Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YXrkhJ13RpvqVAVobUQ7yXKMBBc.roa
File:                     YXrkhJ13RpvqVAVobUQ7yXKMBBc.roa (raw, json)
Hash identifier:          8THwiLEj/fYBRk5WWObChdcRQ/rRMuNzgZmYqUhT/1g=
Subject key identifier:   61:7A:E4:84:9D:77:46:9B:EA:54:05:68:6D:44:3B:C9:72:8C:04:17
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       01953D5C6EF7532B1E3A6480D9178991E9B5
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YXrkhJ13RpvqVAVobUQ7yXKMBBc.roa
Signing time:             Tue 25 Feb 2025 13:47:02 +0000
ROA not before:           Tue 25 Feb 2025 13:47:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        91.108.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:5c:6e:f7:53:2b:1e:3a:64:80:d9:17:89:91:e9:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Feb 25 13:47:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=617ae4849d77469bea5405686d443bc9728c0417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:f8:63:ab:ba:8d:fa:77:4e:d8:f1:50:f9:
                    c7:4a:65:96:f5:b8:d8:09:11:39:6d:6a:09:46:76:
                    9c:97:a7:ae:cb:e1:b1:7a:9a:9d:be:6f:d8:69:f2:
                    a1:05:0a:92:c8:aa:77:45:d9:1e:12:3e:02:06:11:
                    38:ee:e3:9c:21:25:3c:52:b7:23:48:c0:b8:37:71:
                    83:88:6d:01:bd:1e:6a:20:fd:a9:17:da:11:20:5e:
                    1b:57:1e:e5:c2:63:cd:84:81:1d:8d:3f:25:e1:44:
                    4d:8a:d9:05:b1:07:bc:86:fb:cf:ed:ab:11:62:6a:
                    b6:6f:5f:da:d2:f5:18:0f:82:f9:ca:f6:af:2e:7b:
                    a0:e3:68:89:18:d1:35:85:02:bd:97:88:10:c9:3c:
                    b8:f3:83:e7:9c:e7:31:ec:dc:a4:fa:80:21:e0:d9:
                    bd:87:02:6b:10:89:83:18:19:7a:9b:d7:05:ea:46:
                    0b:26:c1:bc:d7:4c:b8:5c:db:e8:ad:56:a7:87:0a:
                    d9:b4:5d:1d:c9:2e:61:ee:d4:69:a3:3b:1e:5f:40:
                    dd:6c:93:8f:d7:a0:65:cd:95:c2:1f:99:15:bf:5b:
                    53:de:ad:4e:93:5b:60:92:00:4b:9e:61:ae:1a:42:
                    78:0e:0e:9c:b5:96:01:ed:2c:fb:a6:f9:09:22:aa:
                    32:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:7A:E4:84:9D:77:46:9B:EA:54:05:68:6D:44:3B:C9:72:8C:04:17
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YXrkhJ13RpvqVAVobUQ7yXKMBBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:47:d2:d5:0c:6f:4b:4a:77:aa:8e:3e:5e:96:e0:d3:0f:81:
         c9:81:dd:52:1b:03:84:21:2a:91:e6:c4:84:35:5a:ea:de:2f:
         df:b3:67:ae:13:09:e3:ce:c1:23:69:de:c3:c9:a8:1e:a2:5d:
         a2:7b:39:f6:ab:b4:51:61:13:4b:45:c0:64:4a:22:e2:20:3b:
         28:e1:ce:c2:c7:36:42:a1:28:5d:68:41:89:6a:cc:f5:5c:05:
         5e:ea:95:40:9e:98:af:b2:ba:a0:44:20:87:c7:62:5d:91:7e:
         d9:0c:01:ae:33:df:25:ee:18:d3:a7:cd:ee:20:1c:18:42:68:
         b4:1d:af:67:d4:f1:3c:44:fa:22:63:22:8e:d3:63:cc:89:62:
         d9:79:05:84:4f:49:6d:aa:3e:20:19:9b:ea:42:ca:cc:fa:2c:
         8d:f9:4f:a8:57:b3:de:15:63:b5:ff:2b:b2:4b:b9:d3:fe:62:
         bc:82:16:3d:ec:bd:30:04:50:b5:2a:74:d0:0f:37:92:0d:2f:
         5f:e0:3f:06:da:89:dd:fd:30:be:6d:d7:2e:a8:95:fc:86:a4:
         e6:22:75:91:7d:3a:fb:37:b6:6d:a1:bb:8d:65:44:ba:79:76:
         39:4d:55:e2:c4:6b:45:ec:50:28:be:47:14:eb:44:f2:18:b4:
         9f:99:7b:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU9XG73UyseOmSA2ReJkem1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwMjI1MTM0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTdhZTQ4NDlkNzc0NjliZWE1NDA1Njg2ZDQ0M2JjOTcyOGMwNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujH4Y6u6jfp3TtjxUPnHSmWW9bjY
CRE5bWoJRnacl6euy+Gxepqdvm/YafKhBQqSyKp3RdkeEj4CBhE47uOcISU8Urcj
SMC4N3GDiG0BvR5qIP2pF9oRIF4bVx7lwmPNhIEdjT8l4URNitkFsQe8hvvP7asR
Ymq2b1/a0vUYD4L5yvavLnug42iJGNE1hQK9l4gQyTy484PnnOcx7Nyk+oAh4Nm9
hwJrEImDGBl6m9cF6kYLJsG810y4XNvorVanhwrZtF0dyS5h7tRpozseX0DdbJOP
16BlzZXCH5kVv1tT3q1Ok1tgkgBLnmGuGkJ4Dg6ctZYB7Sz7pvkJIqoyvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGF65ISdd0ab6lQFaG1EO8lyjAQXMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvWVhya2hKMTNScHZxVkFWb2JVUTd5WEtNQkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zhMA0G
CSqGSIb3DQEBCwUAA4IBAQBpR9LVDG9LSneqjj5eluDTD4HJgd1SGwOEISqR5sSE
NVrq3i/fs2euEwnjzsEjad7Dyageol2iezn2q7RRYRNLRcBkSiLiIDso4c7CxzZC
oShdaEGJasz1XAVe6pVAnpivsrqgRCCHx2JdkX7ZDAGuM98l7hjTp83uIBwYQmi0
Ha9n1PE8RPoiYyKO02PMiWLZeQWET0ltqj4gGZvqQsrM+iyN+U+oV7PeFWO1/yuy
S7nT/mK8ghY97L0wBFC1KnTQDzeSDS9f4D8G2ond/TC+bdcuqJX8hqTmInWRfTr7
N7ZtobuNZUS6eXY5TVXixGtF7FAovkcU60TyGLSfmXvd
-----END CERTIFICATE-----