Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/za-qKZumAJe5b0iEnZwziy5sjdU.roa
File:                     za-qKZumAJe5b0iEnZwziy5sjdU.roa (raw, json)
Hash identifier:          XmSM2jKwnfhXk2mj4bb8vX6fKWH5CT7ewc4M4Z9cJsQ=
Subject key identifier:   CD:AF:AA:29:9B:A6:00:97:B9:6F:48:84:9D:9C:33:8B:2E:6C:8D:D5
Certificate issuer:       /CN=63082d6d3a1dc501795737537ca74d27a80265a2
Certificate serial:       0196885E1A887EAC9D20E49A51CEECA7BC81
Authority key identifier: 63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/za-qKZumAJe5b0iEnZwziy5sjdU.roa
Signing time:             Wed 30 Apr 2025 20:23:10 +0000
ROA not before:           Wed 30 Apr 2025 20:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202650
IP address blocks:        79.174.191.0/24 maxlen: 24
                          178.213.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 22:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:88:5e:1a:88:7e:ac:9d:20:e4:9a:51:ce:ec:a7:bc:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63082d6d3a1dc501795737537ca74d27a80265a2
        Validity
            Not Before: Apr 30 20:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdafaa299ba60097b96f48849d9c338b2e6c8dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7f:30:f9:cd:9b:5b:6b:dd:18:c3:ee:e5:a4:
                    d7:05:b2:aa:02:2e:82:da:26:57:fb:5b:94:8a:41:
                    ea:f1:9f:c6:b6:ba:7e:e3:75:8c:85:50:69:16:f0:
                    49:cc:44:97:e3:be:8c:f8:f5:14:25:9d:cc:3f:69:
                    7e:01:92:d0:f6:6f:04:d1:74:de:fb:9a:97:15:4a:
                    c5:79:3b:a5:d6:db:4c:54:0f:2f:0e:f1:6d:e3:ed:
                    15:2a:b6:3c:fd:ef:0a:dc:99:76:fd:58:ad:ca:8a:
                    88:2b:25:8d:9f:73:24:7e:b0:2b:db:34:df:58:c5:
                    21:99:35:58:f8:69:0c:d4:52:a1:8b:1d:cd:70:e7:
                    a9:99:92:38:aa:6f:33:c6:44:be:63:90:2b:c3:cc:
                    21:d7:aa:09:59:e6:b8:8e:62:e8:9d:c2:72:7d:0c:
                    d9:f0:a4:47:41:e4:2a:e6:78:f1:3e:78:c0:a8:97:
                    0c:35:f8:ad:d2:ff:2f:82:26:7d:80:fc:7e:40:a9:
                    5e:49:28:a5:5c:0e:41:01:9b:22:a1:ca:0f:38:22:
                    1e:0a:52:65:0f:53:92:2a:5b:52:59:c0:72:08:e4:
                    15:60:24:4f:41:b0:7c:c1:ff:7d:59:11:3a:9c:df:
                    6f:bf:73:d7:f3:15:0f:44:85:bc:56:8d:0f:73:66:
                    eb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AF:AA:29:9B:A6:00:97:B9:6F:48:84:9D:9C:33:8B:2E:6C:8D:D5
            X509v3 Authority Key Identifier:
                keyid:63:08:2D:6D:3A:1D:C5:01:79:57:37:53:7C:A7:4D:27:A8:02:65:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YwgtbTodxQF5VzdTfKdNJ6gCZaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/za-qKZumAJe5b0iEnZwziy5sjdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97e1e2-567f-414e-9b03-c18ad36a7b30/1/YwgtbTodxQF5VzdTfKdNJ6gCZaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.191.0/24
                  178.213.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c9:99:a6:77:62:11:95:02:e2:ef:46:d7:b0:ea:bf:a8:e5:
         87:df:29:47:2d:e1:58:a4:a2:52:eb:f0:81:d5:46:52:8b:44:
         3e:2c:e6:1e:31:54:af:67:db:41:01:b3:e8:a7:b2:4d:7b:ff:
         78:78:e7:9a:91:e3:9c:0c:f2:a8:9f:20:e5:68:a2:05:04:0b:
         7d:0a:75:71:ef:97:8f:f4:c9:41:fe:e6:be:c4:6a:77:96:d7:
         32:85:05:ba:1f:75:42:0f:b9:b4:94:b0:de:bf:70:1b:35:e7:
         b8:92:b6:62:8a:11:df:c4:b7:1c:ea:1f:0b:39:df:17:11:1c:
         20:f2:02:98:3f:b8:8d:ef:c5:a3:c5:08:b8:54:d2:60:1f:b6:
         8e:58:b5:a9:f1:5e:0c:22:56:4b:6c:88:58:b3:f7:be:85:a7:
         79:e8:a3:78:10:9e:d5:00:d5:e1:11:64:fb:f6:a0:3c:07:81:
         7e:fb:c2:46:7c:f2:b1:45:3b:fd:c0:ee:61:c8:0c:47:33:46:
         de:48:84:06:f0:26:74:83:d2:f8:28:fb:68:24:41:6b:ae:3e:
         ae:92:69:6a:2b:0d:12:cb:20:5e:82:39:43:f4:55:35:71:77:
         5f:dc:5d:e8:0a:57:77:9f:53:d3:f4:0b:fc:b6:44:98:4a:c3:
         f8:bb:03:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaIXhqIfqydIOSaUc7sp7yBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMDgyZDZkM2ExZGM1MDE3OTU3Mzc1MzdjYTc0ZDI3YTgw
MjY1YTIwHhcNMjUwNDMwMjAyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFmYWEyOTliYTYwMDk3Yjk2ZjQ4ODQ5ZDljMzM4YjJlNmM4ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn8w+c2bW2vdGMPu5aTXBbKqAi6C
2iZX+1uUikHq8Z/Gtrp+43WMhVBpFvBJzESX476M+PUUJZ3MP2l+AZLQ9m8E0XTe
+5qXFUrFeTul1ttMVA8vDvFt4+0VKrY8/e8K3Jl2/VityoqIKyWNn3MkfrAr2zTf
WMUhmTVY+GkM1FKhix3NcOepmZI4qm8zxkS+Y5Arw8wh16oJWea4jmLoncJyfQzZ
8KRHQeQq5njxPnjAqJcMNfit0v8vgiZ9gPx+QKleSSilXA5BAZsiocoPOCIeClJl
D1OSKltSWcByCOQVYCRPQbB8wf99WRE6nN9vv3PX8xUPRIW8Vo0Pc2br0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM2vqimbpgCXuW9IhJ2cM4subI3VMB8GA1UdIwQY
MBaAFGMILW06HcUBeVc3U3ynTSeoAmWiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMt
YzE4YWQzNmE3YjMwLzEvemEtcUtadW1BSmU1YjBpRW5ad3ppeTVzamRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2UxZTItNTY3Zi00MTRlLTliMDMtYzE4YWQzNmE3YjMw
LzEvWXdndGJUb2R4UUY1VnpkVGZLZE5KNmdDWmFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT66/AwQA
stVXMA0GCSqGSIb3DQEBCwUAA4IBAQAiyZmmd2IRlQLi70bXsOq/qOWH3ylHLeFY
pKJS6/CB1UZSi0Q+LOYeMVSvZ9tBAbPop7JNe/94eOeakeOcDPKonyDlaKIFBAt9
CnVx75eP9MlB/ua+xGp3ltcyhQW6H3VCD7m0lLDev3AbNee4krZiihHfxLcc6h8L
Od8XERwg8gKYP7iN78WjxQi4VNJgH7aOWLWp8V4MIlZLbIhYs/e+had56KN4EJ7V
ANXhEWT79qA8B4F++8JGfPKxRTv9wO5hyAxHM0beSIQG8CZ0g9L4KPtoJEFrrj6u
kmlqKw0SyyBegjlD9FU1cXdf3F3oCld3n1PT9Av8tkSYSsP4uwP7
-----END CERTIFICATE-----