Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/RM5CrBqi7H_tUgnV79_PQ7g1mls.roa
File:                     RM5CrBqi7H_tUgnV79_PQ7g1mls.roa (raw, json)
Hash identifier:          8NTSeqb0JLGKK8Az0mjy60k7uBMLt5UGSP9hJaxBsYE=
Subject key identifier:   44:CE:42:AC:1A:A2:EC:7F:ED:52:09:D5:EF:DF:CF:43:B8:35:9A:5B
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019711FE1AD0474518093F85157AD614E48E
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/RM5CrBqi7H_tUgnV79_PQ7g1mls.roa
Signing time:             Tue 27 May 2025 13:45:55 +0000
ROA not before:           Tue 27 May 2025 13:45:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52041
IP address blocks:        91.108.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:fe:1a:d0:47:45:18:09:3f:85:15:7a:d6:14:e4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: May 27 13:45:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44ce42ac1aa2ec7fed5209d5efdfcf43b8359a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7a:95:fc:8b:af:84:84:4c:8e:6c:4f:de:7a:
                    b7:76:05:ec:de:a1:f4:68:dc:25:be:a9:8c:66:5f:
                    80:9a:a4:be:42:c0:76:2b:af:37:bd:5a:d4:bb:d0:
                    8a:45:05:4a:83:02:06:61:41:3b:9c:1f:73:9c:28:
                    65:ec:3e:10:dd:55:0d:35:25:b4:8f:3c:23:a3:eb:
                    30:15:aa:3b:41:2b:37:eb:80:31:b3:90:54:c5:c2:
                    49:c9:11:f7:74:a3:da:fa:e2:37:5e:07:de:5d:6c:
                    12:10:cc:98:30:73:82:98:e8:86:d2:b8:c6:cd:0a:
                    6f:77:2c:7b:a8:2d:5a:e1:12:f9:8d:f3:13:6e:b5:
                    42:99:77:fd:74:9a:67:32:eb:ee:f6:f7:01:f5:23:
                    ea:69:ad:6d:07:6f:06:d6:83:3e:82:60:4f:a1:25:
                    91:6b:e0:15:3d:b5:f7:1b:08:91:e6:c5:b7:f7:82:
                    09:1d:5f:43:78:d8:d7:da:13:84:31:82:f6:2b:e5:
                    6b:88:f3:fd:14:7b:04:e0:46:6c:73:64:a9:f3:3f:
                    4f:15:f4:99:0e:1f:44:3e:74:89:01:51:a8:f3:e6:
                    02:d5:01:c5:ee:a5:4d:00:3b:93:c8:bb:da:c2:a0:
                    56:2d:24:d9:90:3c:c0:1b:ce:12:37:c6:c0:39:c3:
                    c5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CE:42:AC:1A:A2:EC:7F:ED:52:09:D5:EF:DF:CF:43:B8:35:9A:5B
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/RM5CrBqi7H_tUgnV79_PQ7g1mls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:0f:47:a9:73:97:e8:59:fd:fa:57:11:b6:23:5d:24:45:08:
         62:6c:61:31:c3:f2:69:88:0f:e1:0b:65:b2:ee:81:eb:3b:7e:
         73:b6:04:6d:73:16:d4:86:e9:77:53:a0:03:d7:e7:2b:b8:a0:
         29:e6:03:67:c0:32:b1:6c:e5:9a:ca:ae:f6:46:02:7d:c9:5f:
         10:4b:0c:cb:ad:0b:47:e3:80:7a:3b:0c:33:cb:e7:74:c3:3d:
         41:0c:08:99:75:a5:e5:c7:db:91:af:31:0c:45:95:1d:6c:44:
         39:e9:94:21:12:4c:2f:8d:3a:7b:3d:dd:79:cc:5e:28:7c:a0:
         32:0d:f3:3e:e5:04:22:36:a1:1c:90:4e:d3:de:0c:79:4a:fc:
         a7:ba:3a:1f:c0:7e:ad:5d:31:d3:aa:ef:ec:b2:6b:06:ae:5c:
         be:24:39:77:cf:76:72:45:68:ea:dc:8a:ff:44:88:60:64:d0:
         2c:58:00:8e:16:f3:7a:08:af:39:51:18:22:ea:cd:a8:c3:6e:
         12:d1:2c:94:54:d5:61:d8:fa:12:a5:9e:c8:df:84:9c:ba:90:
         53:8e:60:0c:50:34:6b:11:a1:70:57:1b:ae:df:d3:d7:fd:78:
         6a:e9:e6:a5:23:34:46:6d:ad:b8:d0:10:70:67:f2:0a:81:1a:
         dc:dc:d6:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcR/hrQR0UYCT+FFXrWFOSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNTI3MTM0NTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNlNDJhYzFhYTJlYzdmZWQ1MjA5ZDVlZmRmY2Y0M2I4MzU5YTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHqV/IuvhIRMjmxP3nq3dgXs3qH0
aNwlvqmMZl+AmqS+QsB2K683vVrUu9CKRQVKgwIGYUE7nB9znChl7D4Q3VUNNSW0
jzwjo+swFao7QSs364Axs5BUxcJJyRH3dKPa+uI3XgfeXWwSEMyYMHOCmOiG0rjG
zQpvdyx7qC1a4RL5jfMTbrVCmXf9dJpnMuvu9vcB9SPqaa1tB28G1oM+gmBPoSWR
a+AVPbX3GwiR5sW394IJHV9DeNjX2hOEMYL2K+VriPP9FHsE4EZsc2Sp8z9PFfSZ
Dh9EPnSJAVGo8+YC1QHF7qVNADuTyLvawqBWLSTZkDzAG84SN8bAOcPFjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETOQqwaoux/7VIJ1e/fz0O4NZpbMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvUk01Q3JCcWk3SF90VWduVjc5X1BRN2cxbWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zhMA0G
CSqGSIb3DQEBCwUAA4IBAQCfD0epc5foWf36VxG2I10kRQhibGExw/JpiA/hC2Wy
7oHrO35ztgRtcxbUhul3U6AD1+cruKAp5gNnwDKxbOWayq72RgJ9yV8QSwzLrQtH
44B6Owwzy+d0wz1BDAiZdaXlx9uRrzEMRZUdbEQ56ZQhEkwvjTp7Pd15zF4ofKAy
DfM+5QQiNqEckE7T3gx5SvynujofwH6tXTHTqu/ssmsGrly+JDl3z3ZyRWjq3Ir/
RIhgZNAsWACOFvN6CK85URgi6s2ow24S0SyUVNVh2PoSpZ7I34ScupBTjmAMUDRr
EaFwVxuu39PX/Xhq6ealIzRGba240BBwZ/IKgRrc3NYo
-----END CERTIFICATE-----