Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/c1HB871IulodBNB5jT5a8gJojE4.roa
File:                     c1HB871IulodBNB5jT5a8gJojE4.roa (raw, json)
Hash identifier:          yFZU/tBG7KcoJ2NsyL6poPLEmhca2RpkmjPZvxgqA6I=
Subject key identifier:   73:51:C1:F3:BD:48:BA:5A:1D:04:D0:79:8D:3E:5A:F2:02:68:8C:4E
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0192665EE7BE5154556E4C139021B431906C
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/c1HB871IulodBNB5jT5a8gJojE4.roa
Signing time:             Mon 07 Oct 2024 09:45:48 +0000
ROA not before:           Mon 07 Oct 2024 09:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        91.108.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:5e:e7:be:51:54:55:6e:4c:13:90:21:b4:31:90:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Oct  7 09:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7351c1f3bd48ba5a1d04d0798d3e5af202688c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a1:cb:1a:42:e8:9f:a8:96:4a:80:54:25:86:
                    90:32:07:c9:3b:59:fe:78:2d:84:2b:d9:36:18:95:
                    44:5a:43:b1:67:ab:03:51:b7:51:19:54:48:81:7d:
                    40:3f:87:2b:c5:8e:57:b2:f3:80:45:d0:75:33:65:
                    4a:12:d3:cb:95:47:12:50:fc:0f:11:30:03:2c:aa:
                    9c:b4:c4:11:42:57:cb:fa:e1:05:8d:08:bb:eb:14:
                    ef:3f:d2:de:10:12:45:5b:b7:3c:d1:ae:a4:5c:66:
                    18:31:88:34:0e:de:54:74:7d:9b:ec:0a:dd:ca:4a:
                    26:cd:fb:9f:e3:12:94:1e:5d:73:af:02:c6:73:02:
                    48:d6:c4:2b:38:cb:47:cd:8e:18:9e:52:c9:98:a7:
                    e8:4f:e8:ad:bf:5d:d3:72:39:96:f0:45:cd:13:32:
                    cd:c5:81:72:ed:98:6f:b0:cd:d6:b5:d9:07:fd:cd:
                    8d:aa:03:b4:d9:7b:e7:90:d8:5b:5c:8b:91:15:3d:
                    80:36:4f:ec:cd:57:de:30:ee:50:a1:f3:5f:3b:44:
                    70:c0:ca:cc:8a:38:93:f9:c8:49:bf:17:55:e9:7a:
                    c4:fc:81:16:d3:43:a6:30:fd:01:57:3d:d7:22:5d:
                    f4:bb:34:99:2c:f2:f5:73:d8:16:ac:08:57:22:15:
                    f8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:51:C1:F3:BD:48:BA:5A:1D:04:D0:79:8D:3E:5A:F2:02:68:8C:4E
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/c1HB871IulodBNB5jT5a8gJojE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:26:d4:2b:d3:d9:fd:9f:10:32:b6:ef:4c:44:26:79:40:4f:
         57:fc:5a:6e:69:de:94:0e:44:df:b5:1f:74:29:68:d4:f0:16:
         4f:85:21:5a:7d:50:be:4a:c7:5d:84:c6:98:d3:ba:e8:62:1a:
         91:3a:61:64:6f:3f:78:ce:18:9e:f8:64:c1:35:09:15:d0:05:
         04:b9:c9:b4:7e:79:78:c7:e8:4c:06:c0:84:4d:6e:1e:e6:b1:
         82:db:40:c6:6d:3c:e0:1b:74:6b:b2:86:00:36:2d:62:1e:e8:
         5c:29:49:fe:95:cf:dc:7b:61:d4:3a:76:e0:dd:fb:da:37:cf:
         9d:25:ca:d5:09:f0:39:35:10:fe:3b:99:34:ad:b5:61:91:68:
         3a:34:30:92:c2:3d:36:31:68:83:2b:16:a0:5f:83:aa:98:5a:
         c9:d2:db:28:e3:ce:bf:82:c0:1d:29:fe:5c:a9:c1:93:c2:72:
         86:5a:28:31:f0:59:c7:28:4c:e2:1a:4b:74:10:fe:3c:c3:a4:
         af:0c:f3:ab:40:7d:64:7f:7e:e2:db:0c:be:39:5f:cd:81:78:
         84:f0:6e:7c:c8:1a:5a:0e:87:b6:a9:f0:82:5e:f7:08:98:d7:
         3f:c4:50:26:64:1b:b4:35:c1:84:6d:e6:c3:35:88:25:08:29:
         ad:c8:6c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJmXue+UVRVbkwTkCG0MZBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjQxMDA3MDk0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzUxYzFmM2JkNDhiYTVhMWQwNGQwNzk4ZDNlNWFmMjAyNjg4YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaHLGkLon6iWSoBUJYaQMgfJO1n+
eC2EK9k2GJVEWkOxZ6sDUbdRGVRIgX1AP4crxY5XsvOARdB1M2VKEtPLlUcSUPwP
ETADLKqctMQRQlfL+uEFjQi76xTvP9LeEBJFW7c80a6kXGYYMYg0Dt5UdH2b7Ard
ykomzfuf4xKUHl1zrwLGcwJI1sQrOMtHzY4YnlLJmKfoT+itv13TcjmW8EXNEzLN
xYFy7ZhvsM3WtdkH/c2NqgO02XvnkNhbXIuRFT2ANk/szVfeMO5QofNfO0RwwMrM
ijiT+chJvxdV6XrE/IEW00OmMP0BVz3XIl30uzSZLPL1c9gWrAhXIhX4UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNRwfO9SLpaHQTQeY0+WvICaIxOMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvYzFIQjg3MUl1bG9kQk5CNWpUNWE4Z0pvakU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zyMA0G
CSqGSIb3DQEBCwUAA4IBAQAsJtQr09n9nxAytu9MRCZ5QE9X/Fpuad6UDkTftR90
KWjU8BZPhSFafVC+SsddhMaY07roYhqROmFkbz94zhie+GTBNQkV0AUEucm0fnl4
x+hMBsCETW4e5rGC20DGbTzgG3RrsoYANi1iHuhcKUn+lc/ce2HUOnbg3fvaN8+d
JcrVCfA5NRD+O5k0rbVhkWg6NDCSwj02MWiDKxagX4OqmFrJ0tso486/gsAdKf5c
qcGTwnKGWigx8FnHKEziGkt0EP48w6SvDPOrQH1kf37i2wy+OV/NgXiE8G58yBpa
Doe2qfCCXvcImNc/xFAmZBu0NcGEbebDNYglCCmtyGx+
-----END CERTIFICATE-----