Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CyJOJT50M01PG6CzVGvTfRxYh4w.roa
File:                     CyJOJT50M01PG6CzVGvTfRxYh4w.roa (raw, json)
Hash identifier:          FDPeFP7Zk20G5tWQzQVOt3dRVH+TOHYnkUNfQN9GXLM=
Subject key identifier:   0B:22:4E:25:3E:74:33:4D:4F:1B:A0:B3:54:6B:D3:7D:1C:58:87:8C
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01973FEC918D847757EF72D296EB767E0264
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CyJOJT50M01PG6CzVGvTfRxYh4w.roa
Signing time:             Thu 05 Jun 2025 11:49:17 +0000
ROA not before:           Thu 05 Jun 2025 11:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44103
IP address blocks:        45.43.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:ec:91:8d:84:77:57:ef:72:d2:96:eb:76:7e:02:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jun  5 11:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b224e253e74334d4f1ba0b3546bd37d1c58878c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:31:2d:c1:09:6e:74:c6:f0:2f:a7:e2:27:
                    ae:05:08:1e:36:9a:10:b1:ae:15:87:19:85:03:b4:
                    05:db:88:b6:e9:f9:a1:9f:75:e2:fc:57:d1:48:bb:
                    8f:9d:a7:3a:73:b2:dd:97:f0:cf:3a:28:dc:d7:c8:
                    0d:5e:9f:9a:7d:cd:a7:2a:fa:fa:cb:cc:08:57:58:
                    10:e3:fa:a3:e3:fb:1f:8f:a4:e7:95:0a:30:d9:fc:
                    39:47:ca:24:5b:b3:b2:46:82:54:ea:9e:6c:a4:01:
                    e1:1f:27:16:9f:d1:53:22:75:4b:78:17:31:50:f4:
                    ee:36:7d:d6:cb:3c:f3:17:bc:92:2f:43:38:0c:c5:
                    f2:0c:90:a8:69:f5:74:95:86:38:f5:c7:ee:bb:13:
                    2a:e4:f3:23:b9:b1:eb:32:bb:5b:b8:20:7c:ae:89:
                    23:6c:7b:bb:90:fe:b6:f8:bb:8e:e1:af:d3:4d:31:
                    ef:c7:40:f8:b7:12:d3:40:88:ab:f7:80:62:9d:78:
                    f0:7b:ff:9d:14:0f:32:e8:5c:81:17:2d:3a:f6:7f:
                    9e:58:b8:c0:b1:41:55:4e:c7:9c:38:f3:f1:09:e9:
                    8b:c6:fb:43:a6:5d:0e:25:51:88:b1:76:d3:f8:8a:
                    98:65:d1:71:6e:6e:a3:18:64:96:5a:d0:3f:46:b8:
                    6c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:22:4E:25:3E:74:33:4D:4F:1B:A0:B3:54:6B:D3:7D:1C:58:87:8C
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/CyJOJT50M01PG6CzVGvTfRxYh4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:77:d5:84:79:5e:11:d3:71:d4:59:ab:b2:09:99:f8:f4:3a:
         e8:52:6d:2f:23:47:8c:bb:87:b1:ad:60:3c:50:96:4b:53:86:
         fc:aa:a3:c1:db:10:0f:f6:d6:fc:b0:70:45:2b:c4:33:27:b3:
         33:af:fc:c4:fa:e7:a0:61:ea:a4:96:2e:4a:6e:89:0c:07:78:
         25:70:c6:e3:70:67:ad:fa:db:db:72:c5:07:69:c9:95:7d:39:
         55:4e:7c:ca:a4:14:98:50:ab:b0:ad:f2:32:9a:48:0d:37:18:
         b7:1c:c8:7f:7c:f1:e0:a5:09:b2:9d:08:61:4b:2f:c2:79:80:
         1f:ae:e3:df:a2:1a:6c:69:a8:ee:4e:10:3d:ff:95:2d:67:d9:
         27:a7:2a:d5:8e:b0:43:6d:62:49:cc:e4:fd:34:31:0b:87:0d:
         ff:a0:71:c7:03:bf:8e:c1:34:5a:69:b9:8c:6e:bb:96:9d:78:
         6b:d3:d3:39:d8:7e:26:d9:94:07:fe:8d:68:dd:17:7b:0b:76:
         2c:8a:35:fb:81:7a:6b:e5:a2:9b:34:df:30:6d:40:cb:d3:98:
         ee:68:08:85:df:da:71:83:4d:a1:ec:0b:95:06:bd:2b:a0:fb:
         55:d7:f6:09:e2:b6:84:26:02:40:40:1c:16:c8:55:c9:2b:0c:
         e4:9d:f6:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/7JGNhHdX73LSlut2fgJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwNjA1MTE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjIyNGUyNTNlNzQzMzRkNGYxYmEwYjM1NDZiZDM3ZDFjNTg4NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpgxLcEJbnTG8C+n4ieuBQgeNpoQ
sa4VhxmFA7QF24i26fmhn3Xi/FfRSLuPnac6c7Ldl/DPOijc18gNXp+afc2nKvr6
y8wIV1gQ4/qj4/sfj6TnlQow2fw5R8okW7OyRoJU6p5spAHhHycWn9FTInVLeBcx
UPTuNn3WyzzzF7ySL0M4DMXyDJCoafV0lYY49cfuuxMq5PMjubHrMrtbuCB8rokj
bHu7kP62+LuO4a/TTTHvx0D4txLTQIir94BinXjwe/+dFA8y6FyBFy069n+eWLjA
sUFVTsecOPPxCemLxvtDpl0OJVGIsXbT+IqYZdFxbm6jGGSWWtA/RrhsEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsiTiU+dDNNTxugs1Rr030cWIeMMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvQ3lKT0pUNTBNMDFQRzZDelZHdlRmUnhZaDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALStCMA0G
CSqGSIb3DQEBCwUAA4IBAQBed9WEeV4R03HUWauyCZn49DroUm0vI0eMu4exrWA8
UJZLU4b8qqPB2xAP9tb8sHBFK8QzJ7Mzr/zE+uegYeqkli5KbokMB3glcMbjcGet
+tvbcsUHacmVfTlVTnzKpBSYUKuwrfIymkgNNxi3HMh/fPHgpQmynQhhSy/CeYAf
ruPfohpsaajuThA9/5UtZ9knpyrVjrBDbWJJzOT9NDELhw3/oHHHA7+OwTRaabmM
bruWnXhr09M52H4m2ZQH/o1o3Rd7C3YsijX7gXpr5aKbNN8wbUDL05juaAiF39px
g02h7AuVBr0roPtV1/YJ4raEJgJAQBwWyFXJKwzknfbl
-----END CERTIFICATE-----