Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/w2cifThx8liTp2UosKmPtTuVnbg.roa
File:                     w2cifThx8liTp2UosKmPtTuVnbg.roa (raw, json)
Hash identifier:          4M3/VZ3vA0bwXmuEW9DfiaSDaEw4jhqFMcpDjEAK5AY=
Subject key identifier:   C3:67:22:7D:38:71:F2:58:93:A7:65:28:B0:A9:8F:B5:3B:95:9D:B8
Certificate issuer:       /CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
Certificate serial:       01942BE24FC48EC2C76345EBEA0B64284DA2
Authority key identifier: 7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/w2cifThx8liTp2UosKmPtTuVnbg.roa
Signing time:             Fri 03 Jan 2025 11:17:19 +0000
ROA not before:           Fri 03 Jan 2025 11:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205836
IP address blocks:        103.226.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2b:e2:4f:c4:8e:c2:c7:63:45:eb:ea:0b:64:28:4d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af57dd52c75fce39ffe2915469d9e656dbcb873
        Validity
            Not Before: Jan  3 11:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c367227d3871f25893a76528b0a98fb53b959db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f0:79:0e:dd:ca:cd:8c:6a:9f:96:16:55:26:
                    13:af:a3:1d:11:6f:6a:80:26:03:41:7e:4a:cf:e1:
                    01:93:ee:da:1d:30:56:b5:d4:c8:60:35:1f:8a:02:
                    a9:13:69:44:e2:43:09:d2:3d:02:ce:e8:c3:41:43:
                    96:cf:78:44:fe:d7:66:08:6a:77:bc:f5:c5:66:b1:
                    92:7c:e5:1c:0a:5b:e4:50:3d:17:cd:66:31:34:af:
                    f2:50:95:d9:6c:f8:aa:de:f8:bd:93:7a:2a:f5:91:
                    aa:b1:86:a5:df:06:7f:60:d6:a9:c5:5f:9a:0e:33:
                    85:3a:c7:99:a5:00:54:4f:9b:d0:76:c3:ef:9c:73:
                    c2:38:f6:1c:03:8f:91:95:18:e0:56:62:5f:63:77:
                    42:1e:6a:f0:c0:60:ac:43:12:24:e4:51:c9:f6:de:
                    e5:b8:a3:41:65:42:3f:2f:50:18:28:7e:08:98:af:
                    51:b9:e7:99:e9:69:61:c1:24:e8:dd:b6:b9:c0:1e:
                    9b:c4:2b:7a:2e:01:b7:51:8a:66:4e:66:fe:2e:3a:
                    a8:0c:67:7f:86:8c:57:9a:bb:9f:a7:05:93:0b:88:
                    c2:d2:19:20:07:01:5f:7a:ed:ad:7a:65:80:4d:59:
                    e6:78:e7:dd:b4:55:65:5d:60:77:50:60:41:9e:a7:
                    65:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:67:22:7D:38:71:F2:58:93:A7:65:28:B0:A9:8F:B5:3B:95:9D:B8
            X509v3 Authority Key Identifier:
                keyid:7A:F5:7D:D5:2C:75:FC:E3:9F:FE:29:15:46:9D:9E:65:6D:BC:B8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evV91Sx1_OOf_ikVRp2eZW28uHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/w2cifThx8liTp2UosKmPtTuVnbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8797de-3ae9-4e05-80ff-c2534096c60d/1/evV91Sx1_OOf_ikVRp2eZW28uHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.226.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:76:98:33:42:a1:97:fb:e8:24:49:4c:74:14:c6:64:f5:cf:
         45:bd:79:f3:2e:15:e2:57:55:e3:16:a8:71:12:24:a7:25:f6:
         16:ea:58:02:02:9e:af:f5:13:1d:16:3e:24:86:b4:10:fa:07:
         1d:1f:4e:38:69:f7:97:a6:5c:74:f9:f1:28:c9:fe:8e:3b:2c:
         2a:3d:9c:92:5b:f8:84:f5:e4:a1:7b:59:09:93:e6:06:95:98:
         e1:eb:6b:e3:44:dc:92:36:20:cc:24:14:6f:a3:d8:b0:6e:ff:
         91:20:bc:17:92:19:73:e4:b9:68:f4:8a:14:4d:0b:e8:da:92:
         da:4e:3a:51:9f:e0:ca:0a:36:97:25:71:a2:34:47:3c:79:b6:
         6f:54:b0:43:14:8e:c0:5c:cd:89:90:c1:8a:67:6f:cf:b7:dc:
         af:d8:b4:1d:1f:a2:22:37:6e:33:16:b7:6c:55:68:1a:9d:95:
         dd:71:7f:fb:58:da:c5:61:c0:29:b0:64:1d:71:8c:09:f1:1e:
         39:85:c8:6c:5e:3b:86:b2:b5:e8:a7:6c:75:70:c0:d9:b9:2c:
         8f:2b:b5:ee:00:19:ad:a5:16:1b:14:01:ea:33:58:ed:5f:a1:
         e4:06:85:4e:e7:2d:71:c0:0e:9a:ce:43:d4:62:11:33:ae:ea:
         a7:7e:79:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQr4k/EjsLHY0Xr6gtkKE2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjU3ZGQ1MmM3NWZjZTM5ZmZlMjkxNTQ2OWQ5ZTY1NmRi
Y2I4NzMwHhcNMjUwMTAzMTExNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzY3MjI3ZDM4NzFmMjU4OTNhNzY1MjhiMGE5OGZiNTNiOTU5ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/B5Dt3KzYxqn5YWVSYTr6MdEW9q
gCYDQX5Kz+EBk+7aHTBWtdTIYDUfigKpE2lE4kMJ0j0CzujDQUOWz3hE/tdmCGp3
vPXFZrGSfOUcClvkUD0XzWYxNK/yUJXZbPiq3vi9k3oq9ZGqsYal3wZ/YNapxV+a
DjOFOseZpQBUT5vQdsPvnHPCOPYcA4+RlRjgVmJfY3dCHmrwwGCsQxIk5FHJ9t7l
uKNBZUI/L1AYKH4ImK9RueeZ6WlhwSTo3ba5wB6bxCt6LgG3UYpmTmb+LjqoDGd/
hoxXmrufpwWTC4jC0hkgBwFfeu2temWATVnmeOfdtFVlXWB3UGBBnqdl0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNnIn04cfJYk6dlKLCpj7U7lZ24MB8GA1UdIwQY
MBaAFHr1fdUsdfzjn/4pFUadnmVtvLhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYt
YzI1MzQwOTZjNjBkLzEvdzJjaWZUaHg4bGlUcDJVb3NLbVB0VHVWbmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Nzk3ZGUtM2FlOS00ZTA1LTgwZmYtYzI1MzQwOTZjNjBk
LzEvZXZWOTFTeDFfT09mX2lrVlJwMmVaVzI4dUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ+LBMA0G
CSqGSIb3DQEBCwUAA4IBAQCBdpgzQqGX++gkSUx0FMZk9c9FvXnzLhXiV1XjFqhx
EiSnJfYW6lgCAp6v9RMdFj4khrQQ+gcdH044afeXplx0+fEoyf6OOywqPZySW/iE
9eShe1kJk+YGlZjh62vjRNySNiDMJBRvo9iwbv+RILwXkhlz5Llo9IoUTQvo2pLa
TjpRn+DKCjaXJXGiNEc8ebZvVLBDFI7AXM2JkMGKZ2/Pt9yv2LQdH6IiN24zFrds
VWganZXdcX/7WNrFYcApsGQdcYwJ8R45hchsXjuGsrXop2x1cMDZuSyPK7XuABmt
pRYbFAHqM1jtX6HkBoVO5y1xwA6azkPUYhEzruqnfnnV
-----END CERTIFICATE-----