Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Aen1ptkAkBXaq1czhGP-DVw8RvQ.roa
File:                     Aen1ptkAkBXaq1czhGP-DVw8RvQ.roa (raw, json)
Hash identifier:          8EPbflQikNMAMGUCzGjmJV+qRBy9a9YNzod2d9hjXyA=
Subject key identifier:   01:E9:F5:A6:D9:00:90:15:DA:AB:57:33:84:63:FE:0D:5C:3C:46:F4
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01962460B59165045E6BA4E03F9CD3582BB7
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Aen1ptkAkBXaq1czhGP-DVw8RvQ.roa
Signing time:             Fri 11 Apr 2025 10:23:59 +0000
ROA not before:           Fri 11 Apr 2025 10:23:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        185.243.155.0/24 maxlen: 24
                          195.96.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:24:60:b5:91:65:04:5e:6b:a4:e0:3f:9c:d3:58:2b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Apr 11 10:23:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01e9f5a6d9009015daab57338463fe0d5c3c46f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:16:78:72:77:35:43:83:70:9f:b5:ca:90:1c:
                    24:7c:d2:f3:1c:c9:67:7b:ce:73:c8:d6:eb:23:ed:
                    1c:c2:65:31:49:51:ab:7a:4b:4a:aa:2a:ae:d3:45:
                    03:e8:e2:c9:a1:70:01:f8:6b:77:cb:54:5b:8f:fa:
                    ec:5d:2f:77:8e:47:06:cc:9b:6f:06:42:81:c0:c6:
                    b9:c9:a0:21:04:cc:6d:2a:f7:09:e6:8c:72:7b:bb:
                    11:8a:81:a8:ba:75:49:52:ee:1d:0c:9e:47:09:05:
                    3c:77:7c:03:7c:16:72:80:75:dc:2f:03:9e:e4:34:
                    29:e2:a9:16:2c:b8:80:88:d2:5c:cd:1c:87:7f:cf:
                    19:06:83:b3:b2:5e:2e:95:c5:12:30:c1:a3:bc:ab:
                    a9:f3:45:6e:f3:35:1d:5f:5e:b4:82:5f:51:c7:81:
                    da:86:c5:ff:fb:7b:dc:c0:a9:92:ab:2c:80:c7:cb:
                    66:cf:f7:0d:0f:3d:e7:60:2d:ab:0b:6a:42:46:09:
                    e4:8a:54:eb:b5:03:d0:d6:38:0a:6c:64:67:0f:04:
                    1f:f1:1a:66:34:20:cb:2d:55:8d:0c:01:b2:be:92:
                    f9:4d:fb:b5:a3:52:8e:94:b2:8e:05:19:d3:99:fc:
                    9a:03:17:c5:8b:54:45:f7:9e:43:47:52:89:51:b9:
                    29:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E9:F5:A6:D9:00:90:15:DA:AB:57:33:84:63:FE:0D:5C:3C:46:F4
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Aen1ptkAkBXaq1czhGP-DVw8RvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.155.0/24
                  195.96.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:06:c8:8d:14:77:23:71:f3:05:99:40:8d:d9:29:19:b4:0e:
         a3:7b:a3:c4:73:a2:03:e3:1b:65:31:78:d2:31:b6:f7:34:40:
         e5:89:34:be:2c:44:61:b3:95:dd:ea:f3:8a:fa:04:7c:47:64:
         95:40:a0:59:9a:50:e5:b3:86:28:7e:fe:11:15:ac:d2:1c:92:
         59:61:10:f5:b1:d8:9e:e8:ef:dc:62:7f:85:eb:70:f9:73:69:
         74:80:8d:1b:d2:98:3e:eb:6a:08:02:26:7a:64:fa:a6:80:01:
         cc:33:84:d5:70:d1:3c:b1:c5:aa:36:f0:e1:60:ad:8e:e0:35:
         e8:c0:ea:8f:d8:18:60:bd:cb:51:f5:1f:d0:7a:57:43:a2:d5:
         89:b3:f3:a0:d4:12:a2:39:09:7e:9a:7d:c8:67:16:08:b8:f2:
         08:18:03:a0:90:2f:5e:e8:f8:75:4b:81:15:2c:46:82:13:1b:
         12:87:42:06:2e:3d:8b:d0:85:05:ca:81:7e:73:ed:c4:11:74:
         05:83:e9:a2:f7:4a:5c:47:5a:0a:21:b4:68:3e:d8:8c:b8:71:
         d0:af:63:2c:b1:a6:0d:f6:29:87:40:b6:25:5e:d4:d4:6c:73:
         b5:37:ca:56:20:6e:a0:45:4d:51:c4:e6:94:0b:25:b4:d3:69:
         8d:31:61:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYkYLWRZQRea6TgP5zTWCu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwNDExMTAyMzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWU5ZjVhNmQ5MDA5MDE1ZGFhYjU3MzM4NDYzZmUwZDVjM2M0NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hZ4cnc1Q4Nwn7XKkBwkfNLzHMln
e85zyNbrI+0cwmUxSVGrektKqiqu00UD6OLJoXAB+Gt3y1Rbj/rsXS93jkcGzJtv
BkKBwMa5yaAhBMxtKvcJ5oxye7sRioGounVJUu4dDJ5HCQU8d3wDfBZygHXcLwOe
5DQp4qkWLLiAiNJczRyHf88ZBoOzsl4ulcUSMMGjvKup80Vu8zUdX160gl9Rx4Ha
hsX/+3vcwKmSqyyAx8tmz/cNDz3nYC2rC2pCRgnkilTrtQPQ1jgKbGRnDwQf8Rpm
NCDLLVWNDAGyvpL5Tfu1o1KOlLKOBRnTmfyaAxfFi1RF955DR1KJUbkp1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHp9abZAJAV2qtXM4Rj/g1cPEb0MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvQWVuMXB0a0FrQlhhcTFjemhHUC1EVnc4UnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufObAwQA
w2CEMA0GCSqGSIb3DQEBCwUAA4IBAQBFBsiNFHcjcfMFmUCN2SkZtA6je6PEc6ID
4xtlMXjSMbb3NEDliTS+LERhs5Xd6vOK+gR8R2SVQKBZmlDls4Yofv4RFazSHJJZ
YRD1sdie6O/cYn+F63D5c2l0gI0b0pg+62oIAiZ6ZPqmgAHMM4TVcNE8scWqNvDh
YK2O4DXowOqP2BhgvctR9R/QeldDotWJs/Og1BKiOQl+mn3IZxYIuPIIGAOgkC9e
6Ph1S4EVLEaCExsSh0IGLj2L0IUFyoF+c+3EEXQFg+mi90pcR1oKIbRoPtiMuHHQ
r2MssaYN9imHQLYlXtTUbHO1N8pWIG6gRU1RxOaUCyW002mNMWFD
-----END CERTIFICATE-----