Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/bd3OkM4vd4SnNwM3TkXmI_o1Q_Y.roa
File:                     bd3OkM4vd4SnNwM3TkXmI_o1Q_Y.roa (raw, json)
Hash identifier:          Wxu5DWz60/HzYchRwmMwRS3ApmRJvVVcqBJxv6ZfGlc=
Subject key identifier:   6D:DD:CE:90:CE:2F:77:84:A7:37:03:37:4E:45:E6:23:FA:35:43:F6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D692DCC06D92EA5B3B70D88189E0C
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/bd3OkM4vd4SnNwM3TkXmI_o1Q_Y.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206410
IP address blocks:        84.238.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:69:2d:cc:06:d9:2e:a5:b3:b7:0d:88:18:9e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dddce90ce2f7784a73703374e45e623fa3543f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9e:f0:46:a0:90:3a:5c:08:e2:11:bf:2f:e0:
                    69:2c:67:b8:59:7e:5f:01:88:7f:c0:0e:0c:53:f6:
                    61:e9:19:4f:0b:44:26:40:17:0e:d0:79:ff:63:ca:
                    27:65:1a:eb:75:e4:db:fc:7c:82:7a:0f:d6:ec:c0:
                    ff:cf:21:32:80:1c:8b:36:23:92:3d:79:d8:93:fe:
                    90:a9:7e:8f:ff:45:67:1a:63:e6:c2:8b:96:da:a5:
                    c4:de:56:18:ce:bb:2e:10:80:bb:7b:cf:06:b5:58:
                    e1:41:b3:d1:39:e3:a4:6a:10:52:7b:28:e0:58:1d:
                    ac:63:23:30:a2:be:d4:c4:01:bd:ff:91:65:5d:e7:
                    84:99:50:cb:15:ec:0c:92:cd:f8:65:05:65:9e:0f:
                    7b:b3:37:6f:f1:3a:ab:d7:e7:ad:0f:be:26:18:d0:
                    6b:de:f4:f4:73:5e:82:e8:c6:17:94:b6:86:7a:43:
                    cc:5d:fd:01:3b:31:e2:04:a0:3f:e6:5c:ca:fc:5f:
                    95:4b:e7:ac:22:10:aa:db:a1:4c:5e:6c:92:79:84:
                    c8:e6:fe:00:43:35:27:51:fc:89:14:81:ea:b1:dd:
                    70:06:f4:3c:61:2e:37:c8:7e:04:3d:f7:17:e5:ae:
                    e8:50:ce:93:b2:22:f1:da:cb:53:31:e0:f6:a4:d7:
                    cd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DD:CE:90:CE:2F:77:84:A7:37:03:37:4E:45:E6:23:FA:35:43:F6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/bd3OkM4vd4SnNwM3TkXmI_o1Q_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.238.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a0:88:ee:94:f9:c0:ef:99:fd:fa:df:b1:d2:4f:80:f4:e0:
         a1:2f:4b:0b:b4:59:56:8f:ba:32:0c:08:c5:54:34:0c:9b:29:
         e0:42:22:31:77:bc:69:5d:67:3b:42:5f:0e:d3:02:46:35:39:
         af:a6:95:b7:8b:52:e0:c8:7c:3b:57:4a:66:7a:2b:f2:b0:6a:
         f8:b7:2d:87:93:ed:82:65:d6:41:9f:1e:e7:f3:66:e5:6d:91:
         ad:45:2f:11:1b:d0:b9:3f:7e:03:fa:f9:95:de:2e:db:6e:f9:
         f1:e1:f8:ea:7d:b2:97:68:bd:67:0b:34:1e:9a:03:fc:8c:97:
         e2:37:e8:98:a1:a9:dc:97:4f:73:7c:b4:d3:08:7e:d0:29:bd:
         99:16:45:d9:3c:de:94:14:cc:41:c9:6f:cb:64:41:4e:a4:5c:
         09:ac:53:61:21:f9:15:d3:c7:dc:2a:a5:9c:4e:d8:97:74:a7:
         18:8e:52:9c:7a:06:f2:50:2c:7a:f0:33:26:e9:cd:49:83:46:
         73:92:64:99:a8:19:99:2d:b5:d8:e7:ac:2e:41:31:2a:05:e7:
         18:54:a6:c8:5d:d5:85:14:55:45:ce:10:d8:90:b5:af:52:ed:
         0f:6e:fa:03:7c:b4:54:f5:86:d9:ad:8e:fc:2f:02:d8:97:89:
         fc:92:02:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWktzAbZLqWztw2IGJ4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGRkY2U5MGNlMmY3Nzg0YTczNzAzMzc0ZTQ1ZTYyM2ZhMzU0M2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZ7wRqCQOlwI4hG/L+BpLGe4WX5f
AYh/wA4MU/Zh6RlPC0QmQBcO0Hn/Y8onZRrrdeTb/HyCeg/W7MD/zyEygByLNiOS
PXnYk/6QqX6P/0VnGmPmwouW2qXE3lYYzrsuEIC7e88GtVjhQbPROeOkahBSeyjg
WB2sYyMwor7UxAG9/5FlXeeEmVDLFewMks34ZQVlng97szdv8Tqr1+etD74mGNBr
3vT0c16C6MYXlLaGekPMXf0BOzHiBKA/5lzK/F+VS+esIhCq26FMXmySeYTI5v4A
QzUnUfyJFIHqsd1wBvQ8YS43yH4EPfcX5a7oUM6TsiLx2stTMeD2pNfN/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3dzpDOL3eEpzcDN05F5iP6NUP2MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvYmQzT2tNNHZkNFNuTndNM1RrWG1JX28xUV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVO6lMA0G
CSqGSIb3DQEBCwUAA4IBAQAboIjulPnA75n9+t+x0k+A9OChL0sLtFlWj7oyDAjF
VDQMmyngQiIxd7xpXWc7Ql8O0wJGNTmvppW3i1LgyHw7V0pmeivysGr4ty2Hk+2C
ZdZBnx7n82blbZGtRS8RG9C5P34D+vmV3i7bbvnx4fjqfbKXaL1nCzQemgP8jJfi
N+iYoancl09zfLTTCH7QKb2ZFkXZPN6UFMxByW/LZEFOpFwJrFNhIfkV08fcKqWc
TtiXdKcYjlKcegbyUCx68DMm6c1Jg0ZzkmSZqBmZLbXY56wuQTEqBecYVKbIXdWF
FFVFzhDYkLWvUu0PbvoDfLRU9YbZrY78LwLYl4n8kgJg
-----END CERTIFICATE-----