Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/zeynq_0b1xrBjO5cOjgEpeekOmk.roa
File:                     zeynq_0b1xrBjO5cOjgEpeekOmk.roa (raw, json)
Hash identifier:          N9CEL8D3XvzkyUF7htLf0S1EgLZZ8RuYzU1qtc/R7yg=
Subject key identifier:   CD:EC:A7:AB:FD:1B:D7:1A:C1:8C:EE:5C:3A:38:04:A5:E7:A4:3A:69
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D708CFBA71FD9E40F5C347B3B55B4A
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/zeynq_0b1xrBjO5cOjgEpeekOmk.roa
Signing time:             Wed 01 Jan 2025 21:48:02 +0000
ROA not before:           Wed 01 Jan 2025 21:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25227
IP address blocks:        185.106.95.0/24 maxlen: 24
                          185.244.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:08:cf:ba:71:fd:9e:40:f5:c3:47:b3:b5:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdeca7abfd1bd71ac18cee5c3a3804a5e7a43a69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:27:4c:41:8e:c0:1c:e3:8e:f7:b2:47:f2:d6:
                    1a:53:30:71:43:b7:f4:12:10:10:a7:2b:8e:aa:56:
                    ea:cc:e8:c8:53:88:b5:e2:4a:f8:ba:ac:90:8c:4a:
                    49:5f:c7:98:40:e2:10:b8:46:c9:97:5a:61:a2:43:
                    12:1d:c7:ac:5b:0a:85:fd:23:6b:9a:d5:b4:12:14:
                    87:73:6d:27:81:85:41:ef:80:6f:a8:c9:c8:0b:96:
                    86:54:59:c6:0c:20:98:0b:19:6d:57:76:d9:20:9e:
                    68:b0:3d:55:2e:d3:52:a4:64:ec:dd:67:03:10:f8:
                    f5:65:c4:c7:22:f3:96:72:19:58:27:8c:3c:99:da:
                    2f:48:b8:74:4f:1d:5e:b1:65:6e:73:e4:a2:f4:40:
                    e0:7e:b7:e2:44:96:96:a3:7c:b8:14:14:0a:cd:1c:
                    7d:97:0a:be:f5:e5:89:92:18:6d:5d:fd:6d:46:17:
                    f7:1d:a4:57:c0:55:36:8a:f2:c2:5d:64:47:df:ac:
                    2b:57:0c:db:a1:52:0e:e1:40:c1:c2:83:74:b6:0b:
                    e2:0c:66:5c:83:11:a5:af:52:c6:28:a2:e5:5e:5f:
                    17:c4:fd:ae:b8:e7:55:27:54:33:ca:5f:43:3e:96:
                    cc:30:2e:88:42:03:63:4e:58:d2:00:b5:b6:ed:63:
                    1b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:EC:A7:AB:FD:1B:D7:1A:C1:8C:EE:5C:3A:38:04:A5:E7:A4:3A:69
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/zeynq_0b1xrBjO5cOjgEpeekOmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24
                  185.244.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:54:e8:52:22:5f:28:46:2e:31:c6:0b:9a:b4:c9:24:51:20:
         3e:ae:7e:58:78:f2:80:a4:bb:dd:a2:b4:59:d8:50:ef:96:fb:
         82:44:5d:d1:72:49:69:9a:5d:6f:ae:4e:68:8a:6b:19:96:dc:
         57:49:d4:53:ce:cc:e5:68:a9:2a:d2:0f:d3:b7:1a:34:c8:28:
         6a:d5:a7:23:8b:a3:a8:bc:48:7b:2b:7c:c3:a5:49:58:ef:70:
         f0:ff:b6:6b:6c:ff:ed:c4:fa:33:bd:83:dc:5d:84:7b:ce:29:
         85:83:64:69:f7:90:57:3c:c2:c1:c0:80:8c:52:29:75:70:62:
         ee:e6:41:f6:4c:9e:b9:68:fd:62:33:cc:f0:d2:28:87:d4:93:
         b1:72:d5:50:6f:24:7b:22:45:85:69:93:65:92:92:0d:79:db:
         ad:37:36:53:6d:24:3e:cc:f0:e2:a9:cf:99:71:89:61:70:80:
         51:fb:a1:c4:a3:1b:6d:81:0e:02:d6:fe:61:f0:88:9b:2f:a4:
         a7:b6:c3:11:94:99:86:a1:f7:9b:9f:2e:3a:68:a4:5d:47:7e:
         97:72:41:0d:c3:5a:43:f3:bf:e9:2f:ab:44:6b:98:40:3f:74:
         17:07:cf:8d:19:f1:d8:cb:0e:31:e1:16:49:45:a3:38:8d:f5:
         ac:9f:86:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1wjPunH9nkD1w0eztVtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGVjYTdhYmZkMWJkNzFhYzE4Y2VlNWMzYTM4MDRhNWU3YTQzYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCdMQY7AHOOO97JH8tYaUzBxQ7f0
EhAQpyuOqlbqzOjIU4i14kr4uqyQjEpJX8eYQOIQuEbJl1phokMSHcesWwqF/SNr
mtW0EhSHc20ngYVB74BvqMnIC5aGVFnGDCCYCxltV3bZIJ5osD1VLtNSpGTs3WcD
EPj1ZcTHIvOWchlYJ4w8mdovSLh0Tx1esWVuc+Si9EDgfrfiRJaWo3y4FBQKzRx9
lwq+9eWJkhhtXf1tRhf3HaRXwFU2ivLCXWRH36wrVwzboVIO4UDBwoN0tgviDGZc
gxGlr1LGKKLlXl8XxP2uuOdVJ1Qzyl9DPpbMMC6IQgNjTljSALW27WMbMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM3sp6v9G9cawYzuXDo4BKXnpDppMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvemV5bnFfMGIxeHJCak81Y09qZ0VwZWVrT21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWpfAwQA
ufSvMA0GCSqGSIb3DQEBCwUAA4IBAQAVVOhSIl8oRi4xxguatMkkUSA+rn5YePKA
pLvdorRZ2FDvlvuCRF3Rcklpml1vrk5oimsZltxXSdRTzszlaKkq0g/Ttxo0yChq
1acji6OovEh7K3zDpUlY73Dw/7ZrbP/txPozvYPcXYR7zimFg2Rp95BXPMLBwICM
Uil1cGLu5kH2TJ65aP1iM8zw0iiH1JOxctVQbyR7IkWFaZNlkpINedutNzZTbSQ+
zPDiqc+ZcYlhcIBR+6HEoxttgQ4C1v5h8IibL6SntsMRlJmGofebny46aKRdR36X
ckENw1pD87/pL6tEa5hAP3QXB8+NGfHYyw4x4RZJRaM4jfWsn4Yu
-----END CERTIFICATE-----