Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/y9vY7PQkblV9_5mGvnjpI_1sy2c.roa
File:                     y9vY7PQkblV9_5mGvnjpI_1sy2c.roa (raw, json)
Hash identifier:          IUOwXFsA4FATdHPgwe2EY1C0pHGXri80WzQO/bHofMM=
Subject key identifier:   CB:DB:D8:EC:F4:24:6E:55:7D:FF:99:86:BE:78:E9:23:FD:6C:CB:67
Certificate issuer:       /CN=64a3e75c6d0ababc931c2847cdaa865fb8d7f9cf
Certificate serial:       019426D98444459DB75A65CD89DE6E8E8A6C
Authority key identifier: 64:A3:E7:5C:6D:0A:BA:BC:93:1C:28:47:CD:AA:86:5F:B8:D7:F9:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKPnXG0KuryTHChHzaqGX7jX-c8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/y9vY7PQkblV9_5mGvnjpI_1sy2c.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62433
IP address blocks:        91.228.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/ZKPnXG0KuryTHChHzaqGX7jX-c8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/ZKPnXG0KuryTHChHzaqGX7jX-c8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKPnXG0KuryTHChHzaqGX7jX-c8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:84:44:45:9d:b7:5a:65:cd:89:de:6e:8e:8a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a3e75c6d0ababc931c2847cdaa865fb8d7f9cf
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbdbd8ecf4246e557dff9986be78e923fd6ccb67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d2:a9:37:6e:eb:36:6c:d5:98:ee:7e:ea:43:
                    ba:dc:56:31:45:3e:53:3d:85:b9:8d:04:75:5e:9a:
                    39:ea:1c:f4:e2:bd:e6:f0:67:68:d8:e8:2b:ba:de:
                    e8:b5:7b:82:bc:23:d4:8f:5b:57:04:75:0a:15:54:
                    4a:d9:07:5d:19:11:5c:1d:ea:95:88:ba:76:53:b9:
                    18:7f:db:76:bf:f1:a0:ba:0d:6c:f6:4e:c5:1d:09:
                    32:2b:e6:5b:16:a1:42:10:34:41:0f:d5:11:b7:5f:
                    9f:d1:9c:eb:89:8b:f3:96:7e:f2:51:a2:1b:5e:63:
                    28:fb:27:60:57:d6:cd:3a:10:c5:b9:1a:35:ff:46:
                    4d:21:a2:08:63:ac:1c:28:79:13:1c:6a:69:06:cb:
                    2d:1c:11:45:71:3a:b2:d7:d6:a5:3a:b3:c9:76:df:
                    b8:1d:39:37:37:56:48:1f:7a:9c:29:79:99:fc:37:
                    50:f6:9f:6b:89:6a:83:24:46:98:76:b0:0a:56:c7:
                    21:c3:74:0a:15:cf:00:51:de:1e:d8:3f:e9:32:b6:
                    82:3f:9a:fa:f5:45:e4:25:c4:c4:5a:ab:80:fd:c4:
                    86:b5:d1:0b:86:c5:00:16:15:13:75:31:29:e7:f9:
                    89:fd:0e:25:72:2f:1e:41:38:5b:28:ec:23:29:74:
                    21:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:DB:D8:EC:F4:24:6E:55:7D:FF:99:86:BE:78:E9:23:FD:6C:CB:67
            X509v3 Authority Key Identifier:
                keyid:64:A3:E7:5C:6D:0A:BA:BC:93:1C:28:47:CD:AA:86:5F:B8:D7:F9:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKPnXG0KuryTHChHzaqGX7jX-c8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/y9vY7PQkblV9_5mGvnjpI_1sy2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/40c07a-0323-4424-aeb3-f65826ffcbf8/1/ZKPnXG0KuryTHChHzaqGX7jX-c8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3a:0f:fb:a5:f8:4d:2e:70:3c:06:31:ea:9b:58:e1:da:7b:
         26:e4:21:f6:8f:28:1d:72:fe:7d:de:63:15:63:7d:33:70:ca:
         cb:8d:36:52:74:11:4b:37:ff:fa:b8:b0:bd:4f:f1:ff:01:24:
         45:56:7d:c5:dd:c8:11:1d:d2:f6:5f:4e:89:1a:fb:b6:51:62:
         47:18:a0:9d:ce:d8:e4:fb:72:ba:e0:83:3d:d1:6b:30:3a:e6:
         dd:ff:95:13:e7:a9:47:9a:08:5a:65:ec:2d:53:9f:f6:10:b3:
         e6:90:ca:c1:85:bf:43:ae:f4:46:a6:e0:a3:36:52:ef:f1:29:
         41:c6:94:9a:5d:90:f1:5b:ed:94:86:c3:ea:c9:44:da:da:2f:
         41:2e:2d:d6:d0:e4:79:22:dc:a3:2b:77:4b:93:ae:06:f4:12:
         6f:56:d4:14:22:f3:66:0c:c5:41:6e:ec:8a:2f:5a:3f:23:31:
         be:f3:3a:31:c9:ae:b3:39:e1:14:ef:73:96:76:13:eb:c3:17:
         55:c6:5f:3d:86:14:96:01:be:d4:33:f3:b8:d9:82:be:d7:4c:
         1e:ce:25:80:b9:98:87:9d:3e:72:9a:34:58:9c:8f:57:f9:26:
         34:96:d4:64:d0:45:cd:e2:c7:16:35:09:4b:d0:e6:87:53:de:
         37:d1:f6:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2YRERZ23WmXNid5ujopsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTNlNzVjNmQwYWJhYmM5MzFjMjg0N2NkYWE4NjVmYjhk
N2Y5Y2YwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmRiZDhlY2Y0MjQ2ZTU1N2RmZjk5ODZiZTc4ZTkyM2ZkNmNjYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9KpN27rNmzVmO5+6kO63FYxRT5T
PYW5jQR1Xpo56hz04r3m8Gdo2Ogrut7otXuCvCPUj1tXBHUKFVRK2QddGRFcHeqV
iLp2U7kYf9t2v/Ggug1s9k7FHQkyK+ZbFqFCEDRBD9URt1+f0ZzriYvzln7yUaIb
XmMo+ydgV9bNOhDFuRo1/0ZNIaIIY6wcKHkTHGppBsstHBFFcTqy19alOrPJdt+4
HTk3N1ZIH3qcKXmZ/DdQ9p9riWqDJEaYdrAKVschw3QKFc8AUd4e2D/pMraCP5r6
9UXkJcTEWquA/cSGtdELhsUAFhUTdTEp5/mJ/Q4lci8eQThbKOwjKXQhewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvb2Oz0JG5Vff+Zhr546SP9bMtnMB8GA1UdIwQY
MBaAFGSj51xtCrq8kxwoR82qhl+41/nPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktQblhHMEt1cnlUSENoSHphcUdYN2pYLWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80MGMwN2EtMDMyMy00NDI0LWFlYjMt
ZjY1ODI2ZmZjYmY4LzEveTl2WTdQUWtibFY5XzVtR3ZuanBJXzFzeTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80MGMwN2EtMDMyMy00NDI0LWFlYjMtZjY1ODI2ZmZjYmY4
LzEvWktQblhHMEt1cnlUSENoSHphcUdYN2pYLWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+T/MA0G
CSqGSIb3DQEBCwUAA4IBAQBHOg/7pfhNLnA8BjHqm1jh2nsm5CH2jygdcv593mMV
Y30zcMrLjTZSdBFLN//6uLC9T/H/ASRFVn3F3cgRHdL2X06JGvu2UWJHGKCdztjk
+3K64IM90WswOubd/5UT56lHmghaZewtU5/2ELPmkMrBhb9DrvRGpuCjNlLv8SlB
xpSaXZDxW+2UhsPqyUTa2i9BLi3W0OR5ItyjK3dLk64G9BJvVtQUIvNmDMVBbuyK
L1o/IzG+8zoxya6zOeEU73OWdhPrwxdVxl89hhSWAb7UM/O42YK+10weziWAuZiH
nT5ymjRYnI9X+SY0ltRk0EXN4scWNQlL0OaHU9430faH
-----END CERTIFICATE-----