Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/zlQRO20Yk1_mYAoDpUObQZaWYXM.roa
File:                     zlQRO20Yk1_mYAoDpUObQZaWYXM.roa (raw, json)
Hash identifier:          Oo/xutKqqErCWrKO49upZDYxcU17kciA5FCpoX0gbs0=
Subject key identifier:   CE:54:11:3B:6D:18:93:5F:E6:60:0A:03:A5:43:9B:41:96:96:61:73
Certificate issuer:       /CN=52bf21eeb36414b3280e6c33b0b57296b8f6b675
Certificate serial:       018CC8DED464CFAA109ADE957D9FA9C458B0
Authority key identifier: 52:BF:21:EE:B3:64:14:B3:28:0E:6C:33:B0:B5:72:96:B8:F6:B6:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/zlQRO20Yk1_mYAoDpUObQZaWYXM.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42563
IP address blocks:        91.197.56.0/24 maxlen: 24
                          2001:678:41c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d4:64:cf:aa:10:9a:de:95:7d:9f:a9:c4:58:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52bf21eeb36414b3280e6c33b0b57296b8f6b675
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce54113b6d18935fe6600a03a5439b4196966173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d0:ff:8d:7b:f8:b7:09:1a:25:0a:bd:5b:5e:
                    bb:be:cf:d5:4f:1b:ec:eb:62:74:94:26:a3:b2:e0:
                    91:8f:18:a3:36:92:a5:a3:fb:d1:a3:e5:ee:88:72:
                    52:59:d5:83:8c:b9:9e:72:6b:58:a8:61:da:54:3e:
                    41:39:f1:9e:8f:87:ef:35:86:ad:64:fc:0f:1c:d4:
                    0e:0b:16:f1:ac:13:42:a7:b6:9c:41:1e:96:54:4a:
                    a5:12:f3:8b:af:61:89:ba:1d:58:64:19:dc:56:00:
                    d6:01:37:c7:94:97:c6:a0:8c:75:64:3d:58:64:46:
                    30:a0:cc:f9:d6:76:62:13:01:b0:2d:04:f7:02:1b:
                    07:f0:a1:d4:ea:53:dc:d1:8c:25:c7:75:8d:c1:ab:
                    8e:07:92:03:f8:bc:1e:13:d1:1d:6e:e6:57:34:71:
                    a1:c2:d3:9e:6d:08:3f:72:ca:37:b0:f2:8f:b7:98:
                    39:a3:65:44:1b:f5:f1:00:7d:ef:c1:ae:0a:6b:aa:
                    fb:a4:77:33:d6:a6:76:75:a1:f3:3f:a6:30:84:12:
                    16:61:3d:b8:c4:c7:a4:47:5d:7b:fe:2d:f7:65:ec:
                    5b:c3:0e:77:d9:f3:ac:8f:30:03:39:ae:92:8c:71:
                    7e:b6:7b:cb:be:4f:8f:52:39:09:2f:82:f3:78:11:
                    f6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:54:11:3B:6D:18:93:5F:E6:60:0A:03:A5:43:9B:41:96:96:61:73
            X509v3 Authority Key Identifier:
                keyid:52:BF:21:EE:B3:64:14:B3:28:0E:6C:33:B0:B5:72:96:B8:F6:B6:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ur8h7rNkFLMoDmwzsLVylrj2tnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/zlQRO20Yk1_mYAoDpUObQZaWYXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/059543-69e4-48f6-a175-ac96f6aab494/1/Ur8h7rNkFLMoDmwzsLVylrj2tnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.56.0/24
                IPv6:
                  2001:678:41c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:a8:d3:6b:d7:48:9a:9e:4a:b0:e6:45:b0:0c:ca:f6:f4:83:
         eb:c3:c5:d0:64:2a:48:e5:5d:df:f3:45:8e:9f:eb:1d:0b:74:
         1f:5d:6d:79:e2:92:be:ba:be:82:7e:c1:18:9a:d2:a6:41:16:
         c5:69:1e:97:e8:77:b6:da:0c:46:27:f7:1c:34:ca:85:ad:a3:
         3b:34:19:ed:05:09:5a:ee:e9:a6:a1:ea:ad:66:14:4b:36:f6:
         94:18:7d:aa:0d:96:30:0d:16:c2:b4:e6:76:c5:4d:26:4e:3e:
         67:3a:c1:ab:e3:4b:fd:d8:fe:dc:e4:7d:c9:a9:4b:7e:7f:3e:
         f9:1d:54:3a:e0:a3:4a:b3:7f:e8:b4:20:87:00:9d:3c:56:ad:
         4a:4c:19:34:9e:d9:d1:8a:96:57:88:d0:44:b3:ca:42:b7:2e:
         99:f8:cd:17:ab:b8:0a:75:0c:cb:6f:77:fa:37:97:dc:10:c3:
         f9:73:80:14:65:1d:39:69:ee:3b:db:9b:26:8a:85:2d:74:d7:
         04:78:c2:f3:0c:16:a8:8a:2b:12:81:59:7a:bf:e6:86:dd:f8:
         ce:3d:f3:e8:b8:bd:e1:73:e3:3b:a7:f6:8c:b4:5e:ec:15:b9:
         ff:0e:30:76:cb:90:3e:0b:b4:6b:92:e8:79:77:96:85:a4:16:
         b5:f4:7a:be
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3tRkz6oQmt6VfZ+pxFiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYmYyMWVlYjM2NDE0YjMyODBlNmMzM2IwYjU3Mjk2Yjhm
NmI2NzUwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTU0MTEzYjZkMTg5MzVmZTY2MDBhMDNhNTQzOWI0MTk2OTY2MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtD/jXv4twkaJQq9W167vs/VTxvs
62J0lCajsuCRjxijNpKlo/vRo+XuiHJSWdWDjLmecmtYqGHaVD5BOfGej4fvNYat
ZPwPHNQOCxbxrBNCp7acQR6WVEqlEvOLr2GJuh1YZBncVgDWATfHlJfGoIx1ZD1Y
ZEYwoMz51nZiEwGwLQT3AhsH8KHU6lPc0Ywlx3WNwauOB5ID+LweE9EdbuZXNHGh
wtOebQg/cso3sPKPt5g5o2VEG/XxAH3vwa4Ka6r7pHcz1qZ2daHzP6YwhBIWYT24
xMekR117/i33Zexbww532fOsjzADOa6SjHF+tnvLvk+PUjkJL4LzeBH23wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM5UETttGJNf5mAKA6VDm0GWlmFzMB8GA1UdIwQY
MBaAFFK/Ie6zZBSzKA5sM7C1cpa49rZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXI4aDdyTmtGTE1vRG13enNMVnlscmoydG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wNTk1NDMtNjllNC00OGY2LWExNzUt
YWM5NmY2YWFiNDk0LzEvemxRUk8yMFlrMV9tWUFvRHBVT2JRWmFXWVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wNTk1NDMtNjllNC00OGY2LWExNzUtYWM5NmY2YWFiNDk0
LzEvVXI4aDdyTmtGTE1vRG13enNMVnlscmoydG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8U4MA8E
AgACMAkDBwAgAQZ4BBwwDQYJKoZIhvcNAQELBQADggEBACqo02vXSJqeSrDmRbAM
yvb0g+vDxdBkKkjlXd/zRY6f6x0LdB9dbXnikr66voJ+wRia0qZBFsVpHpfod7ba
DEYn9xw0yoWtozs0Ge0FCVru6aah6q1mFEs29pQYfaoNljANFsK05nbFTSZOPmc6
wavjS/3Y/tzkfcmpS35/PvkdVDrgo0qzf+i0IIcAnTxWrUpMGTSe2dGKlleI0ESz
ykK3Lpn4zReruAp1DMtvd/o3l9wQw/lzgBRlHTlp7jvbmyaKhS101wR4wvMMFqiK
KxKBWXq/5obd+M498+i4veFz4zun9oy0XuwVuf8OMHbLkD4LtGuS6Hl3loWkFrX0
er4=
-----END CERTIFICATE-----