Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/z8hbBXfmR9_4TV0XIDvdhoDxJ88.roa
File:                     z8hbBXfmR9_4TV0XIDvdhoDxJ88.roa (raw, json)
Hash identifier:          K4bePDMQjgLCTnbt2B86qL8fK9bx5pvPhU5OtARItRE=
Subject key identifier:   CF:C8:5B:05:77:E6:47:DF:F8:4D:5D:17:20:3B:DD:86:80:F1:27:CF
Certificate issuer:       /CN=2f246475d7c9ba399f07f843621f6e081372d757
Certificate serial:       019421B24E789ED6C74EED28C1B4FB13A0C5
Authority key identifier: 2F:24:64:75:D7:C9:BA:39:9F:07:F8:43:62:1F:6E:08:13:72:D7:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/z8hbBXfmR9_4TV0XIDvdhoDxJ88.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215746
IP address blocks:        217.20.252.0/24 maxlen: 24
                          2a12:fec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4e:78:9e:d6:c7:4e:ed:28:c1:b4:fb:13:a0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f246475d7c9ba399f07f843621f6e081372d757
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfc85b0577e647dff84d5d17203bdd8680f127cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4a:70:a4:e5:4b:49:f6:97:f5:46:46:60:84:
                    a7:12:3a:b0:3c:17:01:f3:24:e9:14:90:57:e5:fe:
                    5b:b3:39:44:d4:8e:b8:f2:7f:1f:43:56:4d:de:22:
                    75:0e:3a:91:af:c9:38:9b:8d:d4:f3:56:a9:30:b1:
                    23:1f:c1:82:0c:c8:4d:8a:5b:bd:75:0f:92:e5:87:
                    0c:ea:32:76:d5:dd:cb:32:9a:d6:05:82:be:13:48:
                    d5:25:ef:e7:05:cc:1d:da:53:b2:c1:c4:dd:5d:83:
                    02:ef:88:5d:94:0c:35:fc:2a:5f:10:08:c3:fb:b3:
                    e1:32:3b:c9:9b:26:7e:6e:ea:3e:f6:11:28:d2:e5:
                    e6:d1:1c:cc:22:1a:5b:cb:fe:3a:04:dd:18:9d:e3:
                    2c:85:a0:b7:76:f2:cd:3a:81:b0:83:28:91:3a:44:
                    ce:3d:6e:23:d3:13:5f:f5:6d:5c:37:f4:ae:8f:d1:
                    a6:4b:77:8a:55:52:80:f8:74:80:82:53:ae:4e:93:
                    6c:0f:43:31:37:c0:66:00:ce:91:e2:7e:22:0e:7d:
                    cc:29:22:7b:97:c3:93:42:bf:d9:81:04:81:4d:32:
                    ec:67:8c:b6:9e:a9:08:64:e3:a8:82:59:e9:ee:0b:
                    7a:53:e4:29:eb:c6:59:41:69:39:af:3d:f5:44:e2:
                    24:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C8:5B:05:77:E6:47:DF:F8:4D:5D:17:20:3B:DD:86:80:F1:27:CF
            X509v3 Authority Key Identifier:
                keyid:2F:24:64:75:D7:C9:BA:39:9F:07:F8:43:62:1F:6E:08:13:72:D7:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyRkddfJujmfB_hDYh9uCBNy11c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/z8hbBXfmR9_4TV0XIDvdhoDxJ88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/df52a0-5824-42ad-9b4d-d9a1fa90810f/1/LyRkddfJujmfB_hDYh9uCBNy11c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.252.0/24
                IPv6:
                  2a12:fec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:ed:03:a6:3f:50:a1:97:40:af:33:20:ec:47:bf:92:8f:a6:
         49:19:c0:f5:d2:ad:cf:1f:76:9c:eb:6c:83:56:cd:26:a8:51:
         c2:2a:26:4f:cc:c0:68:1e:09:e8:0b:30:5a:45:62:2c:5c:a6:
         9d:47:50:3d:18:77:39:b8:8f:09:56:bc:fc:1d:f7:da:d3:02:
         54:d0:0d:0d:d2:7e:be:59:de:06:44:f3:47:c9:35:5f:07:8e:
         5b:36:4c:72:31:96:5b:f9:1f:5a:90:fa:3a:16:29:c4:96:1f:
         da:71:e8:af:f4:46:ec:48:55:83:50:6f:af:2b:45:0a:b3:78:
         0e:31:68:9b:a0:ab:ed:92:55:d6:8d:a3:b7:6e:31:e1:90:48:
         88:21:16:04:8b:61:2f:58:04:31:90:72:de:55:a5:34:29:a5:
         e0:f0:11:0a:57:b5:43:02:83:13:6a:60:c7:59:b8:6d:ee:12:
         5e:ff:b8:8a:81:f6:79:3a:b0:bb:76:c2:ba:dd:81:80:89:93:
         9f:ac:4b:01:69:72:1f:ed:2d:d2:6f:1f:cd:58:a6:b2:a0:c6:
         22:a6:c0:b5:c4:99:30:6d:73:c7:11:4a:28:e8:eb:ff:d5:6d:
         87:f0:f6:d4:a5:6a:55:5c:fb:b4:23:65:a9:00:7d:f6:15:b0:
         25:89:8c:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsk54ntbHTu0owbT7E6DFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjQ2NDc1ZDdjOWJhMzk5ZjA3Zjg0MzYyMWY2ZTA4MTM3
MmQ3NTcwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM4NWIwNTc3ZTY0N2RmZjg0ZDVkMTcyMDNiZGQ4NjgwZjEyN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEpwpOVLSfaX9UZGYISnEjqwPBcB
8yTpFJBX5f5bszlE1I648n8fQ1ZN3iJ1DjqRr8k4m43U81apMLEjH8GCDMhNilu9
dQ+S5YcM6jJ21d3LMprWBYK+E0jVJe/nBcwd2lOywcTdXYMC74hdlAw1/CpfEAjD
+7PhMjvJmyZ+buo+9hEo0uXm0RzMIhpby/46BN0YneMshaC3dvLNOoGwgyiROkTO
PW4j0xNf9W1cN/Suj9GmS3eKVVKA+HSAglOuTpNsD0MxN8BmAM6R4n4iDn3MKSJ7
l8OTQr/ZgQSBTTLsZ4y2nqkIZOOoglnp7gt6U+Qp68ZZQWk5rz31ROIkAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM/IWwV35kff+E1dFyA73YaA8SfPMB8GA1UdIwQY
MBaAFC8kZHXXybo5nwf4Q2IfbggTctdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlSa2RkZkp1am1mQl9oRFloOXVDQk55MTFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kZjUyYTAtNTgyNC00MmFkLTliNGQt
ZDlhMWZhOTA4MTBmLzEvejhoYkJYZm1SOV80VFYwWElEdmRob0R4Sjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kZjUyYTAtNTgyNC00MmFkLTliNGQtZDlhMWZhOTA4MTBm
LzEvTHlSa2RkZkp1am1mQl9oRFloOXVDQk55MTFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RT8MA0E
AgACMAcDBQMqEv7AMA0GCSqGSIb3DQEBCwUAA4IBAQB07QOmP1Chl0CvMyDsR7+S
j6ZJGcD10q3PH3ac62yDVs0mqFHCKiZPzMBoHgnoCzBaRWIsXKadR1A9GHc5uI8J
Vrz8Hffa0wJU0A0N0n6+Wd4GRPNHyTVfB45bNkxyMZZb+R9akPo6FinElh/aceiv
9EbsSFWDUG+vK0UKs3gOMWiboKvtklXWjaO3bjHhkEiIIRYEi2EvWAQxkHLeVaU0
KaXg8BEKV7VDAoMTamDHWbht7hJe/7iKgfZ5OrC7dsK63YGAiZOfrEsBaXIf7S3S
bx/NWKayoMYipsC1xJkwbXPHEUoo6Ov/1W2H8PbUpWpVXPu0I2WpAH32FbAliYz4
-----END CERTIFICATE-----