Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa
File:                     AS53991.roa (raw, json)
Hash identifier:          H/jzgsr1/CWgPAaQEDF3VqlaN7iUGWlxtRehnZJA8iE=
Subject key identifier:   3B:35:C3:FD:6F:E0:E7:1B:E8:A8:90:C1:57:EB:7A:23:FD:F3:5D:43
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3D80AB3C33F575AD1C9791B2BA268BF3EA6CE5AB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa
Signing time:             Fri 03 Jan 2025 19:53:51 +0000
ROA not before:           Fri 03 Jan 2025 19:48:51 +0000
ROA not after:            Fri 02 Jan 2026 19:53:51 +0000
asID:                     53991
IP address blocks:        181.215.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:80:ab:3c:33:f5:75:ad:1c:97:91:b2:ba:26:8b:f3:ea:6c:e5:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  3 19:48:51 2025 GMT
            Not After : Jan  2 19:53:51 2026 GMT
        Subject: CN=3B35C3FD6FE0E71BE8A890C157EB7A23FDF35D43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:58:b9:2c:fa:20:0f:20:a7:45:e7:07:60:4f:
                    48:53:f0:a9:ff:8e:0c:ac:1a:8c:fe:98:3b:a0:59:
                    fd:08:78:c1:cc:74:70:89:78:16:fb:2a:f2:d9:4b:
                    2c:e9:76:0b:17:42:c5:98:01:6e:f1:d2:7d:23:85:
                    bd:81:55:56:91:5f:6c:2a:f4:3b:4c:46:8d:35:2e:
                    78:71:a3:8b:1f:3f:8c:4c:5d:8c:2a:cc:11:23:b1:
                    ad:f8:a5:92:b9:8d:96:0d:38:43:09:7d:25:17:9b:
                    a8:49:2a:26:d9:1b:b9:92:3f:65:75:9b:15:7a:ad:
                    93:e6:68:39:da:32:9e:75:e6:1d:69:45:95:1f:f8:
                    37:96:82:4a:e0:63:82:49:19:8c:e8:34:b5:1c:51:
                    38:99:5f:05:64:f8:48:bd:6c:7f:68:9b:bd:50:85:
                    1a:fc:71:f1:10:1c:3b:50:8d:13:04:14:0d:4c:7c:
                    8c:0a:48:21:ce:d9:69:8b:a2:dc:aa:71:93:00:79:
                    50:28:42:43:56:dc:30:a4:f5:49:1b:48:df:5c:39:
                    ef:fb:51:25:e2:18:71:c3:ca:1c:54:3f:f2:b9:1d:
                    fb:4c:20:be:63:2b:eb:42:03:88:bc:0e:60:9a:02:
                    92:9d:4e:6b:26:3e:14:d4:cb:4b:ab:72:2c:76:82:
                    f1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:35:C3:FD:6F:E0:E7:1B:E8:A8:90:C1:57:EB:7A:23:FD:F3:5D:43
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:07:ae:6a:03:88:39:96:ee:18:4c:4a:e4:0f:31:e6:aa:5c:
         23:4e:13:c0:99:7d:55:dd:78:d7:22:64:69:64:72:5e:2e:db:
         fd:3d:39:19:6b:59:a9:78:c2:9b:e0:e7:b7:dc:25:35:9e:d9:
         c7:f0:96:3b:f7:18:33:bd:83:08:ff:98:bd:1b:8e:72:3b:d9:
         d0:b4:10:37:27:b9:fc:f7:4c:d6:9e:36:27:25:6d:58:42:37:
         56:a3:1c:10:03:6e:f0:c1:21:26:0f:83:37:37:9c:0d:53:19:
         ef:e9:ee:8f:7a:3b:c6:57:8c:ad:3f:2e:e9:4d:2a:73:82:9b:
         f5:d4:02:89:97:7d:2d:b3:be:8c:d0:ee:71:c4:de:05:56:73:
         57:82:dc:81:c0:94:ea:44:31:2f:55:40:8f:8f:55:74:02:bf:
         1e:45:89:c9:00:c3:f9:46:a1:53:89:c6:61:8a:41:0a:02:95:
         e2:06:37:a1:04:93:a0:72:a5:b3:ed:54:ee:30:2d:f9:ea:4b:
         c5:c1:e5:57:66:a0:2d:81:c7:a2:75:4c:6d:86:81:c8:f2:b5:
         10:f7:d5:08:7c:1b:9e:a5:51:11:62:7a:6f:90:8e:7f:91:dc:
         77:fd:f9:1e:45:df:45:95:63:49:fd:31:84:e6:41:99:c4:18:
         25:8b:3c:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPYCrPDP1da0cl5GyuiaL8+ps5aswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDMxOTQ4NTFaFw0yNjAxMDIxOTUzNTFaMDMxMTAvBgNV
BAMTKDNCMzVDM0ZENkZFMEU3MUJFOEE4OTBDMTU3RUI3QTIzRkRGMzVENDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+WLks+iAPIKdF5wdgT0hT8Kn/
jgysGoz+mDugWf0IeMHMdHCJeBb7KvLZSyzpdgsXQsWYAW7x0n0jhb2BVVaRX2wq
9DtMRo01Lnhxo4sfP4xMXYwqzBEjsa34pZK5jZYNOEMJfSUXm6hJKibZG7mSP2V1
mxV6rZPmaDnaMp515h1pRZUf+DeWgkrgY4JJGYzoNLUcUTiZXwVk+Ei9bH9om71Q
hRr8cfEQHDtQjRMEFA1MfIwKSCHO2WmLotyqcZMAeVAoQkNW3DCk9UkbSN9cOe/7
USXiGHHDyhxUP/K5HftMIL5jK+tCA4i8DmCaApKdTmsmPhTUy0urcix2gvGDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOzXD/W/g5xvoqJDBV+t6I/3zXUMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTM5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11x4w
DQYJKoZIhvcNAQELBQADggEBAGAHrmoDiDmW7hhMSuQPMeaqXCNOE8CZfVXdeNci
ZGlkcl4u2/09ORlrWal4wpvg57fcJTWe2cfwljv3GDO9gwj/mL0bjnI72dC0EDcn
ufz3TNaeNiclbVhCN1ajHBADbvDBISYPgzc3nA1TGe/p7o96O8ZXjK0/LulNKnOC
m/XUAomXfS2zvozQ7nHE3gVWc1eC3IHAlOpEMS9VQI+PVXQCvx5FickAw/lGoVOJ
xmGKQQoCleIGN6EEk6BypbPtVO4wLfnqS8XB5VdmoC2Bx6J1TG2GgcjytRD31Qh8
G56lURFiem+Qjn+R3Hf9+R5F30WVY0n9MYTmQZnEGCWLPGM=
-----END CERTIFICATE-----