Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/YjEhlO99RaAbAkdzt4ZOJGbjnJw.roa
File:                     YjEhlO99RaAbAkdzt4ZOJGbjnJw.roa (raw, json)
Hash identifier:          yFH8ViIKHaeK/f2FpL9G8EG0g2Y66JlUWF53LAa2xS8=
Subject key identifier:   62:31:21:94:EF:7D:45:A0:1B:02:47:73:B7:86:4E:24:66:E3:9C:9C
Certificate issuer:       /CN=4728eba001359cdd418346f651c0a187c89fbabf
Certificate serial:       018CC8DF326854D33B21DEBD20B3672506DE
Authority key identifier: 47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/YjEhlO99RaAbAkdzt4ZOJGbjnJw.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48613
IP address blocks:        91.233.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:32:68:54:d3:3b:21:de:bd:20:b3:67:25:06:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4728eba001359cdd418346f651c0a187c89fbabf
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62312194ef7d45a01b024773b7864e2466e39c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d7:9b:b2:16:fe:cf:12:21:f4:2b:fe:af:42:
                    02:07:c5:d2:f4:dc:90:27:2e:b1:4a:95:88:c2:c2:
                    f9:53:88:8f:a8:56:70:a5:04:31:e4:32:42:4a:2a:
                    04:df:62:70:ed:73:d6:41:f7:42:f4:a6:38:c6:53:
                    b7:57:47:fc:69:66:75:c6:3d:dc:ca:a0:33:89:72:
                    69:89:46:21:54:09:dc:45:70:55:e1:9f:51:84:ac:
                    41:bb:38:99:2f:05:a4:00:b1:01:20:72:4b:bc:24:
                    d7:a2:f4:b4:26:00:7e:9a:a0:b1:b4:04:8b:76:58:
                    30:63:d4:68:f7:3e:85:a8:c3:5e:e1:20:15:12:a9:
                    55:d2:2c:5a:4d:2d:5b:77:0d:d3:0a:33:7b:94:96:
                    95:a1:6a:c4:f8:e2:86:0c:92:61:fb:67:60:62:db:
                    5a:81:2c:cc:91:fa:f9:1f:48:a7:b6:a1:30:42:8c:
                    38:2a:ee:d4:ed:e1:50:00:ef:4f:8a:72:50:d5:39:
                    59:2d:90:14:6e:cf:2b:45:00:2c:23:d3:35:2d:a2:
                    bb:25:44:02:e4:12:ff:3d:35:53:b8:cc:32:ef:91:
                    64:24:d8:17:90:f9:ae:99:2d:b9:29:54:61:61:4b:
                    43:31:c6:14:54:05:71:92:5b:fb:df:bf:a9:19:e6:
                    bc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:31:21:94:EF:7D:45:A0:1B:02:47:73:B7:86:4E:24:66:E3:9C:9C
            X509v3 Authority Key Identifier:
                keyid:47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/YjEhlO99RaAbAkdzt4ZOJGbjnJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:52:15:5d:af:77:3c:56:34:49:28:a6:c1:d5:9c:19:3b:01:
         81:a2:7c:3e:21:57:ab:91:c8:b7:ee:f3:e5:ee:4b:0c:e3:03:
         22:0e:91:04:bb:f2:89:87:12:f5:51:b0:83:97:a8:15:bc:e9:
         e7:bc:26:91:fc:e3:cf:af:a2:4c:11:d6:c2:95:2c:51:fd:86:
         b4:1c:1f:e3:5a:02:cc:99:0a:3b:af:5c:8f:f8:d2:d8:54:dd:
         29:c9:a4:7b:7c:3d:fb:35:12:8c:9b:af:d3:0b:ce:b6:80:8d:
         78:53:62:dd:35:7c:32:6b:41:a0:2d:c2:aa:86:ed:b5:53:e6:
         ec:6f:13:0b:d3:86:cc:8e:bb:17:93:18:cd:80:e0:61:af:48:
         0f:63:7f:80:86:fd:4b:93:42:41:52:bc:c6:73:26:40:4e:d2:
         e1:6b:88:e7:9d:c0:c6:87:d0:2b:fd:37:9b:a4:95:1f:5f:50:
         ef:13:e0:cc:cd:0f:52:95:f9:90:97:43:80:5e:44:b9:c7:8f:
         19:93:05:42:1a:ba:9d:03:e4:87:aa:84:ff:a2:fa:15:0e:4f:
         f4:15:73:44:35:07:03:13:7c:37:cb:02:96:46:79:50:20:f8:
         10:7f:b4:98:97:82:22:5e:fe:c7:98:15:12:b7:14:bd:8f:8e:
         06:9b:af:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zJoVNM7Id69ILNnJQbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjhlYmEwMDEzNTljZGQ0MTgzNDZmNjUxYzBhMTg3Yzg5
ZmJhYmYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjMxMjE5NGVmN2Q0NWEwMWIwMjQ3NzNiNzg2NGUyNDY2ZTM5YzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutebshb+zxIh9Cv+r0ICB8XS9NyQ
Jy6xSpWIwsL5U4iPqFZwpQQx5DJCSioE32Jw7XPWQfdC9KY4xlO3V0f8aWZ1xj3c
yqAziXJpiUYhVAncRXBV4Z9RhKxBuziZLwWkALEBIHJLvCTXovS0JgB+mqCxtASL
dlgwY9Ro9z6FqMNe4SAVEqlV0ixaTS1bdw3TCjN7lJaVoWrE+OKGDJJh+2dgYtta
gSzMkfr5H0intqEwQow4Ku7U7eFQAO9PinJQ1TlZLZAUbs8rRQAsI9M1LaK7JUQC
5BL/PTVTuMwy75FkJNgXkPmumS25KVRhYUtDMcYUVAVxklv737+pGea82wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIxIZTvfUWgGwJHc7eGTiRm45ycMB8GA1UdIwQY
MBaAFEco66ABNZzdQYNG9lHAoYfIn7q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEt
Mjk0ZDljZjc5ZTJlLzEvWWpFaGxPOTlSYUFiQWtkenQ0Wk9KR2Jqbkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEtMjk0ZDljZjc5ZTJl
LzEvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kzMA0G
CSqGSIb3DQEBCwUAA4IBAQB4UhVdr3c8VjRJKKbB1ZwZOwGBonw+IVerkci37vPl
7ksM4wMiDpEEu/KJhxL1UbCDl6gVvOnnvCaR/OPPr6JMEdbClSxR/Ya0HB/jWgLM
mQo7r1yP+NLYVN0pyaR7fD37NRKMm6/TC862gI14U2LdNXwya0GgLcKqhu21U+bs
bxML04bMjrsXkxjNgOBhr0gPY3+Ahv1Lk0JBUrzGcyZATtLha4jnncDGh9Ar/Teb
pJUfX1DvE+DMzQ9SlfmQl0OAXkS5x48ZkwVCGrqdA+SHqoT/ovoVDk/0FXNENQcD
E3w3ywKWRnlQIPgQf7SYl4IiXv7HmBUStxS9j44Gm6+c
-----END CERTIFICATE-----