Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/4cy_Q8uSXZKaGAgp6BvqlRpIvjY.roa
File:                     4cy_Q8uSXZKaGAgp6BvqlRpIvjY.roa (raw, json)
Hash identifier:          /jGH3/oUDsdjBNWfd0h+8CZB/Z6ZBzt8wPFeq5KoQKs=
Subject key identifier:   E1:CC:BF:43:CB:92:5D:92:9A:18:08:29:E8:1B:EA:95:1A:48:BE:36
Certificate issuer:       /CN=52bf21eeb36414b3280e6c33b0b57296b8f6b675
Certificate serial:       018F96417B24FF77347180A660FF1E714797
Authority key identifier: 52:BF:21:EE:B3:64:14:B3:28:0E:6C:33:B0:B5:72:96:B8:F6:B6:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/4cy_Q8uSXZKaGAgp6BvqlRpIvjY.roa
Signing time:             Mon 20 May 2024 13:47:04 +0000
ROA not before:           Mon 20 May 2024 13:47:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48775
IP address blocks:        91.197.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:41:7b:24:ff:77:34:71:80:a6:60:ff:1e:71:47:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52bf21eeb36414b3280e6c33b0b57296b8f6b675
        Validity
            Not Before: May 20 13:47:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1ccbf43cb925d929a180829e81bea951a48be36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:c2:99:05:38:b3:df:0a:93:b5:c5:b7:bc:
                    6c:7b:7f:41:c6:1c:f3:62:9a:c7:b6:94:3e:57:8c:
                    e5:4b:9b:29:05:15:e0:73:9e:4d:5f:a9:58:ff:f9:
                    f5:32:45:4c:f1:1d:57:51:e5:2a:0c:5c:6f:dd:f9:
                    bd:01:d6:33:33:eb:17:bd:df:9c:08:a8:16:3c:de:
                    18:d0:89:7a:57:2e:8d:47:cb:b7:fd:8b:75:91:1b:
                    e3:66:27:d6:aa:d5:fa:4a:16:49:e7:b2:5c:c0:d5:
                    fa:60:10:a5:b7:25:ad:19:e1:18:1f:3e:40:11:e1:
                    52:5b:77:30:43:38:60:de:58:49:86:38:19:ed:53:
                    c1:bd:b6:07:fc:fd:de:73:01:9c:93:c6:18:8f:34:
                    c3:39:af:62:a4:36:e0:e5:ec:ff:64:f6:d1:97:1b:
                    de:27:a7:81:a1:92:e0:6c:71:70:ba:e2:d4:d2:18:
                    84:b9:52:41:4f:f5:fa:da:5f:ef:b9:03:b6:ca:e1:
                    03:2b:41:97:41:55:c1:56:d2:a7:7b:c3:fb:c7:4d:
                    bb:80:1c:0a:68:8c:52:ff:89:21:eb:e7:04:d0:a8:
                    73:3c:94:b2:08:cd:1d:13:85:1a:3a:13:8c:49:44:
                    8f:e2:53:97:a2:8b:e0:77:c6:7d:a0:ce:8e:79:c2:
                    ab:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CC:BF:43:CB:92:5D:92:9A:18:08:29:E8:1B:EA:95:1A:48:BE:36
            X509v3 Authority Key Identifier:
                keyid:52:BF:21:EE:B3:64:14:B3:28:0E:6C:33:B0:B5:72:96:B8:F6:B6:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/4cy_Q8uSXZKaGAgp6BvqlRpIvjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f7:4a:b5:e6:da:2b:a9:c8:32:fb:ab:5e:4c:80:ea:39:86:
         a2:84:29:ed:37:5e:97:c6:a4:12:2a:8c:0a:c1:a5:ce:5b:03:
         61:37:65:74:72:4d:a6:06:1e:fb:2e:11:77:68:dd:2e:d8:28:
         23:28:18:17:59:f5:6c:04:20:39:79:6d:ae:53:77:0d:ce:df:
         e9:71:5a:aa:f5:e5:c0:b1:e1:74:86:38:44:08:7d:a9:76:0e:
         7e:56:bd:6f:c7:86:1e:01:af:be:d0:46:0a:4f:f4:de:e3:5d:
         9b:e1:55:fb:7d:8c:39:9c:d2:2a:af:4e:83:d3:df:58:c8:be:
         7a:cc:ff:da:ec:80:f9:57:6a:15:5f:14:95:d2:7e:63:ae:d4:
         0b:80:42:e2:c9:14:5c:8e:a6:c7:8b:cb:b3:db:ff:01:db:5a:
         c0:b5:d7:c7:3a:9a:4c:50:67:f4:b1:a7:05:e6:91:27:8e:59:
         b9:78:ef:c8:42:67:e8:2f:0f:57:5c:b1:7c:0b:55:8f:92:d8:
         9b:cc:07:de:fa:ad:cb:c8:7d:ab:36:20:b2:8b:d5:eb:d9:ab:
         ae:f6:0e:36:9b:68:80:29:9c:11:1c:6e:ea:31:e9:d1:05:46:
         ff:57:db:82:0c:a8:86:7f:a7:9c:0c:7f:51:34:23:1d:6a:a6:
         7e:77:3a:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+WQXsk/3c0cYCmYP8ecUeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYmYyMWVlYjM2NDE0YjMyODBlNmMzM2IwYjU3Mjk2Yjhm
NmI2NzUwHhcNMjQwNTIwMTM0NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWNjYmY0M2NiOTI1ZDkyOWExODA4MjllODFiZWE5NTFhNDhiZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyHCmQU4s98Kk7XFt7xse39Bxhzz
YprHtpQ+V4zlS5spBRXgc55NX6lY//n1MkVM8R1XUeUqDFxv3fm9AdYzM+sXvd+c
CKgWPN4Y0Il6Vy6NR8u3/Yt1kRvjZifWqtX6ShZJ57JcwNX6YBCltyWtGeEYHz5A
EeFSW3cwQzhg3lhJhjgZ7VPBvbYH/P3ecwGck8YYjzTDOa9ipDbg5ez/ZPbRlxve
J6eBoZLgbHFwuuLU0hiEuVJBT/X62l/vuQO2yuEDK0GXQVXBVtKne8P7x027gBwK
aIxS/4kh6+cE0KhzPJSyCM0dE4UaOhOMSUSP4lOXoovgd8Z9oM6OecKrfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHMv0PLkl2SmhgIKegb6pUaSL42MB8GA1UdIwQY
MBaAFFK/Ie6zZBSzKA5sM7C1cpa49rZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXI4aDdyTmtGTE1vRG13enNMVnlscmoydG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wNTk1NDMtNjllNC00OGY2LWExNzUt
YWM5NmY2YWFiNDk0LzEvNGN5X1E4dVNYWkthR0FncDZCdnFsUnBJdmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wNTk1NDMtNjllNC00OGY2LWExNzUtYWM5NmY2YWFiNDk0
LzEvVXI4aDdyTmtGTE1vRG13enNMVnlscmoydG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8U4MA0G
CSqGSIb3DQEBCwUAA4IBAQBs90q15torqcgy+6teTIDqOYaihCntN16XxqQSKowK
waXOWwNhN2V0ck2mBh77LhF3aN0u2CgjKBgXWfVsBCA5eW2uU3cNzt/pcVqq9eXA
seF0hjhECH2pdg5+Vr1vx4YeAa++0EYKT/Te412b4VX7fYw5nNIqr06D099YyL56
zP/a7ID5V2oVXxSV0n5jrtQLgELiyRRcjqbHi8uz2/8B21rAtdfHOppMUGf0sacF
5pEnjlm5eO/IQmfoLw9XXLF8C1WPktibzAfe+q3LyH2rNiCyi9Xr2auu9g42m2iA
KZwRHG7qMenRBUb/V9uCDKiGf6ecDH9RNCMdaqZ+dzp4
-----END CERTIFICATE-----