Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/r_C_yEYdXajmjU26UlQ7sUYnfmw.roa
File:                     r_C_yEYdXajmjU26UlQ7sUYnfmw.roa (raw, json)
Hash identifier:          tw0EYRutLSv1boDMwj3xDSrfMVRJl9h4wYKzDg43U68=
Subject key identifier:   AF:F0:BF:C8:46:1D:5D:A8:E6:8D:4D:BA:52:54:3B:B1:46:27:7E:6C
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019291C1371D2CD04651E0CA78B09665173E
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/r_C_yEYdXajmjU26UlQ7sUYnfmw.roa
Signing time:             Tue 15 Oct 2024 19:56:51 +0000
ROA not before:           Tue 15 Oct 2024 19:56:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        91.108.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:91:c1:37:1d:2c:d0:46:51:e0:ca:78:b0:96:65:17:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Oct 15 19:56:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aff0bfc8461d5da8e68d4dba52543bb146277e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:61:42:0c:ad:bb:54:00:74:75:af:01:51:d2:
                    37:3c:81:af:b7:05:22:42:cb:2b:5e:36:59:9e:45:
                    49:b3:3e:cf:2e:1c:fe:9a:90:57:1e:84:49:4e:49:
                    88:90:43:9d:f1:eb:2a:59:da:7f:2e:9e:07:fa:13:
                    82:bd:93:b9:76:17:a9:58:8f:cd:4f:fd:f6:a1:60:
                    5b:c3:2b:1f:b8:f8:0f:3f:9b:f1:46:13:3d:34:85:
                    18:54:f3:91:ea:9b:81:30:27:0d:d2:6a:63:7e:f3:
                    10:66:c0:63:9d:56:81:3b:c3:cc:1f:a2:f2:ba:49:
                    15:1e:1c:16:9b:d8:e3:45:e2:bd:d6:86:29:c5:e5:
                    a4:92:e4:5a:e0:d5:40:56:27:a2:e8:1e:c8:0f:b3:
                    e3:6a:e8:2b:81:33:d3:b2:2d:d5:9b:b7:0a:6c:e9:
                    c2:b1:9e:57:d4:42:f4:fb:8e:92:31:e1:9d:ac:57:
                    b9:72:4b:14:cb:47:6f:f3:98:a0:b6:38:3f:59:61:
                    52:78:9f:c8:4c:cf:cb:50:ab:c4:e1:c5:44:4d:6c:
                    02:54:c3:6c:75:36:cf:ce:58:5f:1b:63:3a:5f:78:
                    42:70:f6:07:97:7b:ff:92:0c:cf:7b:4a:4f:3d:db:
                    05:13:74:09:45:98:c6:af:eb:02:a7:55:f2:f5:57:
                    f7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F0:BF:C8:46:1D:5D:A8:E6:8D:4D:BA:52:54:3B:B1:46:27:7E:6C
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/r_C_yEYdXajmjU26UlQ7sUYnfmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:6c:88:fb:09:89:23:4a:f0:58:a1:71:ea:69:eb:fc:f4:92:
         4d:5e:f7:84:b7:5d:56:08:b0:80:2d:7e:4f:37:c1:b9:85:a3:
         57:b6:0d:ff:e7:37:85:fd:a2:1b:25:52:1b:89:d2:bd:b5:dc:
         cc:ab:93:0c:f3:af:d5:2d:dc:38:c9:21:ab:8e:f2:c4:22:ba:
         e8:bc:21:5a:a7:7a:9d:76:8a:22:d8:e7:f6:cb:13:02:80:69:
         1c:b2:b8:7d:24:76:65:d8:64:5e:1f:bf:d9:f0:71:a8:30:76:
         4c:2f:19:c2:49:d6:1f:72:37:da:16:d7:4c:47:55:1c:74:66:
         15:10:f6:42:7f:4b:8c:64:03:4e:1b:0c:83:81:97:1f:de:ea:
         58:47:cf:b7:41:b2:6d:83:ce:95:81:9e:d9:53:e0:35:6a:dd:
         9f:7d:d5:c7:c9:32:59:66:27:a3:fe:25:7b:10:1e:c1:76:10:
         34:89:6a:ef:77:34:9f:35:93:4d:a6:b8:83:2c:91:06:82:fa:
         7c:7b:7b:86:b1:dd:12:57:84:21:36:4f:87:c7:36:3d:b3:a4:
         aa:34:4c:ac:fa:b3:e0:74:b4:27:e9:12:d9:0d:4d:a2:f1:b9:
         18:02:98:1e:b7:2d:49:5b:33:3f:48:66:bf:bd:53:a5:f1:e9:
         2b:f6:e6:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKRwTcdLNBGUeDKeLCWZRc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjQxMDE1MTk1NjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmYwYmZjODQ2MWQ1ZGE4ZTY4ZDRkYmE1MjU0M2JiMTQ2Mjc3ZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7mFCDK27VAB0da8BUdI3PIGvtwUi
QssrXjZZnkVJsz7PLhz+mpBXHoRJTkmIkEOd8esqWdp/Lp4H+hOCvZO5dhepWI/N
T/32oWBbwysfuPgPP5vxRhM9NIUYVPOR6puBMCcN0mpjfvMQZsBjnVaBO8PMH6Ly
ukkVHhwWm9jjReK91oYpxeWkkuRa4NVAViei6B7ID7PjaugrgTPTsi3Vm7cKbOnC
sZ5X1EL0+46SMeGdrFe5cksUy0dv85igtjg/WWFSeJ/ITM/LUKvE4cVETWwCVMNs
dTbPzlhfG2M6X3hCcPYHl3v/kgzPe0pPPdsFE3QJRZjGr+sCp1Xy9Vf31QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/wv8hGHV2o5o1NulJUO7FGJ35sMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvcl9DX3lFWWRYYWptalUyNlVsUTdzVVluZm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2zyMA0G
CSqGSIb3DQEBCwUAA4IBAQAEbIj7CYkjSvBYoXHqaev89JJNXveEt11WCLCALX5P
N8G5haNXtg3/5zeF/aIbJVIbidK9tdzMq5MM86/VLdw4ySGrjvLEIrrovCFap3qd
dooi2Of2yxMCgGkcsrh9JHZl2GReH7/Z8HGoMHZMLxnCSdYfcjfaFtdMR1UcdGYV
EPZCf0uMZANOGwyDgZcf3upYR8+3QbJtg86VgZ7ZU+A1at2ffdXHyTJZZiej/iV7
EB7BdhA0iWrvdzSfNZNNpriDLJEGgvp8e3uGsd0SV4QhNk+HxzY9s6SqNEys+rPg
dLQn6RLZDU2i8bkYApgety1JWzM/SGa/vVOl8ekr9uYp
-----END CERTIFICATE-----