Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iiwElwQn7nk03niVMftaf-oYtG0.roa
File:                     iiwElwQn7nk03niVMftaf-oYtG0.roa (raw, json)
Hash identifier:          G+8w5O0XdyFzN03q1IPZ+j64/H714HOpQTRSvZ63AIY=
Subject key identifier:   8A:2C:04:97:04:27:EE:79:34:DE:78:95:31:FB:5A:7F:EA:18:B4:6D
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0198A5852AE6DFE892FD067520A67AB31AED
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iiwElwQn7nk03niVMftaf-oYtG0.roa
Signing time:             Wed 13 Aug 2025 22:20:24 +0000
ROA not before:           Wed 13 Aug 2025 22:20:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.108.237.0/24 maxlen: 24
                          193.106.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a5:85:2a:e6:df:e8:92:fd:06:75:20:a6:7a:b3:1a:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Aug 13 22:20:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a2c04970427ee7934de789531fb5a7fea18b46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6d:e9:34:99:52:77:96:91:a8:01:fa:cb:70:
                    01:49:28:ec:ba:26:09:c9:25:6d:da:90:cf:05:bc:
                    c3:b9:28:98:33:d8:89:98:72:ab:59:b5:61:4f:40:
                    a0:4c:a6:2b:dd:1d:15:22:bb:f9:03:ec:e5:ad:95:
                    87:e2:e5:d2:64:d3:39:01:39:a1:4a:99:e0:ae:91:
                    c3:c7:d2:b7:2d:b9:ff:73:bb:c7:70:4e:e7:88:52:
                    f0:63:d2:b4:b6:b3:e7:7c:3a:d4:cd:1c:77:fe:89:
                    cb:19:6e:31:87:e7:3b:20:de:ef:e0:25:d6:49:33:
                    be:ae:cd:25:51:45:02:df:61:71:46:41:a5:e4:eb:
                    0b:49:29:18:3b:ca:73:6a:4b:80:75:93:77:b2:9c:
                    d3:83:3d:b6:11:0c:d5:79:98:b4:bc:85:43:a9:1e:
                    e1:61:c3:3e:f9:2d:c0:4f:40:42:3c:4d:d5:4d:e2:
                    b6:33:98:28:83:09:c8:b5:64:08:ef:88:a3:26:9b:
                    f3:e8:16:70:97:9a:c0:74:8b:be:36:75:7d:14:a7:
                    db:45:3f:8a:bc:32:89:32:55:73:75:b7:c9:4c:76:
                    99:2f:e4:51:ee:c6:79:17:67:ad:3c:88:92:91:03:
                    66:5a:1e:1c:27:59:42:b2:46:50:dc:83:ef:bb:7d:
                    9e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2C:04:97:04:27:EE:79:34:DE:78:95:31:FB:5A:7F:EA:18:B4:6D
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/iiwElwQn7nk03niVMftaf-oYtG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.237.0/24
                  193.106.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f6:57:38:f5:78:8c:c6:6e:20:ad:bf:84:bc:a8:65:27:3c:
         7f:97:6b:82:c9:51:96:54:99:10:c8:ad:3e:af:4b:a0:c1:fe:
         c5:95:6e:2b:09:98:80:df:8d:e5:1a:76:59:fa:96:ef:f4:ab:
         f4:c7:4d:8b:29:43:bc:d0:39:c3:ca:c1:e9:68:0d:0b:f9:fa:
         ac:0e:7b:fd:5d:9b:05:99:3b:97:83:44:96:59:f0:b1:ad:eb:
         be:5b:12:a3:51:39:54:27:14:3b:9d:9f:9a:c3:ad:d5:77:d8:
         d6:c5:7f:5b:86:bd:dc:d3:68:8b:53:2a:b7:ff:ea:1f:d8:ae:
         a9:e6:23:9d:96:a5:b4:fa:1d:f9:0b:f0:5d:bf:1d:1d:15:25:
         ea:0e:a1:0d:64:d5:bf:07:e0:7c:20:4b:be:2c:d5:9d:3c:07:
         04:b2:36:37:83:eb:dc:85:9a:af:0e:66:5e:42:e4:a2:82:86:
         ab:02:d4:2e:94:d1:72:d1:c5:04:c7:9a:14:dc:75:41:3b:09:
         54:98:b4:b5:a8:d1:2d:65:c0:3c:a6:f1:ff:c5:d0:82:43:d0:
         3c:e2:08:b6:b9:e1:84:b4:04:b0:1c:6c:4d:c7:57:08:e6:ed:
         60:87:16:32:ef:c4:7d:ce:f7:3a:34:aa:e0:d8:48:9e:d8:00:
         8b:63:8c:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZilhSrm3+iS/QZ1IKZ6sxrtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwODEzMjIyMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTJjMDQ5NzA0MjdlZTc5MzRkZTc4OTUzMWZiNWE3ZmVhMThiNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq23pNJlSd5aRqAH6y3ABSSjsuiYJ
ySVt2pDPBbzDuSiYM9iJmHKrWbVhT0CgTKYr3R0VIrv5A+zlrZWH4uXSZNM5ATmh
SpngrpHDx9K3Lbn/c7vHcE7niFLwY9K0trPnfDrUzRx3/onLGW4xh+c7IN7v4CXW
STO+rs0lUUUC32FxRkGl5OsLSSkYO8pzakuAdZN3spzTgz22EQzVeZi0vIVDqR7h
YcM++S3AT0BCPE3VTeK2M5gogwnItWQI74ijJpvz6BZwl5rAdIu+NnV9FKfbRT+K
vDKJMlVzdbfJTHaZL+RR7sZ5F2etPIiSkQNmWh4cJ1lCskZQ3IPvu32eGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIosBJcEJ+55NN54lTH7Wn/qGLRtMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvaWl3RWx3UW43bmswM25pVk1mdGFmLW9ZdEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW2ztAwQA
wWrFMA0GCSqGSIb3DQEBCwUAA4IBAQBD9lc49XiMxm4grb+EvKhlJzx/l2uCyVGW
VJkQyK0+r0ugwf7FlW4rCZiA343lGnZZ+pbv9Kv0x02LKUO80DnDysHpaA0L+fqs
Dnv9XZsFmTuXg0SWWfCxreu+WxKjUTlUJxQ7nZ+aw63Vd9jWxX9bhr3c02iLUyq3
/+of2K6p5iOdlqW0+h35C/Bdvx0dFSXqDqENZNW/B+B8IEu+LNWdPAcEsjY3g+vc
hZqvDmZeQuSigoarAtQulNFy0cUEx5oU3HVBOwlUmLS1qNEtZcA8pvH/xdCCQ9A8
4gi2ueGEtASwHGxNx1cI5u1ghxYy78R9zvc6NKrg2Eie2ACLY4xl
-----END CERTIFICATE-----