Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/LkI2_jzrz48JSbuyIHY-OLACz-k.roa
File:                     LkI2_jzrz48JSbuyIHY-OLACz-k.roa (raw, json)
Hash identifier:          U0xNik7MwQkfjYVr491AYWO12bG/JdScTkXcbqw75b4=
Subject key identifier:   2E:42:36:FE:3C:EB:CF:8F:09:49:BB:B2:20:76:3E:38:B0:02:CF:E9
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019711FE1A83A08C49A7D8F882857E0213E8
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/LkI2_jzrz48JSbuyIHY-OLACz-k.roa
Signing time:             Tue 27 May 2025 13:45:55 +0000
ROA not before:           Tue 27 May 2025 13:45:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.108.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:fe:1a:83:a0:8c:49:a7:d8:f8:82:85:7e:02:13:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: May 27 13:45:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e4236fe3cebcf8f0949bbb220763e38b002cfe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fd:4e:67:99:13:90:39:c2:7f:26:80:34:ec:
                    c6:4e:87:f5:1b:58:e4:cc:18:be:db:33:5b:37:fa:
                    2e:29:b4:6d:8e:6d:34:82:cf:8b:19:63:cb:5f:51:
                    73:e0:26:a6:34:bc:a5:ba:ee:27:b7:24:18:14:4b:
                    cb:55:af:8c:15:de:23:97:ea:2f:ac:99:08:18:65:
                    62:a9:88:e7:28:94:45:f7:70:52:d1:28:a9:51:a7:
                    ca:f8:67:77:04:44:47:99:3f:0f:59:60:3b:89:bb:
                    d5:08:b5:b1:66:f2:f5:9c:b3:8c:08:d6:d8:25:3e:
                    01:2c:c6:4e:4b:65:6f:50:99:b0:b8:dc:2c:a1:a6:
                    58:60:42:63:a1:8a:1d:54:0f:16:f1:ad:ac:d2:49:
                    a6:74:47:ad:8b:43:a9:7e:ca:fc:a0:8e:37:16:80:
                    a1:d3:41:43:d5:32:fd:f6:6b:5b:04:b7:69:47:c7:
                    47:e1:59:34:ce:60:5b:40:e0:e1:08:92:b4:dc:3c:
                    69:e7:54:2d:93:53:ce:a7:f3:18:b9:30:24:48:ea:
                    73:8e:90:a1:0b:65:c4:99:4e:b0:47:55:d4:fa:8b:
                    67:5e:52:2d:e8:35:6d:5a:fd:66:36:e5:b8:ee:a9:
                    0f:55:a6:b4:c7:2f:34:f2:f9:76:54:83:5d:a8:80:
                    0a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:42:36:FE:3C:EB:CF:8F:09:49:BB:B2:20:76:3E:38:B0:02:CF:E9
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/LkI2_jzrz48JSbuyIHY-OLACz-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:8f:a4:b5:78:ee:06:73:da:17:f5:70:cf:29:56:b2:5b:bc:
         b0:23:3f:7d:f8:df:64:95:fb:7a:bb:9e:15:8f:b9:7e:9c:71:
         ca:72:cb:f4:cc:28:df:e9:57:4f:14:1f:79:8b:da:74:54:bc:
         c4:af:1a:46:02:c6:b8:77:e3:6f:16:2b:13:13:7f:68:1a:d3:
         5a:92:59:ac:a4:6c:ea:71:ef:e2:71:10:e8:95:e6:3c:bb:3f:
         df:b9:46:30:37:07:b5:1a:f8:75:9a:50:71:a1:e9:66:7f:78:
         9e:4d:78:d9:dc:4b:b3:cf:9a:2d:ae:21:ee:8f:13:86:d7:84:
         7c:d9:47:4e:cf:81:6f:79:75:14:cf:3a:4a:36:c5:60:b9:6a:
         f5:4f:93:b2:b2:fb:b4:cb:48:5a:3d:c8:44:80:26:36:2e:46:
         48:0c:88:a6:77:35:52:6c:11:4f:7d:15:53:8c:aa:38:76:57:
         21:f6:67:b6:f6:fe:fd:03:51:ab:82:08:26:e7:12:dc:3c:81:
         9b:61:3b:14:e0:40:93:0d:21:ac:d1:2b:8f:f7:28:63:4a:74:
         d5:e8:44:53:9f:08:5c:c9:ed:b7:15:63:a6:34:9d:71:5c:75:
         dc:ab:4b:cc:f9:a0:0d:14:94:62:f1:f4:64:57:f2:b9:27:e6:
         a7:90:bc:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcR/hqDoIxJp9j4goV+AhPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNTI3MTM0NTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQyMzZmZTNjZWJjZjhmMDk0OWJiYjIyMDc2M2UzOGIwMDJjZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv1OZ5kTkDnCfyaANOzGTof1G1jk
zBi+2zNbN/ouKbRtjm00gs+LGWPLX1Fz4CamNLyluu4ntyQYFEvLVa+MFd4jl+ov
rJkIGGViqYjnKJRF93BS0SipUafK+Gd3BERHmT8PWWA7ibvVCLWxZvL1nLOMCNbY
JT4BLMZOS2VvUJmwuNwsoaZYYEJjoYodVA8W8a2s0kmmdEeti0Opfsr8oI43FoCh
00FD1TL99mtbBLdpR8dH4Vk0zmBbQODhCJK03Dxp51Qtk1POp/MYuTAkSOpzjpCh
C2XEmU6wR1XU+otnXlIt6DVtWv1mNuW47qkPVaa0xy808vl2VINdqIAKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5CNv4868+PCUm7siB2PjiwAs/pMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvTGtJMl9qenJ6NDhKU2J1eUlIWS1PTEFDei1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2ztMA0G
CSqGSIb3DQEBCwUAA4IBAQCVj6S1eO4Gc9oX9XDPKVayW7ywIz99+N9klft6u54V
j7l+nHHKcsv0zCjf6VdPFB95i9p0VLzErxpGAsa4d+NvFisTE39oGtNaklmspGzq
ce/icRDoleY8uz/fuUYwNwe1Gvh1mlBxoelmf3ieTXjZ3Euzz5otriHujxOG14R8
2UdOz4FveXUUzzpKNsVguWr1T5Oysvu0y0haPchEgCY2LkZIDIimdzVSbBFPfRVT
jKo4dlch9me29v79A1Grgggm5xLcPIGbYTsU4ECTDSGs0SuP9yhjSnTV6ERTnwhc
ye23FWOmNJ1xXHXcq0vM+aANFJRi8fRkV/K5J+ankLwz
-----END CERTIFICATE-----