Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/zm_tiZYeCn8ehXZd9tw9sXB83Nc.roa
File:                     zm_tiZYeCn8ehXZd9tw9sXB83Nc.roa (raw, json)
Hash identifier:          IgEO32gkQi6wmidjYSi5hjtOgdx82UyihVs3l5iAiso=
Subject key identifier:   CE:6F:ED:89:96:1E:0A:7F:1E:85:76:5D:F6:DC:3D:B1:70:7C:DC:D7
Certificate issuer:       /CN=03049604737c78bd24dbb25eb336f4a416e645f6
Certificate serial:       01930BE9F2203D8D558B673E22C413E30D6D
Authority key identifier: 03:04:96:04:73:7C:78:BD:24:DB:B2:5E:B3:36:F4:A4:16:E6:45:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AwSWBHN8eL0k27Jeszb0pBbmRfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/zm_tiZYeCn8ehXZd9tw9sXB83Nc.roa
Signing time:             Fri 08 Nov 2024 13:15:01 +0000
ROA not before:           Fri 08 Nov 2024 13:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202270
IP address blocks:        45.130.44.0/24 maxlen: 24
                          185.207.225.0/24 maxlen: 24
                          2a13:6c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/AwSWBHN8eL0k27Jeszb0pBbmRfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/AwSWBHN8eL0k27Jeszb0pBbmRfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AwSWBHN8eL0k27Jeszb0pBbmRfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:e9:f2:20:3d:8d:55:8b:67:3e:22:c4:13:e3:0d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03049604737c78bd24dbb25eb336f4a416e645f6
        Validity
            Not Before: Nov  8 13:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce6fed89961e0a7f1e85765df6dc3db1707cdcd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:ee:1b:1c:d0:e1:47:78:38:89:cf:8e:a5:
                    94:de:25:bf:fa:b8:52:42:1b:bc:f9:ee:00:d7:6f:
                    e4:a8:d3:a0:d1:43:f5:f2:77:f8:c9:5e:1c:56:75:
                    1e:5c:0a:f6:27:cc:43:be:da:2b:0f:58:8d:41:3a:
                    d3:e4:88:29:ac:a5:aa:f9:4b:2f:a0:5d:ae:63:d5:
                    5c:53:c5:2b:d1:03:f6:b6:76:41:ac:fa:0d:3a:da:
                    ca:f9:a1:78:91:f8:f0:5f:39:09:d3:a8:29:2c:dd:
                    b0:a6:56:0e:73:29:6f:92:37:da:87:a3:6d:41:2b:
                    9d:16:88:3b:6e:25:a7:55:99:57:46:78:05:34:80:
                    62:8e:d7:93:82:b4:b5:f6:76:d9:7b:69:f4:e6:9a:
                    ab:b6:d0:c8:b7:a5:ae:68:0e:02:9c:fc:b1:12:83:
                    28:03:8a:15:34:d5:4d:5e:dc:9f:ce:55:7f:9a:c0:
                    b1:a9:02:ca:f5:6c:de:4a:d4:19:20:4b:a2:74:e2:
                    1e:ca:5d:0a:36:c1:99:d0:d4:05:bb:a8:34:11:8c:
                    b3:27:af:65:c4:7c:6e:3f:03:23:9b:4e:8d:f0:c5:
                    8d:bd:eb:31:ce:fd:82:18:5b:fd:d1:9d:46:ac:34:
                    c5:e9:57:0d:91:7e:cb:22:d6:d2:c0:81:82:ee:11:
                    90:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6F:ED:89:96:1E:0A:7F:1E:85:76:5D:F6:DC:3D:B1:70:7C:DC:D7
            X509v3 Authority Key Identifier:
                keyid:03:04:96:04:73:7C:78:BD:24:DB:B2:5E:B3:36:F4:A4:16:E6:45:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AwSWBHN8eL0k27Jeszb0pBbmRfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/zm_tiZYeCn8ehXZd9tw9sXB83Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/35b4c5-297b-420c-822a-169e537a890c/1/AwSWBHN8eL0k27Jeszb0pBbmRfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.44.0/24
                  185.207.225.0/24
                IPv6:
                  2a13:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:ba:7f:4e:46:8b:32:a0:11:ce:b3:22:79:b8:17:f9:82:49:
         84:c5:bc:be:1e:e4:0e:3d:d5:b6:5f:18:fe:b5:1e:4c:74:fd:
         56:dc:53:d9:66:5c:9c:06:8d:9f:f3:86:a0:d4:be:a4:d1:f1:
         96:54:45:35:b0:93:2f:73:96:53:d4:9a:af:73:e2:e5:bd:cf:
         90:8c:bf:39:24:4e:74:8a:6d:20:80:97:b7:3b:ad:27:48:7b:
         c2:2d:4d:65:1f:e5:91:58:8f:6f:c7:c4:07:d9:04:cd:83:13:
         c1:14:b1:95:05:cf:24:e5:d5:29:0e:db:d0:a9:d4:32:b0:75:
         a6:85:d7:a5:ea:40:51:c2:eb:1f:48:e4:b6:9e:25:4f:4c:67:
         8a:be:00:39:4d:ed:44:56:7d:08:cc:4c:76:d7:36:5f:f5:fa:
         5b:3e:7d:f5:70:e3:fd:98:c4:04:2b:a7:18:e9:be:cf:7c:05:
         d3:dd:96:42:24:89:12:8b:84:89:6a:ca:61:c9:cf:81:cb:2d:
         39:aa:10:00:a2:c5:b7:47:8d:5d:b2:76:46:e7:36:52:16:d6:
         52:1d:80:23:8c:0c:53:a9:f8:46:e6:e7:16:3d:2e:75:02:82:
         74:7b:4f:34:81:72:b7:b5:bf:7b:87:ce:70:4a:6a:e3:bc:a6:
         72:01:b3:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZML6fIgPY1Vi2c+IsQT4w1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMDQ5NjA0NzM3Yzc4YmQyNGRiYjI1ZWIzMzZmNGE0MTZl
NjQ1ZjYwHhcNMjQxMTA4MTMxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTZmZWQ4OTk2MWUwYTdmMWU4NTc2NWRmNmRjM2RiMTcwN2NkY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQzuGxzQ4Ud4OInPjqWU3iW/+rhS
Qhu8+e4A12/kqNOg0UP18nf4yV4cVnUeXAr2J8xDvtorD1iNQTrT5IgprKWq+Usv
oF2uY9VcU8Ur0QP2tnZBrPoNOtrK+aF4kfjwXzkJ06gpLN2wplYOcylvkjfah6Nt
QSudFog7biWnVZlXRngFNIBijteTgrS19nbZe2n05pqrttDIt6WuaA4CnPyxEoMo
A4oVNNVNXtyfzlV/msCxqQLK9WzeStQZIEuidOIeyl0KNsGZ0NQFu6g0EYyzJ69l
xHxuPwMjm06N8MWNvesxzv2CGFv90Z1GrDTF6VcNkX7LItbSwIGC7hGQ/QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM5v7YmWHgp/HoV2XfbcPbFwfNzXMB8GA1UdIwQY
MBaAFAMElgRzfHi9JNuyXrM29KQW5kX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXdTV0JITjhlTDBrMjdKZXN6YjBwQmJtUmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zNWI0YzUtMjk3Yi00MjBjLTgyMmEt
MTY5ZTUzN2E4OTBjLzEvem1fdGlaWWVDbjhlaFhaZDl0dzlzWEI4M05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zNWI0YzUtMjk3Yi00MjBjLTgyMmEtMTY5ZTUzN2E4OTBj
LzEvQXdTV0JITjhlTDBrMjdKZXN6YjBwQmJtUmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYIsAwQA
uc/hMA0EAgACMAcDBQMqEwbAMA0GCSqGSIb3DQEBCwUAA4IBAQCdun9ORosyoBHO
syJ5uBf5gkmExby+HuQOPdW2Xxj+tR5MdP1W3FPZZlycBo2f84ag1L6k0fGWVEU1
sJMvc5ZT1Jqvc+Llvc+QjL85JE50im0ggJe3O60nSHvCLU1lH+WRWI9vx8QH2QTN
gxPBFLGVBc8k5dUpDtvQqdQysHWmhdel6kBRwusfSOS2niVPTGeKvgA5Te1EVn0I
zEx21zZf9fpbPn31cOP9mMQEK6cY6b7PfAXT3ZZCJIkSi4SJasphyc+Byy05qhAA
osW3R41dsnZG5zZSFtZSHYAjjAxTqfhG5ucWPS51AoJ0e080gXK3tb97h85wSmrj
vKZyAbMP
-----END CERTIFICATE-----