Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/AnftS6a3tNRTfwARV2obSQtU-1Q.roa
File:                     AnftS6a3tNRTfwARV2obSQtU-1Q.roa (raw, json)
Hash identifier:          1O5FkUYkHZKrQKTSneyG+jslWvu7oIHqq1i+yTKMvxI=
Subject key identifier:   02:77:ED:4B:A6:B7:B4:D4:53:7F:00:11:57:6A:1B:49:0B:54:FB:54
Certificate issuer:       /CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
Certificate serial:       01942521C2AE4EB7CFEA66337C6242B91E7C
Authority key identifier: E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/AnftS6a3tNRTfwARV2obSQtU-1Q.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43905
IP address blocks:        185.84.12.0/22 maxlen: 22
                          217.173.61.0/24 maxlen: 24
                          217.173.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c2:ae:4e:b7:cf:ea:66:33:7c:62:42:b9:1e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0277ed4ba6b7b4d4537f0011576a1b490b54fb54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5f:b0:5d:2f:c5:d8:8a:c2:7d:b1:64:b6:f7:
                    ae:7f:02:a4:53:af:22:ee:dd:0d:ca:f6:9b:2d:44:
                    be:18:1d:7f:af:5d:8c:15:41:58:f6:71:ac:97:6b:
                    80:a9:42:6d:06:2d:5d:82:ac:1c:05:1c:2a:79:29:
                    23:fe:d8:06:ab:4a:ab:7f:fa:65:bf:9f:64:ab:ed:
                    30:89:07:88:8e:37:7f:38:5e:d6:d5:16:15:cb:17:
                    92:bd:36:7c:bf:46:59:d8:8a:b9:3a:05:c8:c2:7b:
                    7b:08:fa:f5:e8:0f:05:a0:16:f5:54:0d:97:35:bf:
                    da:60:64:f1:63:cf:84:d0:12:85:ab:22:52:11:b6:
                    5d:bb:67:f3:64:a2:ee:a9:9c:26:76:6a:39:4f:b6:
                    03:87:12:23:6f:6f:ae:ab:c9:cc:f1:d5:58:f9:69:
                    84:dc:ed:18:b1:3d:f4:a2:ff:12:03:09:69:78:e8:
                    7e:00:9b:70:12:f8:52:6e:3e:6c:d9:5c:da:64:ab:
                    9b:c9:68:c7:48:c5:f8:a5:d8:87:6b:28:f0:e5:59:
                    89:bc:be:23:29:41:35:67:10:36:02:7d:56:36:9b:
                    77:81:d2:34:b0:81:e3:e4:4d:13:89:f6:d8:6c:5f:
                    b4:95:03:ff:93:34:3f:61:b7:2b:d9:2a:b2:39:e7:
                    03:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:77:ED:4B:A6:B7:B4:D4:53:7F:00:11:57:6A:1B:49:0B:54:FB:54
            X509v3 Authority Key Identifier:
                keyid:E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/AnftS6a3tNRTfwARV2obSQtU-1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.12.0/22
                  217.173.61.0-217.173.62.255

    Signature Algorithm: sha256WithRSAEncryption
         85:f5:a4:24:e2:50:00:ef:f3:9e:de:f4:a8:f3:4c:61:d2:4f:
         3c:87:4d:d6:b8:5b:55:61:da:bd:39:ef:d1:70:d5:06:f6:96:
         b0:cb:58:00:36:3e:48:b0:18:bc:2c:09:ea:08:cd:41:06:91:
         f6:04:d9:5e:54:9b:80:27:5d:73:e4:d8:b9:a7:06:f0:15:c1:
         fd:de:51:52:3d:ce:c6:00:f7:dd:71:c1:57:1c:f5:ec:70:ce:
         1f:8f:ee:62:4b:b3:04:57:7b:eb:c3:ca:a5:73:4a:0c:3a:a0:
         46:ad:8d:2c:1e:ab:23:86:7e:95:e4:63:5e:b6:fe:8a:bc:63:
         f7:3f:34:5c:f9:75:40:e9:a4:87:1b:ac:56:c3:c8:14:84:a1:
         58:d6:a7:e6:ec:46:7b:03:d7:83:2d:2c:bb:f5:c3:16:65:92:
         e9:d9:f9:9a:f2:60:d0:03:ff:a9:39:82:ea:db:59:9e:e5:32:
         2e:30:cb:e3:f6:bd:9b:17:92:e4:b3:f6:6e:e5:21:92:de:d2:
         0e:28:35:90:a8:8b:2d:81:44:d7:61:31:68:2c:c3:d6:2e:b3:
         a6:2b:8e:28:7a:06:c4:77:14:37:25:ef:c0:9f:f8:24:55:4c:
         60:fc:07:e8:80:a4:25:6a:b8:6e:32:d3:1b:bc:40:f9:12:76:
         db:01:34:3f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQlIcKuTrfP6mYzfGJCuR58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjFlMmU0YzUwOGM2YzdhOThiNjU5ODUyODc0NWM4MTNm
YWQzMWQwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjc3ZWQ0YmE2YjdiNGQ0NTM3ZjAwMTE1NzZhMWI0OTBiNTRmYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF+wXS/F2IrCfbFktveufwKkU68i
7t0NyvabLUS+GB1/r12MFUFY9nGsl2uAqUJtBi1dgqwcBRwqeSkj/tgGq0qrf/pl
v59kq+0wiQeIjjd/OF7W1RYVyxeSvTZ8v0ZZ2Iq5OgXIwnt7CPr16A8FoBb1VA2X
Nb/aYGTxY8+E0BKFqyJSEbZdu2fzZKLuqZwmdmo5T7YDhxIjb2+uq8nM8dVY+WmE
3O0YsT30ov8SAwlpeOh+AJtwEvhSbj5s2VzaZKubyWjHSMX4pdiHayjw5VmJvL4j
KUE1ZxA2An1WNpt3gdI0sIHj5E0TifbYbF+0lQP/kzQ/Ybcr2SqyOecDIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAJ37Uumt7TUU38AEVdqG0kLVPtUMB8GA1UdIwQY
MBaAFOKx4uTFCMbHqYtlmFKHRcgT+tMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2Et
NTQzZDYxODJlMjk0LzEvQW5mdFM2YTN0TlJUZndBUlYyb2JTUXRVLTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2EtNTQzZDYxODJlMjk0
LzEvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuVQMMAwD
BADZrT0DBADZrT4wDQYJKoZIhvcNAQELBQADggEBAIX1pCTiUADv857e9KjzTGHS
TzyHTda4W1Vh2r0579Fw1Qb2lrDLWAA2PkiwGLwsCeoIzUEGkfYE2V5Um4AnXXPk
2LmnBvAVwf3eUVI9zsYA991xwVcc9exwzh+P7mJLswRXe+vDyqVzSgw6oEatjSwe
qyOGfpXkY162/oq8Y/c/NFz5dUDppIcbrFbDyBSEoVjWp+bsRnsD14MtLLv1wxZl
kunZ+ZryYNAD/6k5gurbWZ7lMi4wy+P2vZsXkuSz9m7lIZLe0g4oNZCoiy2BRNdh
MWgsw9Yus6Yrjih6BsR3FDcl78Cf+CRVTGD8B+iApCVquG4y0xu8QPkSdtsBND8=
-----END CERTIFICATE-----