Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa
File:                     AS58955.roa (raw, json)
Hash identifier:          eEG00Aq6Kd60eTyFb6UCsAiGT7BIlK4ovRs/QmI05MQ=
Subject key identifier:   84:CE:12:7D:22:B6:0A:73:0B:71:D8:3C:1D:BD:B5:F1:51:A2:16:DC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2001CDE543CDA2A83B72E6F73AC708291FD9F946
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa
Signing time:             Wed 01 Jan 2025 08:53:51 +0000
ROA not before:           Wed 01 Jan 2025 08:48:51 +0000
ROA not after:            Wed 31 Dec 2025 08:53:51 +0000
asID:                     58955
IP address blocks:        191.96.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:01:cd:e5:43:cd:a2:a8:3b:72:e6:f7:3a:c7:08:29:1f:d9:f9:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:51 2025 GMT
            Not After : Dec 31 08:53:51 2025 GMT
        Subject: CN=84CE127D22B60A730B71D83C1DBDB5F151A216DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1b:57:11:3b:2a:5b:a9:4e:3f:77:11:c8:9d:
                    6e:53:fa:94:1b:b8:63:7b:7f:b5:d1:a1:c2:b1:c5:
                    39:78:8f:54:d2:e3:73:f8:b8:ae:72:2f:c0:0f:14:
                    36:0a:1d:3b:40:39:7b:45:b9:84:a5:14:f9:2f:0f:
                    c7:08:78:a4:28:1b:94:80:eb:b7:fd:8e:60:27:de:
                    d7:b8:96:b1:7d:d1:db:cb:a9:cf:bf:3a:8d:4d:77:
                    19:73:f9:84:c8:09:02:1e:b0:7f:cb:42:0d:ca:0f:
                    6e:f8:3a:64:8d:2a:10:b5:28:8e:23:88:9a:0d:90:
                    0d:b7:74:4a:05:38:d7:fb:ce:32:03:54:48:81:29:
                    0b:03:1c:0b:6b:63:d6:11:ab:22:3f:2e:74:45:69:
                    5b:56:77:8b:53:84:55:b0:f5:b1:6d:f2:96:82:69:
                    59:a1:f7:39:e4:b2:72:2b:9b:d1:e3:71:eb:46:d7:
                    b7:fd:13:a7:11:f5:ac:c3:58:7d:9e:bc:5e:e2:3c:
                    32:4a:72:a5:53:e0:0e:e3:6b:b5:c7:6d:6d:6f:14:
                    92:46:cc:b3:47:c7:b8:1c:b2:b8:fb:99:79:d3:56:
                    72:1a:54:71:38:8b:8e:45:98:89:af:fa:9e:a8:94:
                    60:db:fd:1e:60:38:b9:68:97:17:b1:96:42:51:a0:
                    55:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CE:12:7D:22:B6:0A:73:0B:71:D8:3C:1D:BD:B5:F1:51:A2:16:DC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:57:37:71:5d:41:ff:a8:34:0a:55:42:25:09:59:11:24:0b:
         b9:30:15:fa:36:7b:e9:de:c1:9d:87:16:93:c4:d2:b1:32:9f:
         6d:ac:de:a9:63:b6:24:44:1c:c1:9d:12:11:1c:09:d5:94:91:
         f8:6a:90:ec:53:04:f6:2c:2d:2e:8f:8b:90:97:e8:f4:39:7d:
         4f:02:57:92:ae:5f:6b:3b:08:35:15:86:09:62:91:4e:ee:5b:
         f6:3d:b7:51:95:b7:aa:3c:2b:d7:9f:7f:d3:23:87:4f:78:86:
         aa:46:01:13:62:91:4e:b0:2c:9d:b1:ec:c9:84:c8:3e:00:ce:
         58:d8:77:d5:ee:7e:c7:c5:7a:1d:21:02:57:ed:f5:2f:27:5b:
         1a:23:f4:e5:ca:f3:07:b0:0c:e8:4a:4e:e0:95:69:c0:9c:ec:
         b7:5b:98:14:c1:7a:38:3c:dd:09:f3:46:5f:7e:ec:eb:58:16:
         00:d5:f5:1c:9f:70:8f:85:e1:9a:24:f9:89:81:ef:ad:d5:fc:
         3b:38:b8:a8:04:17:e2:a8:38:bc:5f:0c:b4:b1:9c:f4:47:83:
         c9:79:77:8e:a1:86:fc:9e:52:5f:b0:f9:81:2a:6b:89:7f:f9:
         52:5a:a0:f6:b9:99:df:44:3f:ad:f2:e8:85:2c:9e:da:dd:18:
         14:55:a5:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUIAHN5UPNoqg7cub3OscIKR/Z+UYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTFaFw0yNTEyMzEwODUzNTFaMDMxMTAvBgNV
BAMTKDg0Q0UxMjdEMjJCNjBBNzMwQjcxRDgzQzFEQkRCNUYxNTFBMjE2REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMG1cROypbqU4/dxHInW5T+pQb
uGN7f7XRocKxxTl4j1TS43P4uK5yL8APFDYKHTtAOXtFuYSlFPkvD8cIeKQoG5SA
67f9jmAn3te4lrF90dvLqc+/Oo1Ndxlz+YTICQIesH/LQg3KD274OmSNKhC1KI4j
iJoNkA23dEoFONf7zjIDVEiBKQsDHAtrY9YRqyI/LnRFaVtWd4tThFWw9bFt8paC
aVmh9znksnIrm9HjcetG17f9E6cR9azDWH2evF7iPDJKcqVT4A7ja7XHbW1vFJJG
zLNHx7gcsrj7mXnTVnIaVHE4i45FmImv+p6olGDb/R5gOLlolxexlkJRoFVhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUhM4SfSK2CnMLcdg8Hb218VGiFtwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTg5NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YHcw
DQYJKoZIhvcNAQELBQADggEBALVXN3FdQf+oNApVQiUJWREkC7kwFfo2e+newZ2H
FpPE0rEyn22s3qljtiREHMGdEhEcCdWUkfhqkOxTBPYsLS6Pi5CX6PQ5fU8CV5Ku
X2s7CDUVhglikU7uW/Y9t1GVt6o8K9eff9Mjh094hqpGARNikU6wLJ2x7MmEyD4A
zljYd9XufsfFeh0hAlft9S8nWxoj9OXK8wewDOhKTuCVacCc7LdbmBTBejg83Qnz
Rl9+7OtYFgDV9RyfcI+F4Zok+YmB763V/Ds4uKgEF+KoOLxfDLSxnPRHg8l5d46h
hvyeUl+w+YEqa4l/+VJaoPa5md9EP63y6IUsntrdGBRVpR4=
-----END CERTIFICATE-----