Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yb9tsCfpQgyQVhV8fqh-Sp_yitA.roa
File:                     Yb9tsCfpQgyQVhV8fqh-Sp_yitA.roa (raw, json)
Hash identifier:          2hs56XjZJhM4FFxn6rpMfJzmdBVo5/6HusR5cW2LXtA=
Subject key identifier:   61:BF:6D:B0:27:E9:42:0C:90:56:15:7C:7E:A8:7E:4A:9F:F2:8A:D0
Certificate issuer:       /CN=62beaa57c67aeb5bafd99793ab4846850a796c28
Certificate serial:       019437C66F99FA792BE8281CE453343AC3ED
Authority key identifier: 62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yb9tsCfpQgyQVhV8fqh-Sp_yitA.roa
Signing time:             Sun 05 Jan 2025 18:42:19 +0000
ROA not before:           Sun 05 Jan 2025 18:42:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        91.239.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:37:c6:6f:99:fa:79:2b:e8:28:1c:e4:53:34:3a:c3:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62beaa57c67aeb5bafd99793ab4846850a796c28
        Validity
            Not Before: Jan  5 18:42:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61bf6db027e9420c9056157c7ea87e4a9ff28ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:94:71:13:2e:f4:ca:6f:2b:2c:2d:02:b9:52:
                    a1:56:dc:c9:08:c4:41:72:20:8c:02:36:b0:8d:02:
                    26:5b:64:a2:56:31:cc:df:cc:fa:c9:03:74:2b:a7:
                    00:22:1b:2a:5a:5b:22:99:9c:ac:c1:79:8d:2e:f7:
                    c2:9b:22:3d:54:0f:dc:95:f5:1c:5b:47:b7:78:55:
                    1b:36:db:b4:5a:70:c4:07:54:8d:39:b2:71:5c:81:
                    12:3d:a5:f8:11:11:32:3c:be:e8:2d:20:19:fb:fa:
                    93:46:e6:52:e3:9a:35:4b:e0:43:df:34:8c:63:ef:
                    b8:a3:5e:30:d2:0a:f3:e8:ea:2b:9e:a7:cd:cc:56:
                    54:a5:5f:ad:16:fd:f4:6f:45:6a:b4:28:d1:5d:27:
                    e4:ae:76:33:0f:e7:75:72:f5:5a:2e:ab:26:54:36:
                    61:47:24:6d:91:9f:19:87:77:4c:f7:c7:7f:4b:9b:
                    6e:3e:d2:16:b7:33:e7:59:8e:3d:6c:38:37:a9:ed:
                    12:5c:9a:8d:57:3f:b1:44:60:30:96:7f:02:1d:84:
                    78:f7:7a:36:1b:48:a3:65:b6:37:c7:f1:85:ae:fc:
                    64:b1:90:f4:24:78:46:28:d4:3a:45:00:ba:26:ad:
                    d6:9d:77:a6:2d:56:de:42:95:8d:99:5d:d6:65:5f:
                    23:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BF:6D:B0:27:E9:42:0C:90:56:15:7C:7E:A8:7E:4A:9F:F2:8A:D0
            X509v3 Authority Key Identifier:
                keyid:62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yb9tsCfpQgyQVhV8fqh-Sp_yitA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:6a:99:f0:12:7a:4d:7e:56:54:af:16:68:05:ae:94:d6:be:
         d3:82:3f:cc:39:51:ac:28:8e:be:a7:43:90:69:fe:6c:72:7d:
         b0:05:3d:b1:bd:75:ea:01:1e:d3:fd:33:f5:e1:44:9f:04:8c:
         0d:3f:cb:62:78:46:8a:c8:ff:ab:aa:28:b1:6a:32:a6:e3:71:
         f8:df:e8:b8:ed:38:14:31:ec:b5:ea:b9:e7:30:15:8f:a1:f8:
         35:c7:55:72:c5:cf:bb:11:39:8c:eb:f1:7e:1f:07:0f:38:e1:
         c7:ad:48:93:e8:3d:ce:5e:34:19:97:26:92:be:3b:cf:a9:15:
         e6:28:e0:96:9c:94:6f:04:54:82:4d:10:9b:eb:02:e5:3b:f0:
         0e:1a:d9:f6:41:af:55:d6:6f:e3:e2:4a:77:36:0e:f7:03:b7:
         5b:e1:42:97:e2:c9:97:dc:a9:5c:a3:3a:a6:a6:90:2f:2d:32:
         05:69:a0:f4:db:45:d0:d8:00:2e:56:69:40:91:56:11:bc:53:
         1e:30:25:d4:fc:3f:14:50:cc:9c:91:fd:27:25:1f:2d:bb:8d:
         fe:97:ba:3e:79:3c:a6:6d:76:52:9e:e4:fd:8c:e1:99:27:e1:
         7a:0d:7c:f3:e2:47:d2:5b:71:82:c5:dc:a2:38:ae:1e:38:ae:
         98:6f:af:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ3xm+Z+nkr6Cgc5FM0OsPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVhYTU3YzY3YWViNWJhZmQ5OTc5M2FiNDg0Njg1MGE3
OTZjMjgwHhcNMjUwMTA1MTg0MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJmNmRiMDI3ZTk0MjBjOTA1NjE1N2M3ZWE4N2U0YTlmZjI4YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pRxEy70ym8rLC0CuVKhVtzJCMRB
ciCMAjawjQImW2SiVjHM38z6yQN0K6cAIhsqWlsimZyswXmNLvfCmyI9VA/clfUc
W0e3eFUbNtu0WnDEB1SNObJxXIESPaX4EREyPL7oLSAZ+/qTRuZS45o1S+BD3zSM
Y++4o14w0grz6OornqfNzFZUpV+tFv30b0VqtCjRXSfkrnYzD+d1cvVaLqsmVDZh
RyRtkZ8Zh3dM98d/S5tuPtIWtzPnWY49bDg3qe0SXJqNVz+xRGAwln8CHYR493o2
G0ijZbY3x/GFrvxksZD0JHhGKNQ6RQC6Jq3WnXemLVbeQpWNmV3WZV8j4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG/bbAn6UIMkFYVfH6ofkqf8orQMB8GA1UdIwQY
MBaAFGK+qlfGeutbr9mXk6tIRoUKeWwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUt
OTg4MGYwNGRiOTRhLzEvWWI5dHNDZnBRZ3lRVmhWOGZxaC1TcF95aXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUtOTg4MGYwNGRiOTRh
LzEvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++9MA0G
CSqGSIb3DQEBCwUAA4IBAQAaapnwEnpNflZUrxZoBa6U1r7Tgj/MOVGsKI6+p0OQ
af5scn2wBT2xvXXqAR7T/TP14USfBIwNP8tieEaKyP+rqiixajKm43H43+i47TgU
Mey16rnnMBWPofg1x1Vyxc+7ETmM6/F+HwcPOOHHrUiT6D3OXjQZlyaSvjvPqRXm
KOCWnJRvBFSCTRCb6wLlO/AOGtn2Qa9V1m/j4kp3Ng73A7db4UKX4smX3Klcozqm
ppAvLTIFaaD020XQ2AAuVmlAkVYRvFMeMCXU/D8UUMyckf0nJR8tu43+l7o+eTym
bXZSnuT9jOGZJ+F6DXzz4kfSW3GCxdyiOK4eOK6Yb69p
-----END CERTIFICATE-----