Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/Qb_xgsenhCkec0NMAq-37FxvC-Q.roa
File:                     Qb_xgsenhCkec0NMAq-37FxvC-Q.roa (raw, json)
Hash identifier:          tOjmdfLGRrXXOfqXX2/nLImlZVzeIuD2NtgFbQbxXvU=
Subject key identifier:   41:BF:F1:82:C7:A7:84:29:1E:73:43:4C:02:AF:B7:EC:5C:6F:0B:E4
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       01979B8A54F8694C658ED1BBF76922DEAE91
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/Qb_xgsenhCkec0NMAq-37FxvC-Q.roa
Signing time:             Mon 23 Jun 2025 06:47:03 +0000
ROA not before:           Mon 23 Jun 2025 06:47:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        77.233.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:8a:54:f8:69:4c:65:8e:d1:bb:f7:69:22:de:ae:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jun 23 06:47:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41bff182c7a784291e73434c02afb7ec5c6f0be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:85:92:ca:4c:00:34:84:f0:d7:e8:39:c7:9d:
                    52:5a:4c:ae:38:1e:dd:ff:f7:4d:2d:c2:63:56:19:
                    fb:20:fb:89:b9:8f:d4:23:16:1b:c6:76:ea:45:f3:
                    a5:4b:e5:92:e7:6a:3a:87:61:17:06:aa:65:da:73:
                    23:46:88:e0:f3:ae:a6:f6:28:76:5f:9b:9d:f1:61:
                    3c:28:2d:66:45:f4:5c:1a:19:b5:a4:5a:12:71:69:
                    e3:83:ec:9b:06:e0:4c:54:d8:7c:c9:e9:80:e4:1d:
                    68:8f:c6:9d:de:01:a9:1d:57:90:73:00:6b:69:f0:
                    5c:5a:00:d9:a9:15:e9:8f:eb:ed:72:a2:18:a9:d9:
                    b7:74:b9:25:e2:91:97:fc:c5:01:f4:c5:c9:f1:0f:
                    a8:0a:9c:ab:bd:7c:59:81:b2:39:a2:49:84:5b:e8:
                    d6:ab:5a:dd:28:6a:2d:42:0f:53:10:60:c1:9d:ae:
                    5d:60:e5:97:10:0b:46:5d:df:0b:e1:d3:a5:3d:dc:
                    83:ea:7f:dc:3f:a4:3f:2a:2c:7c:bb:10:39:7a:d5:
                    82:66:72:59:4b:1a:ad:1f:2f:a4:9a:e7:ff:78:a7:
                    8d:76:14:a7:61:21:8a:84:4c:e3:8d:a0:06:fa:09:
                    08:bc:8a:39:39:23:ba:b3:87:3f:1d:8c:7a:03:01:
                    7c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BF:F1:82:C7:A7:84:29:1E:73:43:4C:02:AF:B7:EC:5C:6F:0B:E4
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/Qb_xgsenhCkec0NMAq-37FxvC-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.233.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:84:ee:d1:d3:a3:3f:b2:cc:22:9e:c3:fb:b7:e8:72:dd:33:
         44:bb:52:d6:fa:21:86:23:e3:2b:a7:97:72:44:d8:4f:ed:ec:
         c9:a2:b8:7a:31:ec:1f:58:41:7e:28:9b:52:7a:03:3d:59:25:
         ea:df:65:17:38:78:fb:66:11:84:d8:7f:e1:ee:41:68:34:33:
         8b:dd:ec:de:10:f8:8f:cd:67:b8:24:b7:d8:10:61:64:84:f0:
         9d:a0:95:7d:93:88:67:e4:8d:76:f4:96:81:a5:e9:83:50:be:
         dc:83:bf:bd:c0:b4:ce:d7:b6:d2:b4:92:48:a8:94:89:c4:96:
         90:1f:59:b5:6e:3e:3e:1d:d1:1f:bb:5e:7f:e0:7a:d8:f1:fe:
         52:c4:50:2c:87:1e:48:6b:91:a7:6b:ac:d0:de:cb:f5:12:df:
         c0:2e:5d:e4:dc:b1:d6:8c:78:4b:a4:73:37:2c:a0:86:7e:41:
         16:80:2b:77:24:52:d7:ad:a5:3d:b4:0f:ed:e1:53:be:3f:7f:
         28:4e:9e:4c:f1:ba:53:64:98:49:a7:76:8a:83:75:71:7d:a8:
         4f:37:18:1b:3b:96:dd:0c:f4:03:f6:b9:34:13:8a:a5:84:39:
         55:b4:28:24:f5:d1:46:11:ac:d8:39:60:9e:5b:c9:f1:4f:d7:
         6f:21:92:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZebilT4aUxljtG792ki3q6RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwNjIzMDY0NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJmZjE4MmM3YTc4NDI5MWU3MzQzNGMwMmFmYjdlYzVjNmYwYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IWSykwANITw1+g5x51SWkyuOB7d
//dNLcJjVhn7IPuJuY/UIxYbxnbqRfOlS+WS52o6h2EXBqpl2nMjRojg866m9ih2
X5ud8WE8KC1mRfRcGhm1pFoScWnjg+ybBuBMVNh8yemA5B1oj8ad3gGpHVeQcwBr
afBcWgDZqRXpj+vtcqIYqdm3dLkl4pGX/MUB9MXJ8Q+oCpyrvXxZgbI5okmEW+jW
q1rdKGotQg9TEGDBna5dYOWXEAtGXd8L4dOlPdyD6n/cP6Q/Kix8uxA5etWCZnJZ
SxqtHy+kmuf/eKeNdhSnYSGKhEzjjaAG+gkIvIo5OSO6s4c/HYx6AwF8UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEG/8YLHp4QpHnNDTAKvt+xcbwvkMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvUWJfeGdzZW5oQ2tlYzBOTUFxLTM3Rnh2Qy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTenUMA0G
CSqGSIb3DQEBCwUAA4IBAQAihO7R06M/sswinsP7t+hy3TNEu1LW+iGGI+Mrp5dy
RNhP7ezJorh6MewfWEF+KJtSegM9WSXq32UXOHj7ZhGE2H/h7kFoNDOL3ezeEPiP
zWe4JLfYEGFkhPCdoJV9k4hn5I129JaBpemDUL7cg7+9wLTO17bStJJIqJSJxJaQ
H1m1bj4+HdEfu15/4HrY8f5SxFAshx5Ia5Gna6zQ3sv1Et/ALl3k3LHWjHhLpHM3
LKCGfkEWgCt3JFLXraU9tA/t4VO+P38oTp5M8bpTZJhJp3aKg3VxfahPNxgbO5bd
DPQD9rk0E4qlhDlVtCgk9dFGEazYOWCeW8nxT9dvIZKj
-----END CERTIFICATE-----