQNDFNZ2Ro1LkazIzp6y1zXY
zomW3a3h0HAZekIfBpmAdl0q6MmXpuPgjen3AI3ArCpNSjHexzl+wCCgOfi6f9G3
0Auo4J2UTwxRS0n1hYoBgPQ+2fcrcOEzJtxtOViz65e5CJU9rb/1gkbTep5hNJic
mwM7SRkyYCeBlUCsGP/MrBzBxscZq4bvE2sBJTm7pnVq
-----END CERTIFICATE-----