Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3tKDdY3UP8McgEp2pjTe6Hp4ltY.roa
File:                     3tKDdY3UP8McgEp2pjTe6Hp4ltY.roa (raw, json)
Hash identifier:          NpVv3nwncswrjKAHhfiN3OTtibNsLrdHnKgKixJ+aOY=
Subject key identifier:   DE:D2:83:75:8D:D4:3F:C3:1C:80:4A:76:A6:34:DE:E8:7A:78:96:D6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       0194274802E4851CC8CFB0F876F05A593CEA
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3tKDdY3UP8McgEp2pjTe6Hp4ltY.roa
Signing time:             Thu 02 Jan 2025 13:50:18 +0000
ROA not before:           Thu 02 Jan 2025 13:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206523
IP address blocks:        95.43.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:02:e4:85:1c:c8:cf:b0:f8:76:f0:5a:59:3c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ded283758dd43fc31c804a76a634dee87a7896d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5c:ba:ab:26:6a:3e:0d:03:fc:f4:da:86:09:
                    c9:79:f9:2d:be:21:8e:48:51:4c:62:72:ab:48:fd:
                    d5:5d:e7:39:4f:56:a3:47:8f:c7:6c:02:07:2f:b9:
                    b4:72:68:f0:6b:ec:fa:9a:3f:3e:79:4f:f9:bb:8e:
                    4d:25:75:8d:78:29:b1:24:5c:72:f4:e4:a0:9d:2a:
                    2d:78:aa:9a:28:30:ca:29:22:a3:b7:c5:ce:5f:91:
                    d4:49:8d:85:f9:29:79:8f:e1:41:51:c7:22:bf:28:
                    e6:1a:39:1e:33:8b:b4:fd:05:b5:3a:75:ea:bf:80:
                    cf:1f:a9:97:ff:d7:cb:96:df:bd:82:1e:88:3f:f4:
                    5e:f2:38:22:74:e6:c5:03:dd:73:a1:be:23:96:ec:
                    cb:25:39:f2:53:bd:ad:77:2e:90:be:30:07:d6:08:
                    08:c9:37:58:86:02:8b:53:e8:d7:82:69:ef:05:dd:
                    34:03:c3:f8:2e:97:f4:24:5c:29:dc:64:b4:36:6a:
                    c2:2c:98:40:b8:69:fc:b1:36:3d:d2:4c:80:1d:31:
                    b6:6e:ab:21:c8:3e:26:fa:22:9d:e9:e8:1d:17:d0:
                    6e:90:21:91:9a:22:73:08:54:56:fd:68:fa:cf:d9:
                    ff:5e:38:99:a5:41:ba:a0:79:6f:fd:22:84:3c:a9:
                    40:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:D2:83:75:8D:D4:3F:C3:1C:80:4A:76:A6:34:DE:E8:7A:78:96:D6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/3tKDdY3UP8McgEp2pjTe6Hp4ltY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:c8:28:7d:16:bb:cb:f4:bd:30:c9:0d:aa:86:53:87:c3:16:
         1e:da:d6:e4:8e:02:39:76:d5:0d:28:ff:53:ce:89:d1:45:8b:
         dc:ce:6a:46:1c:a3:9f:7f:9c:66:93:03:4f:73:5f:ba:67:e8:
         53:21:50:4d:15:92:88:00:20:10:a6:bd:aa:88:67:4b:47:83:
         83:b3:f8:70:70:78:04:7b:2b:ca:7e:dd:9e:3f:2d:6c:cb:ee:
         f6:4e:41:74:c2:da:82:c8:f1:85:74:73:99:d9:ef:6f:ed:41:
         7c:b8:b0:45:40:73:e3:98:95:75:87:93:be:f6:ea:16:fc:0d:
         96:d1:82:e4:78:d0:7e:83:76:4d:ee:75:b0:7e:a5:18:9e:d8:
         be:57:0f:5c:fb:c4:a0:ae:a8:17:2f:84:c3:0c:94:06:69:e3:
         5f:8f:66:16:85:ec:4a:3e:85:24:87:a3:0c:4f:14:15:b5:ac:
         a6:97:c4:4e:4e:ce:5a:20:bb:2f:86:fb:67:7f:af:cf:4c:c6:
         c2:ef:e1:42:88:2d:e8:ca:9f:40:4d:be:63:7b:d2:d5:cb:df:
         e8:6f:bb:44:75:e8:fa:36:fd:7d:b5:9c:e4:21:c6:f4:7d:0e:
         7a:a8:0b:ac:3d:41:52:3f:0c:9b:9f:24:28:b6:93:6b:13:af:
         01:64:aa:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSALkhRzIz7D4dvBaWTzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQyODM3NThkZDQzZmMzMWM4MDRhNzZhNjM0ZGVlODdhNzg5NmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFy6qyZqPg0D/PTahgnJefktviGO
SFFMYnKrSP3VXec5T1ajR4/HbAIHL7m0cmjwa+z6mj8+eU/5u45NJXWNeCmxJFxy
9OSgnSoteKqaKDDKKSKjt8XOX5HUSY2F+Sl5j+FBUccivyjmGjkeM4u0/QW1OnXq
v4DPH6mX/9fLlt+9gh6IP/Re8jgidObFA91zob4jluzLJTnyU72tdy6QvjAH1ggI
yTdYhgKLU+jXgmnvBd00A8P4Lpf0JFwp3GS0NmrCLJhAuGn8sTY90kyAHTG2bqsh
yD4m+iKd6egdF9BukCGRmiJzCFRW/Wj6z9n/XjiZpUG6oHlv/SKEPKlALQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7Sg3WN1D/DHIBKdqY03uh6eJbWMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvM3RLRGRZM1VQOE1jZ0VwMnBqVGU2SHA0bHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXyvYMA0G
CSqGSIb3DQEBCwUAA4IBAQC0yCh9FrvL9L0wyQ2qhlOHwxYe2tbkjgI5dtUNKP9T
zonRRYvczmpGHKOff5xmkwNPc1+6Z+hTIVBNFZKIACAQpr2qiGdLR4ODs/hwcHgE
eyvKft2ePy1sy+72TkF0wtqCyPGFdHOZ2e9v7UF8uLBFQHPjmJV1h5O+9uoW/A2W
0YLkeNB+g3ZN7nWwfqUYnti+Vw9c+8SgrqgXL4TDDJQGaeNfj2YWhexKPoUkh6MM
TxQVtayml8ROTs5aILsvhvtnf6/PTMbC7+FCiC3oyp9ATb5je9LVy9/ob7tEdej6
Nv19tZzkIcb0fQ56qAusPUFSPwybnyQotpNrE68BZKoA
-----END CERTIFICATE-----