Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/cBEyoeOIQqPilDWr0_I994MOPuI.roa
File:                     cBEyoeOIQqPilDWr0_I994MOPuI.roa (raw, json)
Hash identifier:          isPNyBmr4XWxQFWKBdpcs0T6FtXR/DTgtbw1P60u2i4=
Subject key identifier:   70:11:32:A1:E3:88:42:A3:E2:94:35:AB:D3:F2:3D:F7:83:0E:3E:E2
Certificate issuer:       /CN=4728eba001359cdd418346f651c0a187c89fbabf
Certificate serial:       019424455D2DB5C39123E12239BDD38EEFF3
Authority key identifier: 47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/cBEyoeOIQqPilDWr0_I994MOPuI.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48613
IP address blocks:        91.233.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5d:2d:b5:c3:91:23:e1:22:39:bd:d3:8e:ef:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4728eba001359cdd418346f651c0a187c89fbabf
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=701132a1e38842a3e29435abd3f23df7830e3ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a2:53:23:d6:15:28:87:49:47:05:a4:47:15:
                    15:4c:b9:d8:74:8f:1c:b3:28:38:af:19:79:4d:3d:
                    79:6c:24:ae:5c:c9:00:8c:cd:59:d8:db:6e:47:fc:
                    25:f5:38:f1:51:48:ff:47:21:c9:2e:34:d5:22:31:
                    93:b1:cf:9a:5f:57:da:56:e2:64:51:2c:c7:ff:ce:
                    f3:75:cf:0a:b4:f4:2e:71:87:ff:86:69:bb:e8:36:
                    55:09:a4:64:f1:6a:9d:76:dc:d9:82:6a:42:ae:ce:
                    82:63:84:54:46:53:c5:f3:5d:95:93:67:32:f3:77:
                    1b:d4:cf:c8:21:32:47:1f:e1:4c:c8:c8:17:36:3a:
                    77:6a:20:56:d8:25:15:e9:fb:11:2c:66:f5:f3:55:
                    d7:7d:db:0d:1d:b8:b8:e3:cc:11:cb:96:95:88:e9:
                    98:7f:7f:10:d0:b7:26:80:ce:ba:2e:d8:3a:be:6c:
                    c5:31:d4:5b:39:8d:8b:04:44:20:63:d3:12:d4:09:
                    6a:c4:54:41:ea:fd:14:67:38:10:1d:95:04:56:10:
                    34:65:a9:f9:ec:eb:88:93:22:4a:ad:4c:05:8f:9c:
                    70:5d:0a:86:d0:76:a0:40:5b:10:c6:cc:58:08:47:
                    fe:80:fb:0d:a0:3d:65:de:db:fd:b9:62:a0:14:e5:
                    85:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:11:32:A1:E3:88:42:A3:E2:94:35:AB:D3:F2:3D:F7:83:0E:3E:E2
            X509v3 Authority Key Identifier:
                keyid:47:28:EB:A0:01:35:9C:DD:41:83:46:F6:51:C0:A1:87:C8:9F:BA:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyjroAE1nN1Bg0b2UcChh8ifur8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/cBEyoeOIQqPilDWr0_I994MOPuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/28c5b6-23f0-45fb-9b21-294d9cf79e2e/1/RyjroAE1nN1Bg0b2UcChh8ifur8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:aa:ad:f8:69:2b:a9:f1:2d:56:37:c1:bf:4c:6d:a8:9d:e1:
         b7:72:e1:a0:fc:af:77:4e:e0:a6:30:b5:d6:a1:6d:e1:f9:42:
         a5:34:e3:6e:73:64:3f:21:3b:29:12:eb:36:dc:8d:6b:39:00:
         bd:05:8c:eb:22:c0:43:bd:aa:4a:f3:37:58:38:81:62:bf:77:
         5d:a5:f5:42:76:e0:c3:fb:64:ec:45:7d:6e:f8:2a:c8:a4:0c:
         6d:ac:a2:f8:32:4f:4a:b2:a4:df:83:58:6c:a6:92:c2:dc:11:
         4f:aa:35:80:2d:a7:b9:62:1a:ae:19:bc:ab:c3:43:06:bd:2c:
         a0:a1:e7:b0:7f:f9:68:02:ab:1d:36:3c:2c:3f:f8:94:6a:71:
         f5:97:1c:d3:5e:85:33:f8:98:18:16:34:a9:b0:b5:15:d1:57:
         82:15:31:67:73:0a:45:c1:62:5a:f8:c1:fc:fc:66:6f:f0:e1:
         02:53:0c:f2:5e:0e:98:0d:0e:03:a0:f1:56:91:67:62:3e:11:
         b6:db:17:64:e1:77:13:53:d6:b2:f7:b7:dc:27:62:c4:93:e9:
         e2:0e:f5:32:8a:47:18:ed:07:7a:9d:49:4d:d9:c4:ee:e8:54:
         f9:27:16:9c:99:bb:e3:2f:0a:1f:c4:fc:9c:5a:3b:5f:bf:a2:
         9b:a5:25:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV0ttcORI+EiOb3Tju/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjhlYmEwMDEzNTljZGQ0MTgzNDZmNjUxYzBhMTg3Yzg5
ZmJhYmYwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDExMzJhMWUzODg0MmEzZTI5NDM1YWJkM2YyM2RmNzgzMGUzZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKJTI9YVKIdJRwWkRxUVTLnYdI8c
syg4rxl5TT15bCSuXMkAjM1Z2NtuR/wl9TjxUUj/RyHJLjTVIjGTsc+aX1faVuJk
USzH/87zdc8KtPQucYf/hmm76DZVCaRk8WqddtzZgmpCrs6CY4RURlPF812Vk2cy
83cb1M/IITJHH+FMyMgXNjp3aiBW2CUV6fsRLGb181XXfdsNHbi448wRy5aViOmY
f38Q0LcmgM66Ltg6vmzFMdRbOY2LBEQgY9MS1AlqxFRB6v0UZzgQHZUEVhA0Zan5
7OuIkyJKrUwFj5xwXQqG0HagQFsQxsxYCEf+gPsNoD1l3tv9uWKgFOWFAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHARMqHjiEKj4pQ1q9PyPfeDDj7iMB8GA1UdIwQY
MBaAFEco66ABNZzdQYNG9lHAoYfIn7q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEt
Mjk0ZDljZjc5ZTJlLzEvY0JFeW9lT0lRcVBpbERXcjBfSTk5NE1PUHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yOGM1YjYtMjNmMC00NWZiLTliMjEtMjk0ZDljZjc5ZTJl
LzEvUnlqcm9BRTFuTjFCZzBiMlVjQ2hoOGlmdXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kzMA0G
CSqGSIb3DQEBCwUAA4IBAQCGqq34aSup8S1WN8G/TG2oneG3cuGg/K93TuCmMLXW
oW3h+UKlNONuc2Q/ITspEus23I1rOQC9BYzrIsBDvapK8zdYOIFiv3ddpfVCduDD
+2TsRX1u+CrIpAxtrKL4Mk9KsqTfg1hsppLC3BFPqjWALae5YhquGbyrw0MGvSyg
oeewf/loAqsdNjwsP/iUanH1lxzTXoUz+JgYFjSpsLUV0VeCFTFncwpFwWJa+MH8
/GZv8OECUwzyXg6YDQ4DoPFWkWdiPhG22xdk4XcTU9ay97fcJ2LEk+niDvUyikcY
7Qd6nUlN2cTu6FT5JxacmbvjLwofxPycWjtfv6KbpSV/
-----END CERTIFICATE-----