Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/G3JRkLJnkrgSFCna87WCEmSVGH0.roa
File:                     G3JRkLJnkrgSFCna87WCEmSVGH0.roa (raw, json)
Hash identifier:          3g5pUOebBrRpT5C2HLKJIrZHlstejRcKgZ896+pk+iw=
Subject key identifier:   1B:72:51:90:B2:67:92:B8:12:14:29:DA:F3:B5:82:12:64:95:18:7D
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019673447D84396DB287A082B8207B17E45A
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/G3JRkLJnkrgSFCna87WCEmSVGH0.roa
Signing time:             Sat 26 Apr 2025 18:03:10 +0000
ROA not before:           Sat 26 Apr 2025 18:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        91.108.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:73:44:7d:84:39:6d:b2:87:a0:82:b8:20:7b:17:e4:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr 26 18:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b725190b26792b8121429daf3b582126495187d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2f:d3:09:f1:d7:c6:0b:85:79:c3:28:84:e5:
                    b6:3a:bb:19:4a:f5:00:e9:7c:33:7a:aa:64:8c:63:
                    87:57:23:18:ed:c7:07:d7:db:d8:a1:22:4f:32:17:
                    b7:87:38:ee:9b:c6:31:b6:8e:79:15:7d:54:97:4a:
                    01:7f:6d:2d:a3:2f:07:f0:ff:8d:74:af:d8:d3:7a:
                    dc:a3:3b:23:6c:5b:aa:6c:39:d4:3b:35:ef:5d:ea:
                    ae:0e:b1:dc:22:0c:3c:8c:f1:be:22:26:6e:63:98:
                    de:76:87:9e:9c:48:53:41:23:7a:0d:c2:79:6f:12:
                    bc:37:1a:ca:c5:41:56:4c:41:a5:d6:0e:07:27:96:
                    39:5b:61:d9:25:e1:66:b5:7f:6f:ed:0e:01:d5:54:
                    4b:b9:9c:20:de:aa:58:81:97:ec:03:84:3d:57:2a:
                    d0:be:10:45:c6:03:76:af:24:e7:f4:29:36:5a:cc:
                    bd:5d:7f:ef:cb:ff:24:7d:40:8b:7f:0b:ba:25:aa:
                    81:18:cc:f2:89:99:c4:79:d0:b2:8b:b0:37:a3:d3:
                    5c:b2:64:c1:f4:8e:9b:36:21:24:cc:8d:96:2e:3d:
                    5d:e6:5e:12:6d:77:54:18:5f:81:f3:04:41:31:bb:
                    8f:e7:68:58:2d:66:cf:59:06:09:c7:1d:b8:c1:98:
                    f1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:72:51:90:B2:67:92:B8:12:14:29:DA:F3:B5:82:12:64:95:18:7D
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/G3JRkLJnkrgSFCna87WCEmSVGH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:24:b9:d7:7f:31:e6:eb:fc:30:f9:34:8f:98:05:80:9e:da:
         8b:d4:5f:57:b1:a5:da:05:77:e1:11:37:bd:65:34:69:71:19:
         ac:29:bc:d3:34:b9:68:d8:0c:8e:ac:f7:0d:ec:33:f2:c8:ac:
         f2:0d:7c:3d:cd:2b:82:49:3c:5a:0d:96:c5:f9:51:24:14:db:
         32:37:3b:a0:f1:47:43:e4:97:90:fb:f5:04:8f:7e:bf:19:ad:
         20:c9:08:de:25:86:ce:c0:c3:7d:da:8b:15:a1:bb:60:d3:e9:
         5d:df:6d:d9:c0:0a:6a:2a:41:94:37:4e:da:32:d1:ce:5d:32:
         d7:8d:fa:d0:ab:08:df:5a:55:bd:e5:d7:48:8a:5c:d5:8c:3e:
         68:fc:7e:00:0a:7a:25:db:22:4d:bc:68:a4:63:01:9c:a4:c0:
         8b:46:20:bb:a0:fe:09:07:d6:cd:e0:dd:ff:93:e6:04:a4:ca:
         94:d1:a4:00:8c:ad:ab:c5:63:98:32:99:c4:61:18:c8:78:42:
         2b:c8:0a:91:85:0c:0a:3f:a1:25:b9:a8:74:c7:69:f7:a1:e1:
         20:ed:11:96:71:21:06:97:45:8b:f8:72:66:25:00:39:e2:43:
         6f:3c:3e:b1:68:08:bb:45:7d:ff:bb:35:7c:b4:f7:67:92:de:
         e2:6d:13:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZzRH2EOW2yh6CCuCB7F+RaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNDI2MTgwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjcyNTE5MGIyNjc5MmI4MTIxNDI5ZGFmM2I1ODIxMjY0OTUxODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4S/TCfHXxguFecMohOW2OrsZSvUA
6XwzeqpkjGOHVyMY7ccH19vYoSJPMhe3hzjum8Yxto55FX1Ul0oBf20toy8H8P+N
dK/Y03rcozsjbFuqbDnUOzXvXequDrHcIgw8jPG+IiZuY5jedoeenEhTQSN6DcJ5
bxK8NxrKxUFWTEGl1g4HJ5Y5W2HZJeFmtX9v7Q4B1VRLuZwg3qpYgZfsA4Q9VyrQ
vhBFxgN2ryTn9Ck2Wsy9XX/vy/8kfUCLfwu6JaqBGMzyiZnEedCyi7A3o9NcsmTB
9I6bNiEkzI2WLj1d5l4SbXdUGF+B8wRBMbuP52hYLWbPWQYJxx24wZjx8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtyUZCyZ5K4EhQp2vO1ghJklRh9MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvRzNKUmtMSm5rcmdTRkNuYTg3V0NFbVNWR0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2ztMA0G
CSqGSIb3DQEBCwUAA4IBAQAOJLnXfzHm6/ww+TSPmAWAntqL1F9XsaXaBXfhETe9
ZTRpcRmsKbzTNLlo2AyOrPcN7DPyyKzyDXw9zSuCSTxaDZbF+VEkFNsyNzug8UdD
5JeQ+/UEj36/Ga0gyQjeJYbOwMN92osVobtg0+ld323ZwApqKkGUN07aMtHOXTLX
jfrQqwjfWlW95ddIilzVjD5o/H4ACnol2yJNvGikYwGcpMCLRiC7oP4JB9bN4N3/
k+YEpMqU0aQAjK2rxWOYMpnEYRjIeEIryAqRhQwKP6Eluah0x2n3oeEg7RGWcSEG
l0WL+HJmJQA54kNvPD6xaAi7RX3/uzV8tPdnkt7ibRMg
-----END CERTIFICATE-----