Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iKcwhnEN10fRYRRzzUNUhLbzgII.roa
File:                     iKcwhnEN10fRYRRzzUNUhLbzgII.roa (raw, json)
Hash identifier:          8XbU5xfN398bTFEwcsbwpEuYyx6/DG2cMnShSgvLAsw=
Subject key identifier:   88:A7:30:86:71:0D:D7:47:D1:61:14:73:CD:43:54:84:B6:F3:80:82
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0194FA242DD2CE957842F8CDAEB0E9757D84
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iKcwhnEN10fRYRRzzUNUhLbzgII.roa
Signing time:             Wed 12 Feb 2025 12:31:02 +0000
ROA not before:           Wed 12 Feb 2025 12:31:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        91.108.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:24:2d:d2:ce:95:78:42:f8:cd:ae:b0:e9:75:7d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Feb 12 12:31:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88a73086710dd747d1611473cd435484b6f38082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:ba:fb:1d:b1:cb:f3:26:f2:72:e6:08:41:
                    97:93:16:ef:04:8a:90:23:b2:10:dd:d6:f9:b4:86:
                    9f:d9:34:04:56:34:35:81:89:57:09:a0:b9:a9:80:
                    91:8f:f5:b9:95:9a:8a:f1:95:e2:c7:50:f9:d7:be:
                    68:68:bc:cc:33:39:a5:7b:2a:31:0a:d6:03:df:34:
                    f3:ac:ec:ab:60:fd:9f:2b:7b:9f:be:a4:bd:3e:32:
                    1c:88:82:e4:04:f6:2c:7b:b5:58:ac:09:1f:46:32:
                    ae:ad:2a:66:86:b5:0d:92:61:3e:03:1b:33:1e:59:
                    01:22:3d:2e:3a:b3:4e:28:bf:8a:83:8d:a3:f4:09:
                    0c:5a:53:55:40:f8:bb:8e:d8:88:93:fb:34:7d:c8:
                    b8:ac:a0:52:a2:2e:0a:3b:8f:a0:0c:b8:32:b6:bb:
                    5d:bf:d0:3d:f7:e7:93:37:9b:de:d0:f9:54:52:3d:
                    a6:e6:69:d9:2e:21:06:ce:c5:65:8a:95:f3:d7:a5:
                    20:c1:72:04:1c:b0:b3:f9:59:b7:f2:33:53:08:40:
                    35:88:9e:d1:78:49:1f:8c:89:05:2e:00:0d:77:41:
                    32:5f:30:e0:57:fd:3c:2c:55:86:c0:3f:b1:74:6c:
                    bd:2e:ec:e5:b8:c3:2e:be:d5:ed:d0:38:9b:7b:96:
                    6a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A7:30:86:71:0D:D7:47:D1:61:14:73:CD:43:54:84:B6:F3:80:82
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iKcwhnEN10fRYRRzzUNUhLbzgII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d9:ba:02:83:76:fa:7e:5e:11:58:f9:65:f6:c2:8e:ef:32:
         b3:03:e2:09:77:1d:5a:81:85:95:4e:8c:9a:1d:0a:41:28:72:
         ee:76:de:d3:ca:25:a5:49:f7:73:9c:aa:81:5b:04:2a:12:2a:
         a5:11:70:0c:bd:b3:19:a1:a5:54:7c:5f:cd:46:28:ff:52:de:
         70:90:f8:9e:14:64:b8:0b:43:66:b5:8e:c4:6a:60:83:97:cc:
         e0:da:55:d1:5a:3e:05:5e:f2:d3:60:f0:41:98:f4:0d:ce:91:
         40:f9:c4:51:fe:98:f2:fa:23:2b:8c:50:ae:f3:86:9f:d7:4b:
         16:08:34:00:2c:c5:8b:67:d6:e1:8a:17:01:f2:3c:b5:40:0c:
         37:41:3e:dd:0a:c1:05:8d:c2:7a:35:11:ec:42:6a:08:16:50:
         c9:11:21:4e:35:e7:35:91:0a:2f:83:2f:b4:71:4b:d0:5b:e1:
         92:3e:ea:1d:8f:05:20:41:af:b0:d2:ef:a6:ba:e2:c4:b8:91:
         97:a8:0a:09:a2:45:3d:32:fa:65:14:94:2a:31:8e:59:d5:7e:
         84:8a:77:a0:4a:71:dd:f5:bd:90:52:f2:37:d1:fc:33:0d:b4:
         0d:53:01:4d:7c:91:54:6b:5e:12:ac:18:6c:ad:6f:bd:00:a3:
         a7:be:8f:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT6JC3SzpV4QvjNrrDpdX2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwMjEyMTIzMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE3MzA4NjcxMGRkNzQ3ZDE2MTE0NzNjZDQzNTQ4NGI2ZjM4MDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthy6+x2xy/Mm8nLmCEGXkxbvBIqQ
I7IQ3db5tIaf2TQEVjQ1gYlXCaC5qYCRj/W5lZqK8ZXix1D5175oaLzMMzmleyox
CtYD3zTzrOyrYP2fK3ufvqS9PjIciILkBPYse7VYrAkfRjKurSpmhrUNkmE+Axsz
HlkBIj0uOrNOKL+Kg42j9AkMWlNVQPi7jtiIk/s0fci4rKBSoi4KO4+gDLgytrtd
v9A99+eTN5ve0PlUUj2m5mnZLiEGzsVlipXz16UgwXIEHLCz+Vm38jNTCEA1iJ7R
eEkfjIkFLgANd0EyXzDgV/08LFWGwD+xdGy9LuzluMMuvtXt0Dibe5ZqhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIinMIZxDddH0WEUc81DVIS284CCMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvaUtjd2huRU4xMGZSWVJSenpVTlVoTGJ6Z0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zyMA0G
CSqGSIb3DQEBCwUAA4IBAQCa2boCg3b6fl4RWPll9sKO7zKzA+IJdx1agYWVToya
HQpBKHLudt7TyiWlSfdznKqBWwQqEiqlEXAMvbMZoaVUfF/NRij/Ut5wkPieFGS4
C0NmtY7EamCDl8zg2lXRWj4FXvLTYPBBmPQNzpFA+cRR/pjy+iMrjFCu84af10sW
CDQALMWLZ9bhihcB8jy1QAw3QT7dCsEFjcJ6NRHsQmoIFlDJESFONec1kQovgy+0
cUvQW+GSPuodjwUgQa+w0u+muuLEuJGXqAoJokU9MvplFJQqMY5Z1X6EinegSnHd
9b2QUvI30fwzDbQNUwFNfJFUa14SrBhsrW+9AKOnvo+x
-----END CERTIFICATE-----