Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/zgslkGsdDbo-83qCCgJ7ueeD908.roa
File:                     zgslkGsdDbo-83qCCgJ7ueeD908.roa (raw, json)
Hash identifier:          oQmBgVS3Wh0yqMQW3hPh1qFWDPXgZCrq5bbnQf1I4lM=
Subject key identifier:   CE:0B:25:90:6B:1D:0D:BA:3E:F3:7A:82:0A:02:7B:B9:E7:83:F7:4F
Certificate issuer:       /CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
Certificate serial:       0194244486C02A437ACD82069E2311B80E1E
Authority key identifier: 77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/zgslkGsdDbo-83qCCgJ7ueeD908.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209103
IP address blocks:        79.135.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:86:c0:2a:43:7a:cd:82:06:9e:23:11:b8:0e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce0b25906b1d0dba3ef37a820a027bb9e783f74f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7d:2f:a7:32:a0:4a:2a:61:cc:8d:52:30:d6:
                    83:89:34:94:bb:a0:cd:b4:ed:63:47:46:ba:e8:cd:
                    60:bd:08:2e:ee:8f:2d:33:95:70:de:a8:44:68:f3:
                    c4:c7:f0:f9:21:27:65:d4:c5:65:39:31:a2:5f:10:
                    5c:68:b6:4a:5e:c3:0d:22:af:53:38:b3:c5:0c:25:
                    e9:3d:44:64:cc:ac:0a:ac:8e:27:ac:af:f2:9e:08:
                    75:67:87:3c:f6:5c:e4:3f:db:08:9c:11:38:8e:2a:
                    ea:46:8e:a4:8a:80:23:1f:15:39:4d:56:fb:6b:3c:
                    26:ac:30:21:27:df:80:a1:3a:f9:ce:df:35:2e:3e:
                    6f:e2:29:3e:55:48:04:b4:2e:61:f4:82:50:16:1a:
                    d0:e2:d9:f6:95:d0:57:a9:b8:85:14:1b:6f:46:b5:
                    49:5b:dd:e0:f4:08:fb:56:ac:e4:5a:6a:d6:5b:b1:
                    35:bd:05:89:f0:5e:61:70:e8:4e:04:32:21:1d:77:
                    99:f2:29:d4:a0:c6:76:47:58:bb:00:40:49:5c:49:
                    3e:21:9b:9c:a2:82:35:0e:fc:74:d1:a2:fc:d8:f3:
                    a1:bb:8f:41:c1:20:be:6c:11:87:24:fd:09:6d:83:
                    c1:17:ab:58:8a:b3:e2:a0:3b:68:61:25:63:07:b3:
                    8b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0B:25:90:6B:1D:0D:BA:3E:F3:7A:82:0A:02:7B:B9:E7:83:F7:4F
            X509v3 Authority Key Identifier:
                keyid:77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/zgslkGsdDbo-83qCCgJ7ueeD908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.135.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b9:b4:35:f3:8a:5a:24:48:57:63:b7:aa:1c:17:67:22:46:
         14:cd:60:7d:ec:7a:06:9e:5c:2f:d1:4a:e2:52:88:ba:7a:e6:
         e8:0b:a7:22:2b:c9:af:c5:5d:6e:46:85:fd:49:11:eb:1f:db:
         eb:9e:66:aa:e2:31:7e:8b:57:2a:c8:a9:5b:f3:fd:c0:df:72:
         4b:44:43:53:cb:b3:6b:81:26:f5:ce:f1:d4:a6:86:91:3f:d1:
         9f:a5:40:d1:a0:2c:14:c9:6b:24:b7:fb:4a:f3:da:0b:ca:61:
         56:4d:7b:9e:95:a8:34:45:78:6b:c3:42:dd:79:71:6e:a7:64:
         7f:b6:59:9b:6c:b7:ae:f4:c9:3e:39:22:c8:20:e7:63:b0:5c:
         fd:52:88:85:af:b8:5d:98:4b:33:9a:31:53:a3:86:4a:e8:0e:
         49:d3:63:57:b9:71:83:83:a1:20:6a:47:5e:27:cc:ff:45:87:
         01:24:fd:9b:8d:43:30:15:9a:53:15:e9:56:10:6f:92:38:aa:
         44:27:e7:32:1a:a4:8f:fa:73:2d:33:3a:a6:3c:12:60:39:17:
         46:ee:32:76:f0:fc:b5:9e:0a:ed:68:58:00:f8:14:10:8f:51:
         24:4a:19:44:46:5b:a3:8c:74:b1:56:d2:e4:02:da:3b:55:41:
         b3:93:a1:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIbAKkN6zYIGniMRuA4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzZhNWM4NWEwOGQ4MDc0OTA0MWNiOWNmYTUxN2ZiN2Q1
ODliYTgwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTBiMjU5MDZiMWQwZGJhM2VmMzdhODIwYTAyN2JiOWU3ODNmNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn0vpzKgSiphzI1SMNaDiTSUu6DN
tO1jR0a66M1gvQgu7o8tM5Vw3qhEaPPEx/D5ISdl1MVlOTGiXxBcaLZKXsMNIq9T
OLPFDCXpPURkzKwKrI4nrK/yngh1Z4c89lzkP9sInBE4jirqRo6kioAjHxU5TVb7
azwmrDAhJ9+AoTr5zt81Lj5v4ik+VUgEtC5h9IJQFhrQ4tn2ldBXqbiFFBtvRrVJ
W93g9Aj7VqzkWmrWW7E1vQWJ8F5hcOhOBDIhHXeZ8inUoMZ2R1i7AEBJXEk+IZuc
ooI1Dvx00aL82POhu49BwSC+bBGHJP0JbYPBF6tYirPioDtoYSVjB7OLzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4LJZBrHQ26PvN6ggoCe7nng/dPMB8GA1UdIwQY
MBaAFHc2pchaCNgHSQQcuc+lF/t9WJuoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTkt
Y2YxZjRjN2M5MjIyLzEvemdzbGtHc2REYm8tODNxQ0NnSjd1ZWVEOTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTktY2YxZjRjN2M5MjIy
LzEvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4doMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ubQ184paJEhXY7eqHBdnIkYUzWB97HoGnlwv0Uri
Uoi6euboC6ciK8mvxV1uRoX9SRHrH9vrnmaq4jF+i1cqyKlb8/3A33JLRENTy7Nr
gSb1zvHUpoaRP9GfpUDRoCwUyWskt/tK89oLymFWTXuelag0RXhrw0LdeXFup2R/
tlmbbLeu9Mk+OSLIIOdjsFz9UoiFr7hdmEszmjFTo4ZK6A5J02NXuXGDg6Egakde
J8z/RYcBJP2bjUMwFZpTFelWEG+SOKpEJ+cyGqSP+nMtMzqmPBJgORdG7jJ28Py1
ngrtaFgA+BQQj1EkShlERlujjHSxVtLkAto7VUGzk6Ff
-----END CERTIFICATE-----