Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa
File:                     AS54098.roa (raw, json)
Hash identifier:          Nnv3dksoh1s7PNuBbey+MgKr59u40/+EwOuPpov7zkk=
Subject key identifier:   BB:A8:77:8E:47:23:B1:AC:0B:31:BC:0A:37:75:15:BB:40:B0:D5:86
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5E366DFA511EAF48C7235BC79BDE3F35BBFFEE4A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa
Signing time:             Thu 30 Nov 2023 13:05:08 +0000
ROA not before:           Thu 30 Nov 2023 13:00:08 +0000
ROA not after:            Thu 28 Nov 2024 13:05:08 +0000
asID:                     54098
IP address blocks:        91.198.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:36:6d:fa:51:1e:af:48:c7:23:5b:c7:9b:de:3f:35:bb:ff:ee:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:08 2023 GMT
            Not After : Nov 28 13:05:08 2024 GMT
        Subject: CN=BBA8778E4723B1AC0B31BC0A377515BB40B0D586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4a:18:e3:27:cd:85:68:47:4b:1b:a4:86:5e:
                    e4:27:95:60:5e:31:df:e6:9c:d1:33:f0:bf:86:b2:
                    91:ff:9e:fe:b8:37:73:2f:a8:38:87:76:85:62:d3:
                    9d:5d:a6:26:c1:6a:8b:73:a9:cb:cc:18:53:b3:ce:
                    f5:c4:6f:33:b2:19:ed:94:0f:81:73:3d:5b:a3:79:
                    35:35:45:09:97:2e:aa:ad:73:c4:31:1f:47:b2:32:
                    25:3c:21:18:2f:c4:39:4a:59:3b:cf:ca:c2:9f:a9:
                    07:0a:ea:67:21:bb:b9:39:f4:eb:36:5b:9b:9d:68:
                    8f:e6:09:70:54:43:05:87:3b:19:79:f5:7b:90:66:
                    64:15:b1:2b:6a:6c:3a:e8:18:62:03:59:cf:1d:59:
                    2e:cc:1f:ba:61:62:32:5b:63:0b:6b:e8:ee:dc:af:
                    4b:25:32:40:39:80:38:d3:a9:68:08:43:bf:a5:9b:
                    67:47:f2:9a:7c:39:85:cb:bc:5d:68:61:75:82:de:
                    50:82:e5:25:cd:f0:55:8d:f4:cd:f5:1c:77:a9:b6:
                    73:df:a9:a2:6f:de:1e:b1:3f:61:29:52:83:f7:83:
                    c8:56:44:8d:14:bc:05:ac:4e:71:8a:fe:1b:9a:e0:
                    e3:70:03:78:87:a1:c7:25:a3:13:40:99:c4:cb:57:
                    bb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A8:77:8E:47:23:B1:AC:0B:31:BC:0A:37:75:15:BB:40:B0:D5:86
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:de:ce:fb:d9:62:c1:6e:42:f9:28:2b:d9:d7:09:9c:0d:f0:
         55:fb:f5:dd:c4:b3:c2:7d:91:8b:8f:67:5a:84:8f:c5:3c:d6:
         e7:30:9f:23:81:d8:91:39:3f:30:89:f9:dd:4f:5a:a3:58:dd:
         57:6c:d6:50:59:c0:b9:81:f0:67:6a:a6:60:2b:d1:d7:71:b6:
         80:f2:ae:74:bf:09:20:f4:34:70:fd:0d:be:14:a9:c1:4f:9c:
         7e:62:2f:1f:9b:0e:5d:ab:06:2b:a2:27:2a:01:17:76:2c:0a:
         57:02:6b:cf:40:62:aa:80:f6:a3:bc:88:13:3b:18:8f:3a:fe:
         96:a7:3b:91:ba:85:52:85:c6:e4:1c:1c:e3:ed:51:dc:ec:aa:
         43:37:a5:2d:e4:1b:da:9e:44:e3:ae:7e:b6:a5:5d:f0:57:71:
         47:05:1e:77:d7:52:51:f7:40:d4:fa:bf:b9:37:05:e2:e0:cf:
         d7:99:75:a0:a1:57:42:e0:5e:86:e5:a4:63:71:98:84:d0:47:
         d1:13:bf:0b:5f:fb:93:d9:aa:5b:3f:8a:c1:f3:cb:f4:5a:03:
         0e:b7:9e:91:9f:14:7c:3c:ad:a1:fa:7f:83:47:e2:64:ab:a3:
         bf:a8:5b:78:e0:8c:3e:31:fb:dd:bb:22:99:ca:f4:60:2d:e7:
         b5:97:54:13
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXjZt+lEer0jHI1vHm94/Nbv/7kowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDhaFw0yNDExMjgxMzA1MDhaMDMxMTAvBgNV
BAMTKEJCQTg3NzhFNDcyM0IxQUMwQjMxQkMwQTM3NzUxNUJCNDBCMEQ1ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsShjjJ82FaEdLG6SGXuQnlWBe
Md/mnNEz8L+GspH/nv64N3MvqDiHdoVi051dpibBaotzqcvMGFOzzvXEbzOyGe2U
D4FzPVujeTU1RQmXLqqtc8QxH0eyMiU8IRgvxDlKWTvPysKfqQcK6mchu7k59Os2
W5udaI/mCXBUQwWHOxl59XuQZmQVsStqbDroGGIDWc8dWS7MH7phYjJbYwtr6O7c
r0slMkA5gDjTqWgIQ7+lm2dH8pp8OYXLvF1oYXWC3lCC5SXN8FWN9M31HHeptnPf
qaJv3h6xP2EpUoP3g8hWRI0UvAWsTnGK/hua4ONwA3iHoccloxNAmcTLV7tFAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu6h3jkcjsawLMbwKN3UVu0Cw1YYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTQwOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbxnMw
DQYJKoZIhvcNAQELBQADggEBAJvezvvZYsFuQvkoK9nXCZwN8FX79d3Es8J9kYuP
Z1qEj8U81ucwnyOB2JE5PzCJ+d1PWqNY3Vds1lBZwLmB8GdqpmAr0ddxtoDyrnS/
CSD0NHD9Db4UqcFPnH5iLx+bDl2rBiuiJyoBF3YsClcCa89AYqqA9qO8iBM7GI86
/panO5G6hVKFxuQcHOPtUdzsqkM3pS3kG9qeROOufralXfBXcUcFHnfXUlH3QNT6
v7k3BeLgz9eZdaChV0LgXoblpGNxmITQR9ETvwtf+5PZqls/isHzy/RaAw63npGf
FHw8raH6f4NH4mSro7+oW3jgjD4x+927IpnK9GAt57WXVBM=
-----END CERTIFICATE-----