Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7t_8g3e-SCB04nGeDx-fAOyyYzU.roa
File:                     7t_8g3e-SCB04nGeDx-fAOyyYzU.roa (raw, json)
Hash identifier:          KaZDP3rEPd791aJ/nw4QU7j2W95bXPi6nKUt7cEkBNs=
Subject key identifier:   EE:DF:FC:83:77:BE:48:20:74:E2:71:9E:0F:1F:9F:00:EC:B2:63:35
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D6A3351B3BFF032D496EA609300D8
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7t_8g3e-SCB04nGeDx-fAOyyYzU.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207772
IP address blocks:        95.43.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6a:33:51:b3:bf:f0:32:d4:96:ea:60:93:00:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eedffc8377be482074e2719e0f1f9f00ecb26335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9f:87:bc:b6:93:86:62:e1:b1:3d:1f:e1:f3:
                    7e:0d:cd:20:34:99:c6:6b:be:0f:3f:5c:31:54:af:
                    b7:c8:0b:d5:b9:6c:c1:8a:f4:ec:eb:0b:c7:02:6f:
                    c3:04:a0:4c:cb:21:b4:ca:cb:54:1c:83:ae:0a:64:
                    0f:28:43:27:9e:b8:a8:ff:c4:45:5e:ca:ed:0e:32:
                    6a:0a:05:75:16:f2:61:71:88:46:40:42:5c:14:a9:
                    4f:b4:9f:83:cf:ee:c4:35:dd:9b:49:b3:a5:b8:3c:
                    f5:8b:aa:45:33:02:99:73:74:c6:53:c7:a7:fb:e7:
                    e9:aa:97:83:fe:ab:88:ab:c5:78:0f:f7:c4:9f:9b:
                    2b:c0:70:49:e5:93:49:b0:15:7f:bc:f7:d0:3f:c7:
                    31:63:ba:af:20:73:53:04:53:f2:bb:c0:5a:bc:1e:
                    65:2d:fd:c9:c5:93:64:36:30:50:6b:8e:d0:d2:c3:
                    f7:9c:55:09:3a:f7:ef:a9:74:8f:27:e1:b7:c0:e2:
                    10:87:4a:d6:d1:95:10:2c:24:cb:55:02:4d:a7:6a:
                    78:62:54:1c:73:51:20:10:01:22:6e:c2:dd:9f:ff:
                    4a:01:1e:7f:7a:20:a8:db:f1:94:14:ef:f1:bb:04:
                    e1:54:bd:a1:2d:22:bc:a8:07:0a:b4:7e:1b:ed:1c:
                    63:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:DF:FC:83:77:BE:48:20:74:E2:71:9E:0F:1F:9F:00:EC:B2:63:35
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/7t_8g3e-SCB04nGeDx-fAOyyYzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.43.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:bb:aa:9c:34:72:89:5d:f6:04:42:dc:4a:f5:c3:f8:39:b6:
         4f:27:58:64:23:61:e2:5e:6f:d9:0e:0a:d6:82:58:1d:5d:21:
         42:db:f0:67:4d:58:97:07:4f:e7:36:98:ee:f7:2c:1c:5e:7d:
         81:4b:f5:0a:ab:61:35:37:4e:54:66:eb:7c:3a:4f:a1:dc:1c:
         47:55:9f:f9:f3:7c:9d:cc:20:d3:78:3f:88:62:99:8f:53:8a:
         68:2b:c6:e1:e8:9c:c9:14:da:57:7a:cf:cd:73:41:01:6d:a8:
         95:01:e0:e5:2f:a7:ac:fc:ba:66:c8:c3:69:f4:ae:98:7f:df:
         4a:2b:eb:df:b6:dc:28:ad:d8:ca:da:90:d8:5c:a8:b3:93:9f:
         9f:dc:24:e5:2c:12:9d:bc:ac:4b:e5:9c:6b:25:7b:87:66:90:
         19:22:d6:8d:99:d9:4e:75:c0:a9:13:b9:76:dd:28:42:99:17:
         86:9f:01:cf:ec:2e:b8:46:ae:ee:d4:a6:c9:ef:ed:6b:dc:fe:
         c0:93:b0:da:11:fb:b4:d3:fb:14:cc:b6:70:b0:f5:b1:0b:2e:
         88:4e:83:68:6e:56:9d:88:7c:47:9a:bc:0c:71:db:2b:99:a4:
         5d:ea:35:2b:78:fe:95:e7:a0:f3:f8:d4:87:f5:e7:d3:98:9d:
         50:d6:83:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWozUbO/8DLUlupgkwDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWRmZmM4Mzc3YmU0ODIwNzRlMjcxOWUwZjFmOWYwMGVjYjI2MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5+HvLaThmLhsT0f4fN+Dc0gNJnG
a74PP1wxVK+3yAvVuWzBivTs6wvHAm/DBKBMyyG0ystUHIOuCmQPKEMnnrio/8RF
XsrtDjJqCgV1FvJhcYhGQEJcFKlPtJ+Dz+7ENd2bSbOluDz1i6pFMwKZc3TGU8en
++fpqpeD/quIq8V4D/fEn5srwHBJ5ZNJsBV/vPfQP8cxY7qvIHNTBFPyu8BavB5l
Lf3JxZNkNjBQa47Q0sP3nFUJOvfvqXSPJ+G3wOIQh0rW0ZUQLCTLVQJNp2p4YlQc
c1EgEAEibsLdn/9KAR5/eiCo2/GUFO/xuwThVL2hLSK8qAcKtH4b7Rxj3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7f/IN3vkggdOJxng8fnwDssmM1MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvN3RfOGczZS1TQ0IwNG5HZUR4LWZBT3l5WXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXytyMA0G
CSqGSIb3DQEBCwUAA4IBAQB8u6qcNHKJXfYEQtxK9cP4ObZPJ1hkI2HiXm/ZDgrW
glgdXSFC2/BnTViXB0/nNpju9ywcXn2BS/UKq2E1N05UZut8Ok+h3BxHVZ/583yd
zCDTeD+IYpmPU4poK8bh6JzJFNpXes/Nc0EBbaiVAeDlL6es/LpmyMNp9K6Yf99K
K+vfttwordjK2pDYXKizk5+f3CTlLBKdvKxL5ZxrJXuHZpAZItaNmdlOdcCpE7l2
3ShCmReGnwHP7C64Rq7u1KbJ7+1r3P7Ak7DaEfu00/sUzLZwsPWxCy6IToNoblad
iHxHmrwMcdsrmaRd6jUreP6V56Dz+NSH9efTmJ1Q1oPo
-----END CERTIFICATE-----