Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/YH77N0FEznpizquL2OaCl5vYAjI.roa
File:                     YH77N0FEznpizquL2OaCl5vYAjI.roa (raw, json)
Hash identifier:          YndCp+4019jEGglb/4lGICFoI/oofyeIHhlA4OhtUTc=
Subject key identifier:   60:7E:FB:37:41:44:CE:7A:62:CE:AB:8B:D8:E6:82:97:9B:D8:02:32
Certificate issuer:       /CN=9dfe30a014784625db2c9dc90ae3ce15e54a88ec
Certificate serial:       0198D0792AC32921BE6EA03F40A5D9F7E5BC
Authority key identifier: 9D:FE:30:A0:14:78:46:25:DB:2C:9D:C9:0A:E3:CE:15:E5:4A:88:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nf4woBR4RiXbLJ3JCuPOFeVKiOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/YH77N0FEznpizquL2OaCl5vYAjI.roa
Signing time:             Fri 22 Aug 2025 06:30:58 +0000
ROA not before:           Fri 22 Aug 2025 06:30:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56834
IP address blocks:        95.214.12.0/22 maxlen: 22
                          217.18.216.0/22 maxlen: 22
                          2a09:d280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/nf4woBR4RiXbLJ3JCuPOFeVKiOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/nf4woBR4RiXbLJ3JCuPOFeVKiOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nf4woBR4RiXbLJ3JCuPOFeVKiOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d0:79:2a:c3:29:21:be:6e:a0:3f:40:a5:d9:f7:e5:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfe30a014784625db2c9dc90ae3ce15e54a88ec
        Validity
            Not Before: Aug 22 06:30:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=607efb374144ce7a62ceab8bd8e682979bd80232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b8:68:53:66:b8:14:fc:7a:d2:14:1e:87:66:
                    bf:02:ff:ae:10:08:0a:18:ba:3d:ae:45:39:71:d3:
                    4f:03:a5:42:76:ae:02:f0:2d:a3:a6:d3:9e:2e:6a:
                    9a:39:bf:77:60:85:f5:b8:75:c4:87:4d:de:7a:b1:
                    8d:8f:fe:f9:37:d2:e5:e9:35:1f:9d:18:06:ed:c2:
                    03:45:71:9d:a4:c4:47:69:83:4f:0a:c5:e6:2d:ed:
                    05:13:fa:e5:cb:0d:68:88:d3:23:b2:a2:96:00:aa:
                    cb:70:ae:ec:23:5e:11:08:57:cf:02:c5:4b:b4:df:
                    a4:13:16:d1:c5:4c:58:05:b2:ff:f9:0e:3e:7a:cf:
                    a0:5a:fa:b4:2a:b6:7c:10:d1:8c:54:2b:fc:5a:fb:
                    82:c2:f1:cf:1a:0f:24:6c:56:2b:32:6c:1e:e0:b7:
                    06:ad:2a:17:1f:ff:80:5f:cc:40:27:9d:f8:6c:f0:
                    36:d0:c0:bf:d2:f9:44:06:d5:e5:ff:53:99:92:95:
                    d0:86:67:a5:63:e6:a9:2c:9b:3f:14:1b:44:62:c7:
                    e7:77:9f:f6:d6:81:ee:fa:e2:fb:0c:44:6e:7a:fa:
                    c8:e7:a5:af:d8:45:fc:ed:96:a2:be:cb:f2:ac:7b:
                    bc:24:9c:e5:18:86:d9:7f:d9:ff:80:7d:b1:97:ce:
                    5d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7E:FB:37:41:44:CE:7A:62:CE:AB:8B:D8:E6:82:97:9B:D8:02:32
            X509v3 Authority Key Identifier:
                keyid:9D:FE:30:A0:14:78:46:25:DB:2C:9D:C9:0A:E3:CE:15:E5:4A:88:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nf4woBR4RiXbLJ3JCuPOFeVKiOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/YH77N0FEznpizquL2OaCl5vYAjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3d1495-0ef8-49b1-99e2-604e23747769/1/nf4woBR4RiXbLJ3JCuPOFeVKiOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.12.0/22
                  217.18.216.0/22
                IPv6:
                  2a09:d280::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:28:69:33:0f:45:2f:2c:35:83:c5:64:ac:d1:5d:7d:c6:dc:
         93:9a:4e:9a:a9:98:b9:6b:ac:66:cc:11:c3:c1:27:f4:7e:85:
         f6:ad:43:30:55:bf:1c:a9:c8:a4:ca:61:18:08:3d:92:94:75:
         17:88:37:a1:5d:b4:3e:d7:2b:a8:da:89:70:b6:a3:3b:e3:03:
         5b:0b:75:c7:52:42:f6:39:e7:67:82:48:0f:7e:e5:85:80:7e:
         e8:6d:f0:ab:ed:b4:e5:66:bb:b1:4f:30:82:8d:56:eb:42:4e:
         12:16:1f:bd:ea:6c:c8:88:87:14:b8:6c:c0:2b:9c:54:f3:2e:
         61:ae:6b:70:fc:5b:13:0d:a4:ab:d4:d5:8c:af:11:7d:78:dc:
         20:4b:3f:7d:8d:da:90:68:26:11:d5:2d:ec:6b:69:d2:b2:b9:
         fe:05:eb:8f:d1:f1:b8:60:4b:f6:7d:d7:16:e2:2f:6f:bf:ec:
         1d:fb:6c:81:04:f3:b3:d1:3c:a7:7a:27:d4:63:a3:68:d3:cd:
         72:8d:44:55:24:d6:44:3d:2e:48:80:3d:bb:1f:46:20:2d:96:
         ca:00:94:12:ec:40:01:a8:52:60:61:ef:92:a9:4d:84:08:79:
         80:d8:36:22:1f:3d:92:1d:99:71:d4:6c:40:20:c7:4e:75:07:
         10:00:57:5e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZjQeSrDKSG+bqA/QKXZ9+W8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZmUzMGEwMTQ3ODQ2MjVkYjJjOWRjOTBhZTNjZTE1ZTU0
YTg4ZWMwHhcNMjUwODIyMDYzMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdlZmIzNzQxNDRjZTdhNjJjZWFiOGJkOGU2ODI5NzliZDgwMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbhoU2a4FPx60hQeh2a/Av+uEAgK
GLo9rkU5cdNPA6VCdq4C8C2jptOeLmqaOb93YIX1uHXEh03eerGNj/75N9Ll6TUf
nRgG7cIDRXGdpMRHaYNPCsXmLe0FE/rlyw1oiNMjsqKWAKrLcK7sI14RCFfPAsVL
tN+kExbRxUxYBbL/+Q4+es+gWvq0KrZ8ENGMVCv8WvuCwvHPGg8kbFYrMmwe4LcG
rSoXH/+AX8xAJ534bPA20MC/0vlEBtXl/1OZkpXQhmelY+apLJs/FBtEYsfnd5/2
1oHu+uL7DERuevrI56Wv2EX87ZaivsvyrHu8JJzlGIbZf9n/gH2xl85dvQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGB++zdBRM56Ys6ri9jmgpeb2AIyMB8GA1UdIwQY
MBaAFJ3+MKAUeEYl2yydyQrjzhXlSojsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmY0d29CUjRSaVhiTEozSkN1UE9GZVZLaU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zZDE0OTUtMGVmOC00OWIxLTk5ZTIt
NjA0ZTIzNzQ3NzY5LzEvWUg3N04wRkV6bnBpenF1TDJPYUNsNXZZQWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zZDE0OTUtMGVmOC00OWIxLTk5ZTItNjA0ZTIzNzQ3NzY5
LzEvbmY0d29CUjRSaVhiTEozSkN1UE9GZVZLaU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCX9YMAwQC
2RLYMA0EAgACMAcDBQMqCdKAMA0GCSqGSIb3DQEBCwUAA4IBAQAQKGkzD0UvLDWD
xWSs0V19xtyTmk6aqZi5a6xmzBHDwSf0foX2rUMwVb8cqcikymEYCD2SlHUXiDeh
XbQ+1yuo2olwtqM74wNbC3XHUkL2OedngkgPfuWFgH7obfCr7bTlZruxTzCCjVbr
Qk4SFh+96mzIiIcUuGzAK5xU8y5hrmtw/FsTDaSr1NWMrxF9eNwgSz99jdqQaCYR
1S3sa2nSsrn+BeuP0fG4YEv2fdcW4i9vv+wd+2yBBPOz0TyneifUY6No081yjURV
JNZEPS5IgD27H0YgLZbKAJQS7EABqFJgYe+SqU2ECHmA2DYiHz2SHZlx1GxAIMdO
dQcQAFde
-----END CERTIFICATE-----