Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa
File:                     AS10111.roa (raw, json)
Hash identifier:          gRux8gbYgDYJBmJnuUXlM7KbYNWW4ZR7j+0P7IYULBs=
Subject key identifier:   F9:33:85:BC:43:61:90:26:EE:9F:4E:DC:B1:2A:EC:66:E2:39:9A:6D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2B576B41F8CE80FB5B85E39A9D70090098AA6863
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa
Signing time:             Thu 03 Jul 2025 17:54:13 +0000
ROA not before:           Thu 03 Jul 2025 17:49:13 +0000
ROA not after:            Thu 02 Jul 2026 17:54:13 +0000
asID:                     10111
IP address blocks:        45.151.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:57:6b:41:f8:ce:80:fb:5b:85:e3:9a:9d:70:09:00:98:aa:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul  3 17:49:13 2025 GMT
            Not After : Jul  2 17:54:13 2026 GMT
        Subject: CN=F93385BC43619026EE9F4EDCB12AEC66E2399A6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2d:20:81:c2:9c:9c:20:f7:50:dd:76:36:72:
                    d1:60:81:c2:27:73:8b:66:85:68:b3:d0:ac:f8:0b:
                    b6:21:e6:bb:9e:53:70:67:3d:ef:0c:dc:02:19:d1:
                    aa:2a:90:fa:6d:1f:30:fa:85:e7:a6:a8:bf:03:1b:
                    24:e4:a0:db:52:31:b3:5e:45:0e:2a:72:b7:1a:82:
                    c1:8a:5a:1d:35:f9:4b:3d:3c:5d:a6:81:55:ec:0e:
                    d4:99:97:7a:ce:bb:bf:bd:fa:65:0c:f8:c7:c3:db:
                    aa:0f:d5:94:fa:c7:f6:aa:9e:10:0b:20:02:2e:c0:
                    8f:78:3f:38:ec:d8:9d:78:9b:db:92:11:44:91:f5:
                    2e:9b:9e:a5:ed:47:92:1b:31:30:95:e9:7e:17:28:
                    8b:84:49:b4:62:a5:32:fe:8e:75:81:92:bf:e9:e7:
                    6c:8c:04:f5:e5:ab:a1:3f:92:6e:71:b2:ad:d6:0a:
                    36:78:35:e6:64:c8:0a:95:80:d5:4b:87:17:3f:9c:
                    6c:fd:0a:b8:54:7b:89:41:73:c3:37:c4:32:71:9a:
                    4b:52:68:2d:f5:53:58:ea:1d:b9:d7:76:d6:b0:72:
                    4b:e9:6e:51:e8:b3:f5:0d:d4:dc:d7:bc:b6:04:d2:
                    7c:0b:18:dc:c0:37:66:91:6f:27:c3:52:38:86:ce:
                    60:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:33:85:BC:43:61:90:26:EE:9F:4E:DC:B1:2A:EC:66:E2:39:9A:6D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:0d:87:86:5b:d0:4d:f8:35:cf:68:00:ef:0b:f3:da:d1:b4:
         dc:28:42:2e:e2:31:bd:93:46:c2:9a:a8:a0:dc:e1:1b:25:c2:
         db:c9:25:3b:eb:8f:f4:6b:20:ad:e1:79:0f:5f:28:bb:a6:87:
         13:42:18:ad:72:55:53:a3:47:ae:0c:ee:8a:90:2c:6a:48:06:
         ee:ea:f6:0a:a7:37:35:9a:6c:df:18:a3:21:dc:2c:6e:52:b2:
         dd:a1:08:d7:11:83:e2:e9:bf:ca:8c:bf:f6:e8:72:3c:fc:0e:
         14:28:97:db:60:fd:0b:a5:6d:7c:bd:6d:3b:b4:be:18:e0:80:
         8c:96:4c:b5:f9:87:af:f2:75:a9:8b:3c:5a:c4:54:c1:2b:8c:
         37:ad:1e:b5:b8:a6:aa:9e:ec:d7:66:a7:ee:8f:52:05:c4:fe:
         9b:d0:6e:97:15:aa:6c:fc:7a:e9:3c:c8:5a:0a:fd:17:c3:1c:
         09:50:bb:7f:0e:04:d2:fc:35:44:00:83:a0:3e:4c:13:cf:e7:
         70:46:bc:f9:c6:23:9f:8f:0e:4b:01:00:70:41:f1:16:2a:67:
         6b:2d:39:9d:87:f4:75:75:d3:d6:58:35:01:b3:5c:9d:dd:d6:
         cb:0b:5d:ae:a3:96:0b:32:6d:d8:a3:82:6a:de:be:75:aa:89:
         5f:ae:4b:b7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUK1drQfjOgPtbheOanXAJAJiqaGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MDMxNzQ5MTNaFw0yNjA3MDIxNzU0MTNaMDMxMTAvBgNV
BAMTKEY5MzM4NUJDNDM2MTkwMjZFRTlGNEVEQ0IxMkFFQzY2RTIzOTlBNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKLSCBwpycIPdQ3XY2ctFggcIn
c4tmhWiz0Kz4C7Yh5rueU3BnPe8M3AIZ0aoqkPptHzD6heemqL8DGyTkoNtSMbNe
RQ4qcrcagsGKWh01+Us9PF2mgVXsDtSZl3rOu7+9+mUM+MfD26oP1ZT6x/aqnhAL
IAIuwI94Pzjs2J14m9uSEUSR9S6bnqXtR5IbMTCV6X4XKIuESbRipTL+jnWBkr/p
52yMBPXlq6E/km5xsq3WCjZ4NeZkyAqVgNVLhxc/nGz9CrhUe4lBc8M3xDJxmktS
aC31U1jqHbnXdtawckvpblHos/UN1NzXvLYE0nwLGNzAN2aRbyfDUjiGzmArAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+TOFvENhkCbun07csSrsZuI5mm0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTAxMTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtly8w
DQYJKoZIhvcNAQELBQADggEBACsNh4Zb0E34Nc9oAO8L89rRtNwoQi7iMb2TRsKa
qKDc4RslwtvJJTvrj/RrIK3heQ9fKLumhxNCGK1yVVOjR64M7oqQLGpIBu7q9gqn
NzWabN8YoyHcLG5Sst2hCNcRg+Lpv8qMv/bocjz8DhQol9tg/QulbXy9bTu0vhjg
gIyWTLX5h6/ydamLPFrEVMErjDetHrW4pqqe7Ndmp+6PUgXE/pvQbpcVqmz8euk8
yFoK/RfDHAlQu38OBNL8NUQAg6A+TBPP53BGvPnGI5+PDksBAHBB8RYqZ2stOZ2H
9HV109ZYNQGzXJ3d1ssLXa6jlgsybdijgmrevnWqiV+uS7c=
-----END CERTIFICATE-----