Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/28YKXEQ-TmekImq_IU1gZeIojkU.roa
File:                     28YKXEQ-TmekImq_IU1gZeIojkU.roa (raw, json)
Hash identifier:          VPPwxXmwlyu7I3SfouCThVbMlYKhOibS6ex5WfZCkBM=
Subject key identifier:   DB:C6:0A:5C:44:3E:4E:67:A4:22:6A:BF:21:4D:60:65:E2:28:8E:45
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01964530D6FFEE0AB40D5155E3617FB73089
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/28YKXEQ-TmekImq_IU1gZeIojkU.roa
Signing time:             Thu 17 Apr 2025 19:19:10 +0000
ROA not before:           Thu 17 Apr 2025 19:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57523
IP address blocks:        80.64.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:45:30:d6:ff:ee:0a:b4:0d:51:55:e3:61:7f:b7:30:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr 17 19:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbc60a5c443e4e67a4226abf214d6065e2288e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a9:95:0c:c4:db:e2:96:df:df:65:9e:a5:e6:
                    0d:1d:9a:fe:0f:24:ac:da:de:17:ab:bb:bb:85:b9:
                    00:f8:d6:d0:47:5c:72:e6:d8:ee:f5:0f:e7:c3:35:
                    3e:4c:0e:ba:e9:6c:59:51:e7:5f:01:8d:5d:4f:94:
                    9f:b5:b6:98:0e:6a:e4:04:9b:90:c0:9d:e8:b7:7f:
                    52:b4:b0:07:d8:40:da:ae:2a:b3:a6:e2:37:ea:c0:
                    8a:f6:4b:47:8c:c8:d5:aa:64:a4:29:f6:fa:54:77:
                    3b:52:89:c6:bf:7c:7c:0b:b7:ff:99:82:8f:9f:04:
                    e4:15:91:d0:54:98:f8:b8:01:6f:53:c2:95:e6:01:
                    7b:dd:c4:f2:01:08:00:c5:bd:ad:ba:ca:26:03:b0:
                    83:17:44:20:8b:40:fd:eb:08:2f:4a:6e:ab:4d:df:
                    28:b7:a3:09:41:df:60:0b:b1:dd:7f:ec:7e:ae:05:
                    d8:06:d9:60:2b:c1:b8:14:7d:ca:56:fd:c3:d3:e6:
                    f8:d0:7c:b8:67:61:f4:2e:7a:68:04:03:c4:0d:bf:
                    c1:0d:1e:b7:45:22:a4:8a:bd:d4:17:2a:73:38:3b:
                    f6:0e:09:a6:cf:5c:15:08:59:da:b0:c8:d6:09:0b:
                    c6:91:d9:29:fe:ce:4f:ce:5e:c5:9d:f9:bb:a3:b6:
                    53:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C6:0A:5C:44:3E:4E:67:A4:22:6A:BF:21:4D:60:65:E2:28:8E:45
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/28YKXEQ-TmekImq_IU1gZeIojkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e7:28:b4:2b:91:c5:01:68:ac:16:25:33:e1:43:8f:96:ed:
         c3:53:cc:3d:4e:4c:5e:d0:64:44:9b:7d:90:85:14:88:93:b8:
         21:91:90:13:9c:c7:bf:14:6b:b5:12:d7:cf:97:3b:4e:d4:0b:
         26:08:e2:a6:6f:92:e0:29:6b:45:72:37:55:f4:81:2c:47:c4:
         e0:b4:56:22:5a:9d:32:af:83:4d:b6:27:99:53:82:30:a5:99:
         8a:e5:f1:2a:e2:0c:42:1e:36:70:3a:1e:a4:ca:b3:9b:88:fe:
         6f:c6:79:f4:c0:80:0e:02:bc:63:b1:56:3d:55:4b:d6:62:86:
         33:ea:ed:ec:58:09:c5:e1:df:6e:5a:bb:5a:bd:ff:32:25:a1:
         2e:d0:c3:1d:43:cf:a1:de:8a:d8:57:b7:8d:b2:ac:6e:32:e5:
         54:59:d9:ee:36:67:46:af:f1:2d:76:6f:ac:3b:e5:39:fe:9c:
         fa:c4:c1:34:c4:bd:ff:f7:8f:b6:01:61:80:c8:01:60:07:66:
         f6:95:bd:f0:6e:60:66:f0:e5:99:ca:98:7f:42:44:8c:43:22:
         51:29:ae:9e:f7:b8:8e:e6:46:ee:82:09:3f:db:b3:6e:ec:62:
         00:a4:f8:fe:46:71:f3:61:17:82:eb:9b:18:a0:ae:5a:8e:bb:
         9b:27:09:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZFMNb/7gq0DVFV42F/tzCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNDE3MTkxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM2MGE1YzQ0M2U0ZTY3YTQyMjZhYmYyMTRkNjA2NWUyMjg4ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvamVDMTb4pbf32WepeYNHZr+DySs
2t4Xq7u7hbkA+NbQR1xy5tju9Q/nwzU+TA666WxZUedfAY1dT5SftbaYDmrkBJuQ
wJ3ot39StLAH2EDariqzpuI36sCK9ktHjMjVqmSkKfb6VHc7UonGv3x8C7f/mYKP
nwTkFZHQVJj4uAFvU8KV5gF73cTyAQgAxb2tusomA7CDF0Qgi0D96wgvSm6rTd8o
t6MJQd9gC7Hdf+x+rgXYBtlgK8G4FH3KVv3D0+b40Hy4Z2H0LnpoBAPEDb/BDR63
RSKkir3UFypzODv2Dgmmz1wVCFnasMjWCQvGkdkp/s5Pzl7Fnfm7o7ZTCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvGClxEPk5npCJqvyFNYGXiKI5FMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMjhZS1hFUS1UbWVrSW1xX0lVMWdaZUlvamtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAeMA0G
CSqGSIb3DQEBCwUAA4IBAQBb5yi0K5HFAWisFiUz4UOPlu3DU8w9Tkxe0GREm32Q
hRSIk7ghkZATnMe/FGu1EtfPlztO1AsmCOKmb5LgKWtFcjdV9IEsR8TgtFYiWp0y
r4NNtieZU4IwpZmK5fEq4gxCHjZwOh6kyrObiP5vxnn0wIAOArxjsVY9VUvWYoYz
6u3sWAnF4d9uWrtavf8yJaEu0MMdQ8+h3orYV7eNsqxuMuVUWdnuNmdGr/Etdm+s
O+U5/pz6xME0xL3/94+2AWGAyAFgB2b2lb3wbmBm8OWZyph/QkSMQyJRKa6e97iO
5kbuggk/27Nu7GIApPj+RnHzYReC65sYoK5ajrubJwm3
-----END CERTIFICATE-----