Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/ZAf_TODdz2GvAFp8P1cZfLoHZ80.roa
File:                     ZAf_TODdz2GvAFp8P1cZfLoHZ80.roa (raw, json)
Hash identifier:          9Jk74qPLddxgXTpIwOhtoLR2sBPTBQ9n+Rt24Gzi21Q=
Subject key identifier:   64:07:FF:4C:E0:DD:CF:61:AF:00:5A:7C:3F:57:19:7C:BA:07:67:CD
Certificate issuer:       /CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
Certificate serial:       0194258F97C461561B9166E0B8372A57549C
Authority key identifier: CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/ZAf_TODdz2GvAFp8P1cZfLoHZ80.roa
Signing time:             Thu 02 Jan 2025 05:49:15 +0000
ROA not before:           Thu 02 Jan 2025 05:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        145.250.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:97:c4:61:56:1b:91:66:e0:b8:37:2a:57:54:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
        Validity
            Not Before: Jan  2 05:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6407ff4ce0ddcf61af005a7c3f57197cba0767cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:37:53:c4:37:ba:e8:b1:e3:b4:f8:1e:38:a7:
                    0a:79:e6:ff:f7:4a:fd:a6:bc:20:56:55:4e:34:98:
                    9c:20:a2:be:6a:dd:90:63:6a:fa:34:2d:a4:ba:ab:
                    9d:09:da:0e:6d:ef:85:af:5d:9a:51:bb:68:46:3a:
                    be:a8:49:76:96:d4:cf:cb:91:01:70:5d:fc:31:a0:
                    97:ac:a5:1d:45:be:59:47:62:38:b0:1e:07:3f:e7:
                    7f:d9:fe:76:86:f9:4e:55:18:af:3f:9c:b4:24:cf:
                    e1:7a:27:dd:c7:5b:de:13:4b:10:6a:dd:ea:5d:d9:
                    8c:bd:78:55:ed:98:38:19:57:e9:dd:50:08:77:d1:
                    a8:fc:6b:d0:32:19:b9:57:f6:a9:59:91:ac:f3:07:
                    30:21:d3:c5:00:69:9f:89:2e:7b:aa:58:61:44:a2:
                    72:9d:88:b7:11:0a:b0:b3:a0:e0:86:b9:b8:1a:61:
                    11:20:05:25:3b:4e:f2:cc:a3:bf:4c:1b:8d:4b:e3:
                    33:07:aa:f8:d8:89:cc:2d:c8:59:56:6c:62:c2:64:
                    9d:63:f2:08:15:74:8a:39:48:96:0a:30:0f:60:75:
                    47:51:0a:97:f0:d1:95:93:4e:6a:87:88:7a:3e:6e:
                    bb:91:16:e9:60:ea:50:8a:85:d1:0a:07:45:af:00:
                    7d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:07:FF:4C:E0:DD:CF:61:AF:00:5A:7C:3F:57:19:7C:BA:07:67:CD
            X509v3 Authority Key Identifier:
                keyid:CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/ZAf_TODdz2GvAFp8P1cZfLoHZ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.250.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         7c:2c:55:ca:23:fd:1e:02:fd:d2:2d:ee:4f:88:af:d0:51:af:
         df:a4:cd:e2:c0:2a:c7:af:32:26:20:61:b9:2b:6f:ce:6a:d5:
         91:4e:f1:15:bd:56:85:f8:91:58:18:4d:c4:52:5e:e0:04:e1:
         3d:de:c4:df:c2:ee:07:68:55:4e:90:f8:18:61:9f:2d:64:90:
         ba:11:61:47:94:e4:5f:c0:e8:43:1e:30:6a:77:11:21:ac:4a:
         a9:3a:37:d8:3a:16:1c:d7:41:3d:f0:6f:9a:5b:66:bc:aa:6c:
         cf:b4:46:7d:7d:f2:43:59:c9:96:45:3f:cf:f3:70:50:e3:37:
         97:73:a6:48:68:3e:44:d5:ed:37:23:e5:a4:2a:95:03:a1:00:
         dc:a9:ee:81:12:17:a2:9e:d4:87:86:da:d8:21:8d:e2:dc:8b:
         d5:f3:df:aa:cd:aa:47:11:69:a1:86:23:a8:05:08:b9:5d:e2:
         2a:53:81:d7:47:c4:89:6c:6f:a1:42:a8:d0:52:bf:f9:a6:2b:
         17:5c:2c:7a:e1:c5:38:27:7c:d6:32:af:2c:46:a8:e4:56:e0:
         ac:51:c1:9c:b4:a4:f9:8e:79:40:f0:42:08:fd:d9:9e:8f:f3:
         ac:36:c9:96:76:e5:e2:52:f8:58:de:c4:02:9b:66:ac:5e:99:
         dc:56:fa:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5fEYVYbkWbguDcqV1ScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTU1N2IyYzNhZGZiYjI1ZDM3ZWEyYTJkZmQxOWIyZDRl
YTUxMGUwHhcNMjUwMTAyMDU0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA3ZmY0Y2UwZGRjZjYxYWYwMDVhN2MzZjU3MTk3Y2JhMDc2N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTdTxDe66LHjtPgeOKcKeeb/90r9
prwgVlVONJicIKK+at2QY2r6NC2kuqudCdoObe+Fr12aUbtoRjq+qEl2ltTPy5EB
cF38MaCXrKUdRb5ZR2I4sB4HP+d/2f52hvlOVRivP5y0JM/heifdx1veE0sQat3q
XdmMvXhV7Zg4GVfp3VAId9Go/GvQMhm5V/apWZGs8wcwIdPFAGmfiS57qlhhRKJy
nYi3EQqws6Dghrm4GmERIAUlO07yzKO/TBuNS+MzB6r42InMLchZVmxiwmSdY/II
FXSKOUiWCjAPYHVHUQqX8NGVk05qh4h6Pm67kRbpYOpQioXRCgdFrwB91QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQH/0zg3c9hrwBafD9XGXy6B2fNMB8GA1UdIwQY
MBaAFMwVV7LDrfuyXTfqKi39GbLU6lEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGIt
YTU2ZGM1MDEyMWRkLzEvWkFmX1RPRGR6Mkd2QUZwOFAxY1pmTG9IWjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGItYTU2ZGM1MDEyMWRk
LzEvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkfqAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8LFXKI/0eAv3SLe5PiK/QUa/fpM3iwCrHrzImIGG5
K2/OatWRTvEVvVaF+JFYGE3EUl7gBOE93sTfwu4HaFVOkPgYYZ8tZJC6EWFHlORf
wOhDHjBqdxEhrEqpOjfYOhYc10E98G+aW2a8qmzPtEZ9ffJDWcmWRT/P83BQ4zeX
c6ZIaD5E1e03I+WkKpUDoQDcqe6BEheintSHhtrYIY3i3IvV89+qzapHEWmhhiOo
BQi5XeIqU4HXR8SJbG+hQqjQUr/5pisXXCx64cU4J3zWMq8sRqjkVuCsUcGctKT5
jnlA8EII/dmej/OsNsmWduXiUvhY3sQCm2asXpncVvpe
-----END CERTIFICATE-----