Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Ho010-5FAsL0AW4rW7aJrqoW8g0.roa
File:                     Ho010-5FAsL0AW4rW7aJrqoW8g0.roa (raw, json)
Hash identifier:          RfaotJrye6UjauxHRFgmD8eKhZyY9JvJ6MfjuA1zSxA=
Subject key identifier:   1E:8D:35:D3:EE:45:02:C2:F4:01:6E:2B:5B:B6:89:AE:AA:16:F2:0D
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019928FCDC27CEF061854DFE8542D2785065
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Ho010-5FAsL0AW4rW7aJrqoW8g0.roa
Signing time:             Mon 08 Sep 2025 11:01:23 +0000
ROA not before:           Mon 08 Sep 2025 11:01:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.108.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:fc:dc:27:ce:f0:61:85:4d:fe:85:42:d2:78:50:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Sep  8 11:01:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e8d35d3ee4502c2f4016e2b5bb689aeaa16f20d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:66:3f:00:ab:b1:53:cd:3e:68:41:26:7e:c5:
                    e6:af:3d:38:fe:b6:4f:18:d6:eb:ea:0f:49:e0:d3:
                    76:86:7a:7b:5e:9c:df:47:7b:2b:0e:25:e2:8b:91:
                    d7:da:f9:a0:91:e8:67:d1:1c:b5:2f:31:c8:13:88:
                    8d:a0:e5:5c:98:2e:4a:cf:19:3c:a6:0c:e4:cd:1c:
                    0d:c2:26:a6:ef:6f:3d:da:70:00:5f:e5:97:29:39:
                    8c:2c:dd:3a:53:e7:9e:93:c9:e5:a8:4f:04:12:ea:
                    c8:62:f8:cd:f2:69:a9:5c:3b:31:40:09:c3:2d:9b:
                    50:81:03:2a:1f:9e:fb:75:6e:04:a6:0a:81:83:5d:
                    9d:c9:87:69:97:02:3a:95:98:4d:a7:18:ad:13:46:
                    76:35:d0:fe:89:f4:52:b8:8f:91:44:e9:7e:b3:45:
                    98:63:7b:ce:43:69:e1:4a:49:cb:33:2d:7b:6c:a8:
                    2b:ff:2f:d3:92:2a:d6:87:ec:f3:60:53:ed:38:58:
                    2f:e2:12:fe:59:c5:92:75:57:a1:79:2d:b7:f8:1c:
                    86:aa:a8:9d:81:43:20:ee:12:e4:70:2e:9e:36:ee:
                    92:82:a8:45:c9:2c:18:9b:59:19:12:26:53:fb:71:
                    f8:d8:0e:19:2f:31:95:e9:dc:07:72:22:fc:ac:c3:
                    a7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8D:35:D3:EE:45:02:C2:F4:01:6E:2B:5B:B6:89:AE:AA:16:F2:0D
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/Ho010-5FAsL0AW4rW7aJrqoW8g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:7d:84:d5:ae:08:08:41:95:6f:aa:af:48:84:e1:d4:58:1c:
         22:23:2a:70:8f:a9:c6:5d:c4:d7:90:82:fa:e1:e4:24:b9:c1:
         cc:11:25:e2:61:b4:d0:92:5d:95:d4:8e:1f:53:50:fb:33:7e:
         0d:d1:48:89:da:13:b7:de:2c:2d:89:ca:2f:17:5c:53:05:55:
         c0:76:6e:de:11:a0:53:e7:a2:fa:7b:c2:ab:a5:21:70:8d:53:
         2c:b6:fb:41:72:8c:24:8b:77:0b:71:39:25:34:1e:ec:60:0b:
         49:29:12:ec:86:3a:b4:8b:fd:d9:ba:66:ed:8f:34:05:a2:90:
         30:25:f2:f8:8d:af:04:a2:dd:24:64:16:09:3a:bb:6c:39:08:
         33:b4:7b:72:37:e9:64:fc:e9:15:88:63:2b:9e:b6:3d:eb:e8:
         6c:61:85:f3:ba:22:8d:4c:77:94:91:f7:92:b6:92:0b:36:f3:
         14:5f:a1:3f:46:7c:e6:73:2a:98:fd:ea:6e:c2:0e:a5:90:88:
         19:b5:f6:f5:68:81:d2:77:2f:17:ba:99:f1:08:9f:0b:c8:90:
         40:4b:29:40:65:a2:87:67:e8:36:ae:58:09:19:83:2f:d4:fb:
         d3:c6:8c:5c:56:43:22:98:7b:04:9b:ac:00:9b:f0:25:71:ec:
         42:88:c2:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZko/NwnzvBhhU3+hULSeFBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwOTA4MTEwMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThkMzVkM2VlNDUwMmMyZjQwMTZlMmI1YmI2ODlhZWFhMTZmMjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2Y/AKuxU80+aEEmfsXmrz04/rZP
GNbr6g9J4NN2hnp7XpzfR3srDiXii5HX2vmgkehn0Ry1LzHIE4iNoOVcmC5Kzxk8
pgzkzRwNwiam72892nAAX+WXKTmMLN06U+eek8nlqE8EEurIYvjN8mmpXDsxQAnD
LZtQgQMqH577dW4EpgqBg12dyYdplwI6lZhNpxitE0Z2NdD+ifRSuI+RROl+s0WY
Y3vOQ2nhSknLMy17bKgr/y/TkirWh+zzYFPtOFgv4hL+WcWSdVeheS23+ByGqqid
gUMg7hLkcC6eNu6SgqhFySwYm1kZEiZT+3H42A4ZLzGV6dwHciL8rMOn3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6NNdPuRQLC9AFuK1u2ia6qFvINMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvSG8wMTAtNUZBc0wwQVc0clc3YUpycW9XOGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2ztMA0G
CSqGSIb3DQEBCwUAA4IBAQBdfYTVrggIQZVvqq9IhOHUWBwiIypwj6nGXcTXkIL6
4eQkucHMESXiYbTQkl2V1I4fU1D7M34N0UiJ2hO33iwticovF1xTBVXAdm7eEaBT
56L6e8KrpSFwjVMstvtBcowki3cLcTklNB7sYAtJKRLshjq0i/3ZumbtjzQFopAw
JfL4ja8Eot0kZBYJOrtsOQgztHtyN+lk/OkViGMrnrY96+hsYYXzuiKNTHeUkfeS
tpILNvMUX6E/RnzmcyqY/epuwg6lkIgZtfb1aIHSdy8XupnxCJ8LyJBASylAZaKH
Z+g2rlgJGYMv1PvTxoxcVkMimHsEm6wAm/AlcexCiMKG
-----END CERTIFICATE-----