Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/zomoxdAdOPcJkTkRQBtLj8THS7E.roa
File:                     zomoxdAdOPcJkTkRQBtLj8THS7E.roa (raw, json)
Hash identifier:          HywlERnXGDkjWEHTc4UIBFSfO9/yrJ9UtEQjc3ctIXE=
Subject key identifier:   CE:89:A8:C5:D0:1D:38:F7:09:91:39:11:40:1B:4B:8F:C4:C7:4B:B1
Certificate issuer:       /CN=8e7fced4f34e7f37e751b5b45f30b99c6311f97e
Certificate serial:       019420D65D5CD61BFD973FF8A20749C57522
Authority key identifier: 8E:7F:CE:D4:F3:4E:7F:37:E7:51:B5:B4:5F:30:B9:9C:63:11:F9:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/zomoxdAdOPcJkTkRQBtLj8THS7E.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198126
IP address blocks:        91.231.228.0/24 maxlen: 24
                          2001:678:3bc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5d:5c:d6:1b:fd:97:3f:f8:a2:07:49:c5:75:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e7fced4f34e7f37e751b5b45f30b99c6311f97e
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce89a8c5d01d38f709913911401b4b8fc4c74bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ba:4c:47:6a:ea:1b:b6:38:03:5b:0c:93:69:
                    c2:f0:51:53:23:d6:d5:96:98:2e:af:77:e6:2d:b8:
                    43:00:92:63:56:b2:8f:6c:4a:59:f5:5d:cf:4a:15:
                    87:68:f5:bf:fd:38:d2:e6:31:e4:e2:b1:04:45:6b:
                    85:33:46:54:d7:dc:66:17:cb:18:51:8b:25:d0:f7:
                    96:e5:91:22:72:1b:72:33:eb:ab:1c:13:f6:a3:ea:
                    76:61:e4:7b:6b:53:23:61:9d:fa:92:be:9e:14:90:
                    60:e2:39:4d:f3:a5:a2:d1:91:46:5f:d3:2b:00:b0:
                    28:50:47:28:27:61:de:d6:3c:f8:51:e0:b3:84:c4:
                    73:80:bd:47:57:22:5e:aa:6b:4b:20:35:b7:c1:2a:
                    cd:1d:13:97:11:5c:9d:31:5b:48:5e:85:ec:fb:47:
                    28:58:86:1f:5a:d4:51:bf:88:de:02:65:77:5e:f1:
                    ca:57:69:da:a9:f6:f9:7b:ed:cb:cf:0b:be:52:83:
                    a2:d2:82:9f:b1:ab:7e:ba:74:dc:e2:3d:58:fb:2f:
                    75:ef:54:05:ac:14:08:95:c7:1c:03:05:88:74:90:
                    46:0c:ed:64:63:09:bb:d0:6e:30:b9:71:e7:83:3c:
                    02:f3:ea:2f:45:63:65:bd:8e:1e:b9:7e:22:de:ed:
                    30:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:89:A8:C5:D0:1D:38:F7:09:91:39:11:40:1B:4B:8F:C4:C7:4B:B1
            X509v3 Authority Key Identifier:
                keyid:8E:7F:CE:D4:F3:4E:7F:37:E7:51:B5:B4:5F:30:B9:9C:63:11:F9:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/zomoxdAdOPcJkTkRQBtLj8THS7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.228.0/24
                IPv6:
                  2001:678:3bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:76:84:4b:21:e7:14:e5:e1:8f:36:5b:d7:4e:9b:8a:86:
         8f:a4:df:66:b3:6e:c7:f1:da:00:45:a7:78:7b:76:95:1d:1b:
         2e:42:06:b9:15:41:d0:41:09:bc:61:f3:81:66:18:a4:d6:c2:
         30:72:86:a3:6f:5d:c0:7d:85:01:46:4a:77:ce:b0:14:67:29:
         30:ea:91:14:64:00:88:16:bf:0c:e3:d3:56:64:01:d3:e2:ca:
         f9:cd:08:be:09:d4:43:12:29:75:81:2f:f6:0b:89:54:2a:bf:
         57:b2:0c:51:95:5c:15:bf:e7:9f:34:00:44:4c:8b:1f:3b:5b:
         44:bf:c2:52:2d:e3:a8:34:3a:80:4d:44:9d:f5:a5:a4:b8:9e:
         6e:8a:df:8c:c9:ef:9f:1e:9b:96:c7:5d:7e:b3:4e:fa:94:1c:
         ad:ca:c4:03:f4:bd:60:2c:b7:e1:03:92:3f:6c:f7:51:2f:33:
         1e:f8:55:fe:1a:c5:2d:a1:a4:1b:e1:e1:9c:31:9d:27:57:bb:
         55:c2:72:5c:96:bc:cd:4b:45:20:33:20:c0:d5:56:60:d8:17:
         f6:19:bb:5e:01:f1:47:16:06:8d:50:97:7d:76:65:e4:43:8b:
         42:13:40:df:d4:04:fb:6a:dc:e7:bd:d5:b4:ff:d4:67:75:9d:
         e8:15:41:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1l1c1hv9lz/4ogdJxXUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2ZjZWQ0ZjM0ZTdmMzdlNzUxYjViNDVmMzBiOTljNjMx
MWY5N2UwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTg5YThjNWQwMWQzOGY3MDk5MTM5MTE0MDFiNGI4ZmM0Yzc0YmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbpMR2rqG7Y4A1sMk2nC8FFTI9bV
lpgur3fmLbhDAJJjVrKPbEpZ9V3PShWHaPW//TjS5jHk4rEERWuFM0ZU19xmF8sY
UYsl0PeW5ZEichtyM+urHBP2o+p2YeR7a1MjYZ36kr6eFJBg4jlN86Wi0ZFGX9Mr
ALAoUEcoJ2He1jz4UeCzhMRzgL1HVyJeqmtLIDW3wSrNHROXEVydMVtIXoXs+0co
WIYfWtRRv4jeAmV3XvHKV2naqfb5e+3Lzwu+UoOi0oKfsat+unTc4j1Y+y9171QF
rBQIlcccAwWIdJBGDO1kYwm70G4wuXHngzwC8+ovRWNlvY4euX4i3u0wOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM6JqMXQHTj3CZE5EUAbS4/Ex0uxMB8GA1UdIwQY
MBaAFI5/ztTzTn8351G1tF8wuZxjEfl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam5fTzFQTk9memZuVWJXMFh6QzVuR01SLVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85MTNjZDctNTkzZi00ZTk5LWI1ZWUt
MGQwNTAzNThlNjU2LzEvem9tb3hkQWRPUGNKa1RrUlFCdExqOFRIUzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85MTNjZDctNTkzZi00ZTk5LWI1ZWUtMGQwNTAzNThlNjU2
LzEvam5fTzFQTk9memZuVWJXMFh6QzVuR01SLVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+fkMA8E
AgACMAkDBwAgAQZ4A7wwDQYJKoZIhvcNAQELBQADggEBADi7doRLIecU5eGPNlvX
TpuKho+k32azbsfx2gBFp3h7dpUdGy5CBrkVQdBBCbxh84FmGKTWwjByhqNvXcB9
hQFGSnfOsBRnKTDqkRRkAIgWvwzj01ZkAdPiyvnNCL4J1EMSKXWBL/YLiVQqv1ey
DFGVXBW/5580AERMix87W0S/wlIt46g0OoBNRJ31paS4nm6K34zJ758em5bHXX6z
TvqUHK3KxAP0vWAst+EDkj9s91EvMx74Vf4axS2hpBvh4ZwxnSdXu1XCclyWvM1L
RSAzIMDVVmDYF/YZu14B8UcWBo1Ql312ZeRDi0ITQN/UBPtq3Oe91bT/1Gd1negV
QUk=
-----END CERTIFICATE-----