Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/zwDf_kkH_sbuGk9WPwUaPDjfffs.roa
File:                     zwDf_kkH_sbuGk9WPwUaPDjfffs.roa (raw, json)
Hash identifier:          EodK3W1jmYTJC73uP7dzhnrwbPzudn9QK+eDEFeCQfI=
Subject key identifier:   CF:00:DF:FE:49:07:FE:C6:EE:1A:4F:56:3F:05:1A:3C:38:DF:7D:FB
Certificate issuer:       /CN=c3593644c70919f6083f2819a73f3d39eb9cb5e8
Certificate serial:       019425FC4AD055A2AFA4B83FA680EFE1B04B
Authority key identifier: C3:59:36:44:C7:09:19:F6:08:3F:28:19:A7:3F:3D:39:EB:9C:B5:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w1k2RMcJGfYIPygZpz89Oeucteg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/zwDf_kkH_sbuGk9WPwUaPDjfffs.roa
Signing time:             Thu 02 Jan 2025 07:47:58 +0000
ROA not before:           Thu 02 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200023
IP address blocks:        146.19.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/w1k2RMcJGfYIPygZpz89Oeucteg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/w1k2RMcJGfYIPygZpz89Oeucteg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w1k2RMcJGfYIPygZpz89Oeucteg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4a:d0:55:a2:af:a4:b8:3f:a6:80:ef:e1:b0:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3593644c70919f6083f2819a73f3d39eb9cb5e8
        Validity
            Not Before: Jan  2 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf00dffe4907fec6ee1a4f563f051a3c38df7dfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:97:31:6a:d8:da:12:a2:54:a2:9d:bc:35:46:
                    a3:3c:2a:78:6e:51:23:5e:bb:ff:b6:f2:53:2f:10:
                    bc:9a:34:b1:4f:7d:f9:d9:5c:3d:6d:5e:a6:67:dd:
                    c4:8c:cf:c2:77:91:ac:c6:0a:c5:d1:98:23:d9:31:
                    14:73:12:11:57:f1:e5:5f:c7:fa:df:98:78:01:6f:
                    48:d8:c2:48:24:8c:28:88:75:8c:41:f5:03:82:96:
                    6d:c8:96:4e:d4:fb:a6:ac:f2:f2:d4:92:e6:17:e8:
                    aa:e6:16:7d:1b:cc:a8:4b:62:06:0c:ba:a7:37:93:
                    4f:ac:7f:4b:ef:91:a1:fe:83:f0:c7:34:ef:74:e6:
                    20:4e:f1:85:0b:bb:77:35:af:78:14:f8:52:fc:8c:
                    62:92:e6:bf:49:a2:34:a6:bb:49:77:f7:dc:0b:7c:
                    09:f5:cb:b6:58:50:de:1b:f7:1e:db:36:46:bb:3f:
                    ed:fd:86:30:dc:70:94:91:06:37:73:70:31:6b:02:
                    5a:76:e9:f0:bc:01:f1:dc:e4:06:a0:5c:09:6a:74:
                    b9:98:2c:e0:c4:3e:29:6e:30:fc:53:c2:1b:d1:61:
                    c3:7d:93:19:4b:7d:bc:52:c7:8a:a0:d3:8d:8d:17:
                    47:be:0a:d4:09:82:ab:ea:8e:b5:af:79:aa:bf:5a:
                    08:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:00:DF:FE:49:07:FE:C6:EE:1A:4F:56:3F:05:1A:3C:38:DF:7D:FB
            X509v3 Authority Key Identifier:
                keyid:C3:59:36:44:C7:09:19:F6:08:3F:28:19:A7:3F:3D:39:EB:9C:B5:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w1k2RMcJGfYIPygZpz89Oeucteg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/zwDf_kkH_sbuGk9WPwUaPDjfffs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/eb3ab5-56cd-4227-b06d-a6ce38f3d1d8/1/w1k2RMcJGfYIPygZpz89Oeucteg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ee:e2:44:d0:7c:e5:7b:c5:88:7e:11:57:99:35:15:2f:d3:
         61:7b:c1:2e:bf:74:00:7b:02:92:7b:91:b7:13:c7:75:93:af:
         13:6d:5a:04:58:13:88:55:e2:f8:12:84:1f:e6:81:e0:51:15:
         19:50:64:bf:65:14:c5:bd:88:c5:1a:17:17:18:60:65:26:56:
         e1:18:e6:ce:77:36:2c:34:9d:12:3a:ab:77:83:8b:a4:ac:5e:
         c8:99:1f:92:38:2c:50:e9:e7:a2:fe:ba:64:a6:50:50:1a:76:
         c9:fe:1e:f9:15:12:d4:db:9e:69:53:06:02:58:10:29:b8:46:
         93:54:50:a6:70:9e:1b:45:2f:99:d5:9b:6f:3e:23:5e:1b:b3:
         55:f4:56:70:67:42:90:a5:02:bc:3a:f5:4d:16:71:8c:58:e1:
         fa:54:6f:fe:8b:78:6f:26:66:92:ba:64:1a:89:af:fd:05:3e:
         09:86:e0:4c:01:15:11:f4:b7:5a:d7:81:36:9a:8d:3e:6f:82:
         14:11:da:7c:21:64:b0:c3:bb:04:d0:2e:9f:47:22:1d:9c:a4:
         f5:81:57:35:7c:f3:d9:4b:00:44:13:39:19:45:65:10:c4:51:
         a7:a9:d2:50:89:0d:9f:84:c2:5a:4b:fb:91:9e:42:a5:52:93:
         f8:c4:53:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ErQVaKvpLg/poDv4bBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNTkzNjQ0YzcwOTE5ZjYwODNmMjgxOWE3M2YzZDM5ZWI5
Y2I1ZTgwHhcNMjUwMTAyMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjAwZGZmZTQ5MDdmZWM2ZWUxYTRmNTYzZjA1MWEzYzM4ZGY3ZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5cxatjaEqJUop28NUajPCp4blEj
Xrv/tvJTLxC8mjSxT3352Vw9bV6mZ93EjM/Cd5GsxgrF0Zgj2TEUcxIRV/HlX8f6
35h4AW9I2MJIJIwoiHWMQfUDgpZtyJZO1PumrPLy1JLmF+iq5hZ9G8yoS2IGDLqn
N5NPrH9L75Gh/oPwxzTvdOYgTvGFC7t3Na94FPhS/Ixikua/SaI0prtJd/fcC3wJ
9cu2WFDeG/ce2zZGuz/t/YYw3HCUkQY3c3AxawJadunwvAHx3OQGoFwJanS5mCzg
xD4pbjD8U8Ib0WHDfZMZS328UseKoNONjRdHvgrUCYKr6o61r3mqv1oIjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8A3/5JB/7G7hpPVj8FGjw43337MB8GA1UdIwQY
MBaAFMNZNkTHCRn2CD8oGac/PTnrnLXoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzFrMlJNY0pHZllJUHlnWnB6ODlPZXVjdGVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9lYjNhYjUtNTZjZC00MjI3LWIwNmQt
YTZjZTM4ZjNkMWQ4LzEvendEZl9ra0hfc2J1R2s5V1B3VWFQRGpmZmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9lYjNhYjUtNTZjZC00MjI3LWIwNmQtYTZjZTM4ZjNkMWQ4
LzEvdzFrMlJNY0pHZllJUHlnWnB6ODlPZXVjdGVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNnMA0G
CSqGSIb3DQEBCwUAA4IBAQBM7uJE0Hzle8WIfhFXmTUVL9Nhe8Euv3QAewKSe5G3
E8d1k68TbVoEWBOIVeL4EoQf5oHgURUZUGS/ZRTFvYjFGhcXGGBlJlbhGObOdzYs
NJ0SOqt3g4ukrF7ImR+SOCxQ6eei/rpkplBQGnbJ/h75FRLU255pUwYCWBApuEaT
VFCmcJ4bRS+Z1ZtvPiNeG7NV9FZwZ0KQpQK8OvVNFnGMWOH6VG/+i3hvJmaSumQa
ia/9BT4JhuBMARUR9Lda14E2mo0+b4IUEdp8IWSww7sE0C6fRyIdnKT1gVc1fPPZ
SwBEEzkZRWUQxFGnqdJQiQ2fhMJaS/uRnkKlUpP4xFNt
-----END CERTIFICATE-----