Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/P4ZZtp4JsXxCVJn9ZyOpcYAlv1M.roa
File:                     P4ZZtp4JsXxCVJn9ZyOpcYAlv1M.roa (raw, json)
Hash identifier:          obi7f5CZLsaGmFd3EP61o1huj6lo+CnC/CM6mxCG4YI=
Subject key identifier:   3F:86:59:B6:9E:09:B1:7C:42:54:99:FD:67:23:A9:71:80:25:BF:53
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0195EB8DBF1B1B9ECCA0D3AB895C42D9E7BC
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/P4ZZtp4JsXxCVJn9ZyOpcYAlv1M.roa
Signing time:             Mon 31 Mar 2025 09:34:49 +0000
ROA not before:           Mon 31 Mar 2025 09:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25693
IP address blocks:        46.37.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:8d:bf:1b:1b:9e:cc:a0:d3:ab:89:5c:42:d9:e7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Mar 31 09:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f8659b69e09b17c425499fd6723a9718025bf53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:22:20:ab:8b:f7:f2:78:c6:d6:87:9e:36:
                    32:89:2b:fe:4a:d1:49:7e:61:bb:ce:ea:29:b9:e6:
                    0a:28:6a:0f:06:e0:43:be:58:97:c4:75:da:3b:35:
                    28:70:8c:22:68:3e:3e:c1:8c:3f:77:41:76:d2:d2:
                    69:01:c4:f5:5f:03:5b:7f:80:ec:82:d0:d4:77:20:
                    b7:6b:f7:0e:7b:f8:49:20:6b:2e:c7:d1:09:6c:75:
                    00:8d:8e:ef:b1:46:e2:b6:7f:cb:14:28:27:79:e5:
                    48:87:4e:67:43:47:bd:e6:56:33:2e:8f:0c:71:b2:
                    48:48:54:4f:f8:98:e4:9b:17:34:5d:22:66:16:43:
                    9d:18:be:bf:43:a4:64:36:2e:d5:94:1d:75:5e:d1:
                    0e:15:a3:c6:e7:3d:24:e5:e7:8d:57:e8:4c:12:e5:
                    3b:d8:1a:3d:84:bd:31:d4:fe:82:7b:19:2e:6a:fe:
                    f9:2c:87:35:02:36:c1:60:8c:de:5c:ab:fa:e3:92:
                    3e:cb:a5:ba:d6:a2:8b:9c:ec:85:c8:d4:9e:a6:e2:
                    6c:06:22:10:b5:4a:4a:e5:9e:b0:12:6e:54:17:92:
                    40:ff:f1:4f:1c:77:77:69:61:06:c8:be:79:2a:84:
                    ff:9c:31:2c:8f:b1:35:35:46:3d:7d:cf:ab:ab:49:
                    51:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:86:59:B6:9E:09:B1:7C:42:54:99:FD:67:23:A9:71:80:25:BF:53
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/P4ZZtp4JsXxCVJn9ZyOpcYAlv1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:ec:a7:e5:25:98:19:e1:b2:01:ec:fe:63:2a:ad:47:25:79:
         a1:7d:b9:f8:cf:10:d8:de:ed:5c:70:ad:6b:aa:54:16:f9:55:
         11:e0:b1:5c:c1:43:19:15:8d:f7:5e:23:b9:cc:ac:01:66:18:
         68:5e:b2:fd:e5:74:6c:a7:6e:b0:e2:07:12:15:23:47:f0:d3:
         76:e8:b7:f4:c2:dc:28:8b:ff:d7:99:51:05:5f:f3:47:c0:33:
         87:e6:73:7d:ec:3d:2e:2d:82:61:00:b6:5a:b6:4d:c8:15:9b:
         c2:d9:37:14:1e:91:6b:2a:9c:8e:be:37:f7:43:cf:7a:0b:40:
         f7:50:0d:b9:ed:f9:76:e3:a0:2b:f6:82:a2:23:b6:81:5d:3b:
         ea:5a:1b:b5:d3:3e:79:b8:c5:01:45:22:72:00:02:6b:47:b5:
         fe:14:6e:f3:26:21:38:dc:70:3c:b6:c1:a3:c5:3e:f4:62:f7:
         58:42:9a:00:ae:9e:ad:27:1d:ff:9f:3e:36:88:62:a9:37:3d:
         5b:58:73:68:72:de:36:b6:cb:2f:d8:d2:23:c9:b8:1d:df:a9:
         5d:98:1b:7c:74:dc:7e:d2:08:35:25:bd:09:c6:98:5e:89:54:
         3c:8e:11:ff:78:af:c6:c6:73:c1:e2:87:9d:60:ef:66:a9:00:
         a3:b8:32:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXrjb8bG57MoNOriVxC2ee8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMzMxMDkzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjg2NTliNjllMDliMTdjNDI1NDk5ZmQ2NzIzYTk3MTgwMjViZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPEiIKuL9/J4xtaHnjYyiSv+StFJ
fmG7zuopueYKKGoPBuBDvliXxHXaOzUocIwiaD4+wYw/d0F20tJpAcT1XwNbf4Ds
gtDUdyC3a/cOe/hJIGsux9EJbHUAjY7vsUbitn/LFCgneeVIh05nQ0e95lYzLo8M
cbJISFRP+Jjkmxc0XSJmFkOdGL6/Q6RkNi7VlB11XtEOFaPG5z0k5eeNV+hMEuU7
2Bo9hL0x1P6Cexkuav75LIc1AjbBYIzeXKv645I+y6W61qKLnOyFyNSepuJsBiIQ
tUpK5Z6wEm5UF5JA//FPHHd3aWEGyL55KoT/nDEsj7E1NUY9fc+rq0lRYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+GWbaeCbF8QlSZ/WcjqXGAJb9TMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvUDRaWnRwNEpzWHhDVkpuOVp5T3BjWUFsdjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiVgMA0G
CSqGSIb3DQEBCwUAA4IBAQA/7KflJZgZ4bIB7P5jKq1HJXmhfbn4zxDY3u1ccK1r
qlQW+VUR4LFcwUMZFY33XiO5zKwBZhhoXrL95XRsp26w4gcSFSNH8NN26Lf0wtwo
i//XmVEFX/NHwDOH5nN97D0uLYJhALZatk3IFZvC2TcUHpFrKpyOvjf3Q896C0D3
UA257fl246Ar9oKiI7aBXTvqWhu10z55uMUBRSJyAAJrR7X+FG7zJiE43HA8tsGj
xT70YvdYQpoArp6tJx3/nz42iGKpNz1bWHNoct42tssv2NIjybgd36ldmBt8dNx+
0gg1Jb0JxpheiVQ8jhH/eK/GxnPB4oedYO9mqQCjuDJa
-----END CERTIFICATE-----