Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/myS70wSaXraGlV45HLBBmwXwrwc.roa
File:                     myS70wSaXraGlV45HLBBmwXwrwc.roa (raw, json)
Hash identifier:          FZsWjRMS6HiCSjpm2cjqK9xWh87tWd8uC6DrqvB4t9Q=
Subject key identifier:   9B:24:BB:D3:04:9A:5E:B6:86:95:5E:39:1C:B0:41:9B:05:F0:AF:07
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019673456807DE5C5731FDA105053ECDA33A
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/myS70wSaXraGlV45HLBBmwXwrwc.roa
Signing time:             Sat 26 Apr 2025 18:04:10 +0000
ROA not before:           Sat 26 Apr 2025 18:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        91.108.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 20:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:73:45:68:07:de:5c:57:31:fd:a1:05:05:3e:cd:a3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr 26 18:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b24bbd3049a5eb686955e391cb0419b05f0af07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:b0:6b:38:23:ba:e0:3e:31:1a:c5:22:ba:4d:
                    18:fd:86:bb:8b:9c:0d:24:6f:54:1b:25:13:9b:36:
                    6c:77:29:16:4d:f0:f1:1b:ea:39:60:a5:e4:1d:e9:
                    2b:af:a8:c2:b5:b7:a4:71:1f:4a:71:b9:dd:00:73:
                    d0:6e:ec:fc:4f:7c:00:df:12:36:18:a8:cf:d6:10:
                    c4:4a:44:b3:71:29:ca:db:d6:6c:da:45:d1:43:90:
                    9e:93:be:02:9d:b8:55:09:e3:1e:e6:a8:c3:cb:54:
                    25:df:12:cc:99:60:17:c9:bc:f3:cd:88:32:78:58:
                    f9:dc:52:65:99:24:01:61:d0:91:44:63:0a:67:53:
                    2b:35:c9:65:4d:10:20:f5:84:08:f1:de:15:d0:54:
                    67:fb:6f:c8:80:09:30:5a:49:3b:42:4b:7b:d8:6b:
                    3a:29:53:b6:40:e2:7f:0b:62:1d:27:7a:e4:28:c7:
                    e0:ca:30:7e:6d:08:39:9c:62:fe:54:49:03:3d:cd:
                    31:d6:84:65:3d:88:b8:f7:0f:b8:d4:dd:64:cb:f5:
                    8b:84:0b:19:1a:6c:a2:de:1d:14:03:8c:5e:7f:32:
                    c1:2e:6f:1e:6e:48:f6:b8:7f:4d:94:f8:ec:f5:13:
                    e2:22:41:12:d8:6f:a2:75:5b:e7:12:e0:b6:7f:04:
                    9f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:24:BB:D3:04:9A:5E:B6:86:95:5E:39:1C:B0:41:9B:05:F0:AF:07
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/myS70wSaXraGlV45HLBBmwXwrwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:fb:09:c4:36:6a:40:f2:81:2a:ba:25:15:96:fa:b6:8c:ae:
         c4:e2:67:35:4c:b8:be:1b:d3:75:31:16:c9:3e:d2:ec:14:41:
         ff:18:b6:f4:e4:95:75:02:cd:f2:68:92:4e:db:e5:41:24:75:
         ab:e9:a2:ab:aa:7e:37:64:59:b9:81:1e:8c:d9:8b:68:27:72:
         69:23:05:7f:61:2d:f1:fa:9a:d4:10:54:e4:c0:83:86:e6:a5:
         a4:cf:40:a7:db:e7:f6:b9:c6:37:ed:73:7c:62:e5:29:54:b3:
         6f:a0:78:63:2e:92:d8:6f:8b:0c:35:c3:d6:45:9e:dc:d2:ca:
         cd:65:e9:d3:05:4f:b1:4e:ff:22:ed:74:59:ef:65:87:78:ed:
         ea:45:39:37:48:33:b1:6f:29:d0:72:28:66:66:fc:1c:bf:e0:
         52:2a:6a:0f:cb:ae:10:9c:67:0c:6f:02:c5:74:3e:8b:bd:08:
         ff:53:b0:a6:03:32:d5:78:0d:0a:3a:96:cc:ae:ca:6d:f4:6a:
         19:dd:5c:c5:36:15:8a:30:ff:32:81:a7:e7:e5:d4:65:e9:ae:
         03:77:4c:9d:2f:8b:53:91:3a:65:19:bf:d1:a7:6b:fe:1d:d5:
         59:f6:0c:ec:86:30:85:4f:ee:10:f1:aa:e8:44:5b:ae:47:f5:
         cd:8d:93:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZzRWgH3lxXMf2hBQU+zaM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNDI2MTgwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjI0YmJkMzA0OWE1ZWI2ODY5NTVlMzkxY2IwNDE5YjA1ZjBhZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+bBrOCO64D4xGsUiuk0Y/Ya7i5wN
JG9UGyUTmzZsdykWTfDxG+o5YKXkHekrr6jCtbekcR9KcbndAHPQbuz8T3wA3xI2
GKjP1hDESkSzcSnK29Zs2kXRQ5Cek74CnbhVCeMe5qjDy1Ql3xLMmWAXybzzzYgy
eFj53FJlmSQBYdCRRGMKZ1MrNcllTRAg9YQI8d4V0FRn+2/IgAkwWkk7Qkt72Gs6
KVO2QOJ/C2IdJ3rkKMfgyjB+bQg5nGL+VEkDPc0x1oRlPYi49w+41N1ky/WLhAsZ
Gmyi3h0UA4xefzLBLm8ebkj2uH9NlPjs9RPiIkES2G+idVvnEuC2fwSfHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsku9MEml62hpVeORywQZsF8K8HMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvbXlTNzB3U2FYcmFHbFY0NUhMQkJtd1h3cndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2z8MA0G
CSqGSIb3DQEBCwUAA4IBAQAO+wnENmpA8oEquiUVlvq2jK7E4mc1TLi+G9N1MRbJ
PtLsFEH/GLb05JV1As3yaJJO2+VBJHWr6aKrqn43ZFm5gR6M2YtoJ3JpIwV/YS3x
+prUEFTkwIOG5qWkz0Cn2+f2ucY37XN8YuUpVLNvoHhjLpLYb4sMNcPWRZ7c0srN
ZenTBU+xTv8i7XRZ72WHeO3qRTk3SDOxbynQcihmZvwcv+BSKmoPy64QnGcMbwLF
dD6LvQj/U7CmAzLVeA0KOpbMrspt9GoZ3VzFNhWKMP8ygafn5dRl6a4Dd0ydL4tT
kTplGb/Rp2v+HdVZ9gzshjCFT+4Q8aroRFuuR/XNjZOh
-----END CERTIFICATE-----