Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rPfrcA5mjZuF_3h6CvRoM6CKaHY.roa
File:                     rPfrcA5mjZuF_3h6CvRoM6CKaHY.roa (raw, json)
Hash identifier:          NtmAMHp+MSVAwh/AmTYU0C1XIPDHm/LFrjAn7E9M8BA=
Subject key identifier:   AC:F7:EB:70:0E:66:8D:9B:85:FF:78:7A:0A:F4:68:33:A0:8A:68:76
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       0196869213E6C2811F5C537DD1FC17D7F134
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rPfrcA5mjZuF_3h6CvRoM6CKaHY.roa
Signing time:             Wed 30 Apr 2025 12:00:42 +0000
ROA not before:           Wed 30 Apr 2025 12:00:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9291
IP address blocks:        91.108.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:92:13:e6:c2:81:1f:5c:53:7d:d1:fc:17:d7:f1:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr 30 12:00:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acf7eb700e668d9b85ff787a0af46833a08a6876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:18:30:88:df:77:f5:a1:21:0c:35:48:4a:02:
                    48:95:d7:58:97:a7:0a:58:0a:56:15:a0:28:3e:38:
                    43:c8:ec:45:10:41:81:d2:37:51:19:31:fb:11:50:
                    55:32:60:e1:d7:74:f5:bd:f0:0a:17:02:2b:7d:11:
                    4d:16:75:dc:b2:0e:5f:c1:db:14:92:40:d7:17:1e:
                    7f:e1:68:bb:89:eb:53:df:a1:b6:ef:a4:5c:67:fb:
                    73:b1:8a:62:d7:be:22:3a:c6:8b:7d:6c:85:5e:de:
                    31:bf:08:47:eb:7e:bb:54:72:c2:1a:a7:3d:a1:e5:
                    f2:7f:f1:63:22:41:65:ec:55:e3:84:b4:8d:f7:cc:
                    99:df:e4:59:23:19:e2:f5:14:06:3f:bd:0c:8e:a8:
                    f9:57:cc:65:b3:1c:d3:b1:82:fe:15:83:b1:e2:a2:
                    cb:08:69:bf:a1:0f:a5:4a:10:61:54:ce:3d:19:8e:
                    05:74:16:d1:8b:c5:dc:14:1a:72:35:1e:05:d4:fe:
                    c2:41:39:c1:27:86:a7:eb:d3:66:ab:40:0b:b2:94:
                    d4:ba:5d:2b:c2:20:4d:fb:95:19:67:e2:58:50:19:
                    2f:43:60:04:f5:8d:e4:a9:04:82:06:aa:c2:72:d4:
                    72:c6:4a:19:a3:c5:f6:27:54:7a:c7:d0:c8:78:11:
                    48:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F7:EB:70:0E:66:8D:9B:85:FF:78:7A:0A:F4:68:33:A0:8A:68:76
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/rPfrcA5mjZuF_3h6CvRoM6CKaHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:87:c1:42:80:6d:b1:19:e6:bb:35:67:ec:1f:f2:17:33:8b:
         f6:23:51:87:11:02:e4:a3:d3:1c:7d:68:98:f7:c2:26:18:57:
         f3:cb:af:4c:25:22:20:ee:da:c3:40:fe:7d:cf:3b:4f:d8:72:
         86:c0:e6:00:3a:2f:a4:14:64:b8:51:5c:fe:cc:86:8c:3e:66:
         29:89:e8:55:b6:0a:61:8e:59:9d:04:9f:94:bc:c0:7d:ea:77:
         df:42:0c:56:93:4b:7b:86:cb:52:53:82:53:85:b1:1c:83:ca:
         b7:f6:6f:48:f5:ef:84:1a:b4:02:12:48:22:b4:42:0e:60:69:
         13:91:89:b2:4b:89:33:40:9e:e5:6e:26:84:18:83:cd:dc:95:
         1b:35:b2:44:37:4a:62:26:87:bd:7f:45:5e:4a:dc:a4:a9:4e:
         ea:57:bb:ab:e5:db:d9:7f:94:e6:9f:21:7e:66:b9:8b:ac:44:
         eb:b5:61:20:4e:64:2a:06:88:a7:fe:75:cd:f2:01:90:91:5a:
         ae:ca:4f:14:8b:98:b2:88:f1:d4:ca:c9:fb:ef:63:fa:bf:78:
         e9:6a:54:79:68:83:5a:fd:f9:c0:81:ff:97:af:d0:b3:4b:1a:
         0a:43:92:77:f9:27:09:c2:e6:16:84:dd:92:33:f6:70:5d:16:
         3a:c1:a7:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGkhPmwoEfXFN90fwX1/E0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNDMwMTIwMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y3ZWI3MDBlNjY4ZDliODVmZjc4N2EwYWY0NjgzM2EwOGE2ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxgwiN939aEhDDVISgJIlddYl6cK
WApWFaAoPjhDyOxFEEGB0jdRGTH7EVBVMmDh13T1vfAKFwIrfRFNFnXcsg5fwdsU
kkDXFx5/4Wi7ietT36G276RcZ/tzsYpi174iOsaLfWyFXt4xvwhH6367VHLCGqc9
oeXyf/FjIkFl7FXjhLSN98yZ3+RZIxni9RQGP70Mjqj5V8xlsxzTsYL+FYOx4qLL
CGm/oQ+lShBhVM49GY4FdBbRi8XcFBpyNR4F1P7CQTnBJ4an69Nmq0ALspTUul0r
wiBN+5UZZ+JYUBkvQ2AE9Y3kqQSCBqrCctRyxkoZo8X2J1R6x9DIeBFImQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKz363AOZo2bhf94egr0aDOgimh2MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvclBmcmNBNW1qWnVGXzNoNkN2Um9NNkNLYUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2z9MA0G
CSqGSIb3DQEBCwUAA4IBAQAyh8FCgG2xGea7NWfsH/IXM4v2I1GHEQLko9McfWiY
98ImGFfzy69MJSIg7trDQP59zztP2HKGwOYAOi+kFGS4UVz+zIaMPmYpiehVtgph
jlmdBJ+UvMB96nffQgxWk0t7hstSU4JThbEcg8q39m9I9e+EGrQCEkgitEIOYGkT
kYmyS4kzQJ7lbiaEGIPN3JUbNbJEN0piJoe9f0VeStykqU7qV7ur5dvZf5TmnyF+
ZrmLrETrtWEgTmQqBoin/nXN8gGQkVquyk8Ui5iyiPHUysn772P6v3jpalR5aINa
/fnAgf+Xr9CzSxoKQ5J3+ScJwuYWhN2SM/ZwXRY6wadN
-----END CERTIFICATE-----