Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/5zoRP68EVGDpXKwRwzUsGLHu-RY.roa
File:                     5zoRP68EVGDpXKwRwzUsGLHu-RY.roa (raw, json)
Hash identifier:          +G8Jr7o2yQYUluTJTvXDAD+vj+5ImCPfksbZKx/QVjg=
Subject key identifier:   E7:3A:11:3F:AF:04:54:60:E9:5C:AC:11:C3:35:2C:18:B1:EE:F9:16
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0196E7ADD1D5DF3D7BE9B1EA9ABC2822BA87
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/5zoRP68EVGDpXKwRwzUsGLHu-RY.roa
Signing time:             Mon 19 May 2025 08:34:10 +0000
ROA not before:           Mon 19 May 2025 08:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134176
IP address blocks:        109.121.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:ad:d1:d5:df:3d:7b:e9:b1:ea:9a:bc:28:22:ba:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 19 08:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e73a113faf045460e95cac11c3352c18b1eef916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b7:61:99:49:bd:ef:ea:e1:90:3e:40:31:34:
                    e3:21:d1:b6:9e:a7:76:5b:98:1d:f4:98:ab:79:a6:
                    e2:39:ec:13:04:a1:be:a9:a4:6d:1c:c7:6e:1a:b9:
                    b0:d5:27:3c:af:63:b1:02:20:39:20:40:29:a3:7d:
                    9b:06:db:f7:60:62:ae:2d:2e:6b:58:11:84:d8:1b:
                    e6:5b:46:59:11:cb:2f:74:87:10:d1:eb:4b:93:99:
                    51:65:cd:e2:c4:45:4f:a3:fd:88:8f:0d:85:b7:e3:
                    0e:19:fb:18:07:1e:3f:1b:3d:e7:95:56:db:6b:9d:
                    81:58:cd:a7:16:bf:29:24:d4:2d:84:e8:20:d6:9d:
                    4b:a5:91:26:2a:79:73:ed:35:40:f8:cc:48:73:3a:
                    77:e3:ad:cd:89:e4:a9:e0:cd:8f:e7:27:86:d4:b6:
                    03:d8:07:9e:19:10:4e:f2:5e:08:9a:3c:d5:8c:8b:
                    76:c8:48:c6:1d:96:27:43:c2:56:1f:35:f8:39:98:
                    f1:3b:5b:b3:8a:b9:f6:5e:47:1a:bf:df:3a:27:84:
                    8c:72:56:c6:0b:da:2d:0c:be:f0:16:b6:15:6f:65:
                    d8:d6:b2:f6:88:6e:7d:ee:21:75:78:b2:a8:7c:20:
                    e4:b9:7e:43:3e:58:b0:8b:c1:b7:9d:12:8c:ef:ea:
                    bd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:3A:11:3F:AF:04:54:60:E9:5C:AC:11:C3:35:2C:18:B1:EE:F9:16
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/5zoRP68EVGDpXKwRwzUsGLHu-RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:be:00:6e:15:b1:6a:f0:b6:78:47:41:ac:b3:28:c2:7c:9c:
         d4:bc:6b:e3:71:19:c1:32:8a:89:fc:bc:33:e8:29:e6:f2:1f:
         75:c4:9c:14:87:79:00:8a:e1:b6:fe:f6:5f:be:d6:69:97:96:
         96:33:eb:86:14:2b:95:ba:22:be:ec:c6:ab:8b:25:8d:c6:46:
         46:4a:81:ef:24:23:da:43:40:13:bb:34:b9:5a:28:16:2c:c9:
         55:ba:ad:9f:c8:3b:f9:5d:b6:48:ea:7d:2a:84:4f:c4:02:b0:
         8b:f3:9d:df:9a:11:2c:34:3b:e6:85:2e:80:da:f4:b7:82:9d:
         94:92:7a:ad:e0:d7:a9:99:4a:94:73:da:fe:be:5b:46:13:c6:
         ed:5d:95:7e:cb:5b:7d:4b:ac:4f:24:ee:42:d1:77:af:22:de:
         75:2c:13:f3:bc:12:c3:2a:ae:5d:66:6b:18:18:94:ee:9a:72:
         9f:73:2e:8a:90:7b:9d:05:6f:d8:01:11:43:f4:a6:7c:06:8e:
         36:c2:f5:a6:ed:78:a2:eb:75:60:b0:eb:69:68:96:69:16:e2:
         45:2a:11:ca:f0:2e:6f:8e:2d:2c:ad:23:6a:ce:80:85:80:b1:
         d6:19:69:1e:d3:b0:c9:c6:ab:12:91:c8:14:83:59:41:f5:6b:
         74:a1:48:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbnrdHV3z176bHqmrwoIrqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNTE5MDgzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzNhMTEzZmFmMDQ1NDYwZTk1Y2FjMTFjMzM1MmMxOGIxZWVmOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLdhmUm97+rhkD5AMTTjIdG2nqd2
W5gd9JireabiOewTBKG+qaRtHMduGrmw1Sc8r2OxAiA5IEApo32bBtv3YGKuLS5r
WBGE2BvmW0ZZEcsvdIcQ0etLk5lRZc3ixEVPo/2Ijw2Ft+MOGfsYBx4/Gz3nlVbb
a52BWM2nFr8pJNQthOgg1p1LpZEmKnlz7TVA+MxIczp3463NieSp4M2P5yeG1LYD
2AeeGRBO8l4ImjzVjIt2yEjGHZYnQ8JWHzX4OZjxO1uzirn2Xkcav986J4SMclbG
C9otDL7wFrYVb2XY1rL2iG597iF1eLKofCDkuX5DPliwi8G3nRKM7+q9cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOc6ET+vBFRg6VysEcM1LBix7vkWMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNXpvUlA2OEVWR0RwWEt3Und6VXNHTEh1LVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkiMA0G
CSqGSIb3DQEBCwUAA4IBAQB3vgBuFbFq8LZ4R0GssyjCfJzUvGvjcRnBMoqJ/Lwz
6Cnm8h91xJwUh3kAiuG2/vZfvtZpl5aWM+uGFCuVuiK+7MariyWNxkZGSoHvJCPa
Q0ATuzS5WigWLMlVuq2fyDv5XbZI6n0qhE/EArCL853fmhEsNDvmhS6A2vS3gp2U
knqt4NepmUqUc9r+vltGE8btXZV+y1t9S6xPJO5C0XevIt51LBPzvBLDKq5dZmsY
GJTumnKfcy6KkHudBW/YARFD9KZ8Bo42wvWm7Xii63VgsOtpaJZpFuJFKhHK8C5v
ji0srSNqzoCFgLHWGWke07DJxqsSkcgUg1lB9Wt0oUih
-----END CERTIFICATE-----