Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cfeNxQuAvksV2ZHflB9i9CHjcf8.roa
File:                     cfeNxQuAvksV2ZHflB9i9CHjcf8.roa (raw, json)
Hash identifier:          eb47lOiMpsYHzpQUIMcL7dVgxRM9MGvIitO1CqieidI=
Subject key identifier:   71:F7:8D:C5:0B:80:BE:4B:15:D9:91:DF:94:1F:62:F4:21:E3:71:FF
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EE34EB174E5FA9AF7CE3B7DD74835
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cfeNxQuAvksV2ZHflB9i9CHjcf8.roa
Signing time:             Thu 02 Jan 2025 05:48:28 +0000
ROA not before:           Thu 02 Jan 2025 05:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210815
IP address blocks:        2a0e:aa07:e027::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e3:4e:b1:74:e5:fa:9a:f7:ce:3b:7d:d7:48:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71f78dc50b80be4b15d991df941f62f421e371ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:43:f1:65:53:e5:3f:e4:ef:28:e4:31:f2:
                    38:1a:f5:24:7b:37:cc:e5:1c:2d:dd:31:c3:8e:dc:
                    8d:5c:0c:f5:d7:1b:17:88:65:ac:eb:40:a2:8b:67:
                    77:82:5f:1d:37:f7:84:ed:33:b6:c6:97:4c:61:cf:
                    db:a2:c6:39:98:7f:e9:d8:e5:51:12:77:b4:33:9a:
                    b7:9a:40:a9:8f:98:a0:67:bf:d2:3c:a5:4c:ac:49:
                    03:ee:80:f7:a2:88:52:74:e0:ac:dc:7f:75:6a:33:
                    c4:58:fb:5e:ed:c4:8e:d0:3a:7c:90:8f:18:db:90:
                    45:7d:91:3d:a4:0a:64:a0:4d:82:f0:bf:56:bd:15:
                    f7:5c:3f:94:ac:83:0c:6c:1e:73:a7:f3:b5:97:3a:
                    16:9b:20:fb:b3:73:e4:35:7b:09:7e:14:45:09:28:
                    42:fb:db:aa:0f:62:13:b1:33:bf:79:f0:92:4f:9a:
                    4f:99:b8:7e:77:60:ea:39:e7:6a:cb:ec:23:6d:10:
                    1c:a5:c2:7c:53:1b:69:5b:91:19:62:c9:29:6b:47:
                    29:15:a3:5c:fa:7a:89:c5:9a:96:c9:07:ee:b5:99:
                    99:f4:1b:c0:0b:67:6c:8f:0a:3a:eb:42:09:61:d3:
                    99:17:c1:af:98:e7:87:2c:0f:3b:bf:04:82:53:a8:
                    b2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F7:8D:C5:0B:80:BE:4B:15:D9:91:DF:94:1F:62:F4:21:E3:71:FF
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/cfeNxQuAvksV2ZHflB9i9CHjcf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e027::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:cb:ed:42:a6:f3:c9:79:2e:6f:66:75:29:67:06:3b:60:92:
         b4:56:87:ae:f2:67:dd:82:db:bb:1e:d1:37:6e:21:9f:23:3c:
         57:fa:da:86:87:bb:2f:c5:74:e5:4a:91:c8:88:d0:86:7c:76:
         a3:a3:84:b9:44:e9:05:cc:c6:88:f7:c6:6d:8e:cb:82:26:1a:
         bb:fa:95:16:cc:fc:6c:d4:7e:c3:61:5c:21:6f:87:0b:a9:db:
         38:5a:dd:39:fe:cc:94:1a:f6:b8:bc:47:14:ca:1f:aa:1c:8a:
         d0:f7:cf:69:84:e1:e3:b8:55:1b:47:ca:5a:34:90:17:b2:38:
         fc:d0:97:37:16:f3:c8:52:3d:e7:f5:c2:66:81:8d:ae:21:7a:
         62:bf:31:19:cc:0a:b3:dd:5a:15:24:23:aa:07:5a:7b:22:96:
         b8:5e:f4:d0:a2:12:82:17:36:61:6b:cc:87:06:44:e5:4c:eb:
         78:65:c3:c4:5e:33:be:9e:82:4b:be:3d:e3:18:5a:31:6a:9d:
         cb:af:03:87:a5:3d:d5:0c:08:e7:84:57:a9:da:a2:ea:e9:7e:
         17:0d:13:b0:8f:7b:e2:4c:f5:20:0a:d7:91:89:c3:f0:f3:18:
         24:72:fa:98:37:d5:b8:60:cb:70:f3:a8:c1:ef:d3:77:48:52:
         83:1e:fb:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljuNOsXTl+pr3zjt910g1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWY3OGRjNTBiODBiZTRiMTVkOTkxZGY5NDFmNjJmNDIxZTM3MWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17dD8WVT5T/k7yjkMfI4GvUkezfM
5Rwt3THDjtyNXAz11xsXiGWs60Cii2d3gl8dN/eE7TO2xpdMYc/bosY5mH/p2OVR
Ene0M5q3mkCpj5igZ7/SPKVMrEkD7oD3oohSdOCs3H91ajPEWPte7cSO0Dp8kI8Y
25BFfZE9pApkoE2C8L9WvRX3XD+UrIMMbB5zp/O1lzoWmyD7s3PkNXsJfhRFCShC
+9uqD2ITsTO/efCST5pPmbh+d2DqOedqy+wjbRAcpcJ8UxtpW5EZYskpa0cpFaNc
+nqJxZqWyQfutZmZ9BvAC2dsjwo660IJYdOZF8GvmOeHLA87vwSCU6iyNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHH3jcULgL5LFdmR35QfYvQh43H/MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvY2ZlTnhRdUF2a3NWMlpIZmxCOWk5Q0hqY2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+An
MA0GCSqGSIb3DQEBCwUAA4IBAQCgy+1CpvPJeS5vZnUpZwY7YJK0Voeu8mfdgtu7
HtE3biGfIzxX+tqGh7svxXTlSpHIiNCGfHajo4S5ROkFzMaI98ZtjsuCJhq7+pUW
zPxs1H7DYVwhb4cLqds4Wt05/syUGva4vEcUyh+qHIrQ989phOHjuFUbR8paNJAX
sjj80Jc3FvPIUj3n9cJmgY2uIXpivzEZzAqz3VoVJCOqB1p7Ipa4XvTQohKCFzZh
a8yHBkTlTOt4ZcPEXjO+noJLvj3jGFoxap3LrwOHpT3VDAjnhFep2qLq6X4XDROw
j3viTPUgCteRicPw8xgkcvqYN9W4YMtw86jB79N3SFKDHvuG
-----END CERTIFICATE-----