Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/8NHyyXImfpTMW71nUWch0BiF5Xg.roa
File:                     8NHyyXImfpTMW71nUWch0BiF5Xg.roa (raw, json)
Hash identifier:          eGClbyh1h6xo26ZfLRahAomcB8GyqPbNSmUc+I5rBP8=
Subject key identifier:   F0:D1:F2:C9:72:26:7E:94:CC:5B:BD:67:51:67:21:D0:18:85:E5:78
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       01941F8C3B8611A78B20F949697C9B9BB5E9
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/8NHyyXImfpTMW71nUWch0BiF5Xg.roa
Signing time:             Wed 01 Jan 2025 01:47:51 +0000
ROA not before:           Wed 01 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214172
IP address blocks:        91.108.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3b:86:11:a7:8b:20:f9:49:69:7c:9b:9b:b5:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  1 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0d1f2c972267e94cc5bbd67516721d01885e578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:70:65:f1:aa:8b:24:2c:1f:3c:c8:5e:8c:c0:
                    44:9f:65:41:43:98:07:1c:30:6e:0e:f6:2f:fd:68:
                    38:5f:bb:a3:9e:c2:2f:03:76:14:01:fd:56:48:e0:
                    17:17:52:bf:29:5a:27:42:bd:0e:07:cf:6e:17:ab:
                    86:81:78:68:4e:ea:0e:c3:51:c4:73:83:9f:25:be:
                    02:a2:bc:de:b9:f9:5e:93:0b:1f:7f:0b:d4:f7:49:
                    17:fd:39:d6:de:21:34:6f:cc:27:e3:6d:be:0c:b7:
                    e8:5f:db:13:6d:58:ab:0f:2d:e5:24:de:d8:0b:ba:
                    19:ea:34:71:01:3e:ea:8e:36:cf:6b:3c:e1:fa:4f:
                    6e:6b:82:be:32:72:a4:b5:55:b4:86:1c:3e:22:3b:
                    e4:5c:3a:8a:a9:75:81:c6:a1:e6:ff:5c:2c:9b:08:
                    73:cf:a4:c8:74:82:82:d9:c3:39:20:94:2d:cb:be:
                    de:13:88:a4:c9:2b:c3:c2:46:aa:4b:6e:0b:db:d6:
                    25:11:72:b2:7c:51:19:81:c1:61:3d:70:53:61:f4:
                    00:26:ed:68:95:cf:97:5a:a8:9e:80:56:3b:9c:2c:
                    96:c7:4b:4a:d6:34:69:ad:75:13:c3:9f:48:77:64:
                    95:9b:ed:7d:b7:64:a8:85:37:b7:2e:7f:40:60:78:
                    0b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:D1:F2:C9:72:26:7E:94:CC:5B:BD:67:51:67:21:D0:18:85:E5:78
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/8NHyyXImfpTMW71nUWch0BiF5Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ab:db:08:ce:2c:a0:52:49:8b:df:75:6c:d9:bd:36:f3:a8:
         bd:04:b4:fb:bc:09:44:83:c7:02:45:3b:a5:da:07:25:7a:24:
         cf:54:aa:7b:1a:80:0d:20:c3:4d:3a:05:19:3f:51:07:73:cb:
         11:6a:2a:b8:02:9c:3f:f2:83:9f:dc:d2:f8:e5:e8:79:0c:ca:
         2d:79:2d:89:75:63:46:66:a4:33:e7:a4:1b:a6:33:6e:17:f8:
         11:04:53:0e:4c:a8:1e:34:69:a1:05:0d:dc:81:8f:6d:21:3f:
         48:de:a5:4b:02:6a:c4:2f:e6:a9:46:5b:a2:b7:a8:13:b1:ec:
         37:9b:ba:95:c3:c3:18:b6:e2:a8:80:f8:c8:74:6e:fa:1a:fa:
         4a:46:d4:0b:f8:36:7d:ce:50:15:29:ae:2d:26:1b:d2:56:d1:
         26:94:a1:d0:b7:4d:13:1c:0d:f1:66:b6:16:ba:81:7e:10:76:
         72:bf:25:bf:84:64:e0:4f:ab:05:e8:db:e5:fa:aa:3c:2e:07:
         8d:5c:e0:95:7f:0e:bf:e8:f2:14:4c:29:a1:73:11:74:2c:21:
         07:a5:b3:c1:89:ab:53:b0:57:a5:72:25:84:d2:48:3e:05:29:
         a1:fb:2d:9a:b0:51:0b:4f:6c:6a:c1:19:4d:b6:b2:ce:02:5d:
         27:47:4d:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDuGEaeLIPlJaXybm7XpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwMTAxMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGQxZjJjOTcyMjY3ZTk0Y2M1YmJkNjc1MTY3MjFkMDE4ODVlNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXBl8aqLJCwfPMhejMBEn2VBQ5gH
HDBuDvYv/Wg4X7ujnsIvA3YUAf1WSOAXF1K/KVonQr0OB89uF6uGgXhoTuoOw1HE
c4OfJb4CorzeuflekwsffwvU90kX/TnW3iE0b8wn422+DLfoX9sTbVirDy3lJN7Y
C7oZ6jRxAT7qjjbPazzh+k9ua4K+MnKktVW0hhw+IjvkXDqKqXWBxqHm/1wsmwhz
z6TIdIKC2cM5IJQty77eE4ikySvDwkaqS24L29YlEXKyfFEZgcFhPXBTYfQAJu1o
lc+XWqiegFY7nCyWx0tK1jRprXUTw59Id2SVm+19t2SohTe3Ln9AYHgL7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDR8slyJn6UzFu9Z1FnIdAYheV4MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvOE5IeXlYSW1mcFRNVzcxblVXY2gwQmlGNVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zzMA0G
CSqGSIb3DQEBCwUAA4IBAQA4q9sIziygUkmL33Vs2b0286i9BLT7vAlEg8cCRTul
2gcleiTPVKp7GoANIMNNOgUZP1EHc8sRaiq4Apw/8oOf3NL45eh5DMoteS2JdWNG
ZqQz56QbpjNuF/gRBFMOTKgeNGmhBQ3cgY9tIT9I3qVLAmrEL+apRluit6gTsew3
m7qVw8MYtuKogPjIdG76GvpKRtQL+DZ9zlAVKa4tJhvSVtEmlKHQt00THA3xZrYW
uoF+EHZyvyW/hGTgT6sF6Nvl+qo8LgeNXOCVfw6/6PIUTCmhcxF0LCEHpbPBiatT
sFelciWE0kg+BSmh+y2asFELT2xqwRlNtrLOAl0nR01Y
-----END CERTIFICATE-----