Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/84zXSmHmcJ8oCiyiuuceMLYdFx8.roa
File:                     84zXSmHmcJ8oCiyiuuceMLYdFx8.roa (raw, json)
Hash identifier:          8X3YRfHvmAYODyXm8otm8pHYe/NfLtu/hVj39Zx9Rf8=
Subject key identifier:   F3:8C:D7:4A:61:E6:70:9F:28:0A:2C:A2:BA:E7:1E:30:B6:1D:17:1F
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC4C5242D7DECF806226CB21FEDD5
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/84zXSmHmcJ8oCiyiuuceMLYdFx8.roa
Signing time:             Thu 02 Jan 2025 05:48:20 +0000
ROA not before:           Thu 02 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48266
IP address blocks:        2a0e:aa07:4100::/40 maxlen: 40
                          2a0e:aa07:e033::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c4:c5:24:2d:7d:ec:f8:06:22:6c:b2:1f:ed:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f38cd74a61e6709f280a2ca2bae71e30b61d171f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5d:84:5b:d8:81:4a:60:d3:8e:d7:a5:29:cd:
                    bf:75:3b:23:45:74:f1:e4:7d:1a:15:9c:51:e1:e0:
                    ff:e7:a3:ce:92:76:72:f3:41:df:de:d3:6b:1e:7a:
                    b9:4a:0a:ad:6e:fc:2b:a3:ea:13:f0:03:b4:4d:a4:
                    07:a9:12:dc:ef:da:5b:21:eb:fc:57:ca:fd:39:a9:
                    6c:86:ec:23:e1:5e:61:cd:9e:6b:9a:6f:f0:6d:03:
                    5f:69:2e:f6:37:b5:4b:3c:4d:94:ff:77:1a:00:b3:
                    ae:c5:24:0d:1b:45:98:bd:45:8b:8f:d1:13:0e:13:
                    3d:4a:b4:13:c4:c8:fd:51:fd:1e:29:19:bf:ad:eb:
                    4b:b9:d1:35:73:98:e7:ae:2f:a8:ee:0c:54:3a:92:
                    9a:5b:d3:d2:f0:61:94:55:6f:20:8f:b3:0f:38:7b:
                    91:47:b6:cc:e7:7c:23:66:53:46:34:fd:e8:ee:64:
                    de:15:4f:74:91:cc:d7:cc:d4:95:45:32:f6:de:03:
                    63:52:c0:9c:3a:00:c5:eb:f7:a8:ec:ed:35:66:0c:
                    67:f4:4f:e2:cf:24:81:6d:25:47:32:b5:a7:82:ac:
                    d9:b0:e6:8b:33:39:67:9c:df:fe:67:41:31:8c:56:
                    90:6c:66:ce:b6:9e:09:66:e5:8a:1a:1b:5d:f9:38:
                    39:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8C:D7:4A:61:E6:70:9F:28:0A:2C:A2:BA:E7:1E:30:B6:1D:17:1F
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/84zXSmHmcJ8oCiyiuuceMLYdFx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:4100::/40
                  2a0e:aa07:e033::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:43:91:9d:76:2e:41:b2:1e:ce:84:39:22:9d:c2:ff:db:f8:
         a1:aa:06:45:c8:d0:cb:74:ce:1d:8c:85:c2:1c:d6:cd:8c:17:
         2b:4f:df:b5:30:41:f3:df:87:2f:2a:83:1e:1f:00:54:21:0a:
         a0:e2:8e:6f:90:00:2c:cd:52:07:ef:7c:25:60:7e:e4:06:1c:
         0c:58:e4:3d:30:ae:69:45:ae:13:9d:a0:00:bc:68:61:b9:24:
         cd:1c:45:3b:f9:c0:07:2b:f5:a8:70:07:59:e9:24:94:8d:ea:
         43:81:f6:1b:7c:cd:c9:58:97:56:91:96:af:76:79:d7:57:da:
         b4:bd:02:79:95:a8:7e:ea:ba:97:aa:0f:61:75:6e:79:1c:82:
         65:b6:76:b1:ac:44:df:4b:1d:8c:05:77:85:fb:c0:42:3a:36:
         cf:78:13:fe:25:18:7b:59:5f:26:05:b5:91:9a:fb:8d:09:18:
         e1:d9:ae:27:d8:0d:ea:6c:de:6a:d5:99:b6:67:0f:32:99:db:
         97:34:da:63:1a:6d:da:44:56:7c:66:64:58:af:d5:7d:b4:fc:
         61:6c:64:f5:5e:6a:86:0a:79:05:58:95:12:a8:ef:58:b8:9d:
         97:fa:39:b3:65:39:c2:aa:fc:ff:cb:a6:29:e2:6a:46:df:79:
         26:56:19:87
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQljsTFJC197PgGImyyH+3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhjZDc0YTYxZTY3MDlmMjgwYTJjYTJiYWU3MWUzMGI2MWQxNzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw12EW9iBSmDTjtelKc2/dTsjRXTx
5H0aFZxR4eD/56POknZy80Hf3tNrHnq5Sgqtbvwro+oT8AO0TaQHqRLc79pbIev8
V8r9Oalshuwj4V5hzZ5rmm/wbQNfaS72N7VLPE2U/3caALOuxSQNG0WYvUWLj9ET
DhM9SrQTxMj9Uf0eKRm/retLudE1c5jnri+o7gxUOpKaW9PS8GGUVW8gj7MPOHuR
R7bM53wjZlNGNP3o7mTeFU90kczXzNSVRTL23gNjUsCcOgDF6/eo7O01Zgxn9E/i
zySBbSVHMrWngqzZsOaLMzlnnN/+Z0ExjFaQbGbOtp4JZuWKGhtd+Tg57QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFPOM10ph5nCfKAosorrnHjC2HRcfMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvODR6WFNtSG1jSjhvQ2l5aXV1Y2VNTFlkRng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg6qB0ED
BwAqDqoH4DMwDQYJKoZIhvcNAQELBQADggEBADdDkZ12LkGyHs6EOSKdwv/b+KGq
BkXI0Mt0zh2MhcIc1s2MFytP37UwQfPfhy8qgx4fAFQhCqDijm+QACzNUgfvfCVg
fuQGHAxY5D0wrmlFrhOdoAC8aGG5JM0cRTv5wAcr9ahwB1npJJSN6kOB9ht8zclY
l1aRlq92eddX2rS9AnmVqH7qupeqD2F1bnkcgmW2drGsRN9LHYwFd4X7wEI6Ns94
E/4lGHtZXyYFtZGa+40JGOHZrifYDeps3mrVmbZnDzKZ25c02mMabdpEVnxmZFiv
1X20/GFsZPVeaoYKeQVYlRKo71i4nZf6ObNlOcKq/P/LpiniakbfeSZWGYc=
-----END CERTIFICATE-----