Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/gzx51nKa18klkn9mmbB1HP8eux8.roa
File:                     gzx51nKa18klkn9mmbB1HP8eux8.roa (raw, json)
Hash identifier:          SgX8LjDjt8eGCtsEz72KcgEYWSkJa2m+TEEA7BPILuA=
Subject key identifier:   83:3C:79:D6:72:9A:D7:C9:25:92:7F:66:99:B0:75:1C:FF:1E:BB:1F
Certificate issuer:       /CN=899241a00348315c02c0e2a9150b863087d1c857
Certificate serial:       01907CD91040E9D3ACBC43296686EFB4C79D
Authority key identifier: 89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/gzx51nKa18klkn9mmbB1HP8eux8.roa
Signing time:             Thu 04 Jul 2024 08:25:18 +0000
ROA not before:           Thu 04 Jul 2024 08:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        5.45.16.0/23 maxlen: 23
                          5.45.18.0/24 maxlen: 24
                          2a01:6c8:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7c:d9:10:40:e9:d3:ac:bc:43:29:66:86:ef:b4:c7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=899241a00348315c02c0e2a9150b863087d1c857
        Validity
            Not Before: Jul  4 08:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=833c79d6729ad7c925927f6699b0751cff1ebb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e3:1b:ec:74:1d:1c:30:42:4a:77:41:2d:2c:
                    ec:01:09:79:d2:44:7c:78:20:23:c1:f3:be:cb:fc:
                    6c:d8:50:71:db:2d:9a:b1:47:94:35:9e:7a:1b:99:
                    73:40:ad:6f:6e:7b:7d:92:55:42:66:32:71:2e:b3:
                    34:ca:d9:7b:6d:d4:fe:ee:10:e0:dc:89:1c:49:08:
                    b2:48:ba:71:cc:63:b4:c2:dd:70:ea:f3:ee:c5:54:
                    29:5d:37:7c:50:3c:35:d7:2a:9e:c9:e1:07:7f:a5:
                    d1:da:ab:f0:19:d4:61:8a:42:cb:43:41:57:8f:f0:
                    ec:a3:14:36:51:4c:21:e6:eb:77:56:9a:d7:18:bb:
                    35:55:5e:b0:73:e0:2c:d4:8d:38:73:07:52:bb:6e:
                    ac:c5:47:8e:90:6f:af:5f:65:1c:52:bc:1e:0f:d1:
                    5f:72:41:55:f5:1f:dc:ac:2a:af:e8:4f:ab:0f:53:
                    c9:b0:2d:1f:cc:a5:36:ee:6f:ef:8e:17:45:b0:02:
                    1b:9a:8f:14:57:05:26:bb:11:dc:02:3e:84:f2:46:
                    df:34:6a:27:e0:15:c9:8b:41:a3:4b:24:11:3f:0b:
                    4f:eb:b2:07:a6:49:5e:90:ba:40:94:f0:0a:0e:8f:
                    b6:6e:ef:ed:7e:02:5a:77:7a:ad:79:92:0b:b2:06:
                    3d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3C:79:D6:72:9A:D7:C9:25:92:7F:66:99:B0:75:1C:FF:1E:BB:1F
            X509v3 Authority Key Identifier:
                keyid:89:92:41:A0:03:48:31:5C:02:C0:E2:A9:15:0B:86:30:87:D1:C8:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iZJBoANIMVwCwOKpFQuGMIfRyFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/gzx51nKa18klkn9mmbB1HP8eux8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e79b87-d51b-4f15-8a32-99e780bf3b98/1/iZJBoANIMVwCwOKpFQuGMIfRyFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.16.0-5.45.18.255
                IPv6:
                  2a01:6c8:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         27:18:39:14:cf:a8:94:19:14:cc:c6:33:90:e5:56:80:c0:e7:
         9b:2a:f8:7c:8c:a2:2d:e5:49:61:90:11:9d:62:7d:68:77:55:
         df:54:68:70:1d:40:db:5c:86:58:48:7b:e4:ac:e2:72:95:ef:
         6b:75:ec:fd:69:e8:c5:48:36:09:18:8a:47:34:36:d1:c0:dc:
         1d:4d:75:a4:fe:d6:e0:32:81:ed:68:98:80:ac:44:b1:3a:80:
         42:ae:9a:07:d1:d9:6d:1d:e5:df:30:cd:3a:e6:24:85:f3:24:
         c0:cf:a2:92:15:75:fa:d5:15:a9:64:29:c1:6a:74:13:19:e8:
         07:a7:48:4c:43:a6:3b:33:2e:8b:74:5e:f1:04:25:6c:6a:4e:
         91:69:d8:02:6d:fe:3f:92:81:9c:2a:d3:79:ab:8a:97:c7:cc:
         7a:b6:16:09:15:c6:e3:aa:16:c0:eb:ff:f0:18:56:29:9c:27:
         6c:d0:52:96:47:3e:f3:d7:11:e7:b5:d1:07:74:2d:95:6a:4c:
         16:4a:89:4b:60:ab:ff:99:a3:77:c0:e0:a7:6d:96:19:34:a3:
         7c:30:5b:e2:8d:ed:17:59:52:31:bc:2b:46:65:f3:88:6b:b0:
         a5:11:93:23:51:1a:5d:f8:04:e3:7f:a4:ad:c8:46:2d:40:62:
         03:a2:2c:f1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZB82RBA6dOsvEMpZobvtMedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5OTI0MWEwMDM0ODMxNWMwMmMwZTJhOTE1MGI4NjMwODdk
MWM4NTcwHhcNMjQwNzA0MDgyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNjNzlkNjcyOWFkN2M5MjU5MjdmNjY5OWIwNzUxY2ZmMWViYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+Mb7HQdHDBCSndBLSzsAQl50kR8
eCAjwfO+y/xs2FBx2y2asUeUNZ56G5lzQK1vbnt9klVCZjJxLrM0ytl7bdT+7hDg
3IkcSQiySLpxzGO0wt1w6vPuxVQpXTd8UDw11yqeyeEHf6XR2qvwGdRhikLLQ0FX
j/DsoxQ2UUwh5ut3VprXGLs1VV6wc+As1I04cwdSu26sxUeOkG+vX2UcUrweD9Ff
ckFV9R/crCqv6E+rD1PJsC0fzKU27m/vjhdFsAIbmo8UVwUmuxHcAj6E8kbfNGon
4BXJi0GjSyQRPwtP67IHpklekLpAlPAKDo+2bu/tfgJad3qteZILsgY91wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIM8edZymtfJJZJ/ZpmwdRz/HrsfMB8GA1UdIwQY
MBaAFImSQaADSDFcAsDiqRULhjCH0chXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzIt
OTllNzgwYmYzYjk4LzEvZ3p4NTFuS2ExOGtsa245bW1iQjFIUDhldXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lNzliODctZDUxYi00ZjE1LThhMzItOTllNzgwYmYzYjk4
LzEvaVpKQm9BTklNVndDd09LcEZRdUdNSWZSeUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAQFLRAD
BAAFLRIwDgQCAAIwCAMGBCoBBsggMA0GCSqGSIb3DQEBCwUAA4IBAQAnGDkUz6iU
GRTMxjOQ5VaAwOebKvh8jKIt5UlhkBGdYn1od1XfVGhwHUDbXIZYSHvkrOJyle9r
dez9aejFSDYJGIpHNDbRwNwdTXWk/tbgMoHtaJiArESxOoBCrpoH0dltHeXfMM06
5iSF8yTAz6KSFXX61RWpZCnBanQTGegHp0hMQ6Y7My6LdF7xBCVsak6RadgCbf4/
koGcKtN5q4qXx8x6thYJFcbjqhbA6//wGFYpnCds0FKWRz7z1xHntdEHdC2VakwW
SolLYKv/maN3wOCnbZYZNKN8MFvije0XWVIxvCtGZfOIa7ClEZMjURpd+ATjf6St
yEYtQGIDoizx
-----END CERTIFICATE-----