Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201814.roa
File:                     AS201814.roa (raw, json)
Hash identifier:          KX0CAAoLFlnEu2tFMMOAZPEHapsvhw51Kyn5ir4nnLU=
Subject key identifier:   52:F7:B4:31:EE:BB:26:B3:99:FE:D2:AA:C6:6B:15:B3:17:C4:65:E1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       50B48DA5A5D3C3B61581649EDD05203C9703A872
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201814.roa
Signing time:             Wed 16 Jul 2025 08:08:58 +0000
ROA not before:           Wed 16 Jul 2025 08:03:58 +0000
ROA not after:            Wed 15 Jul 2026 08:08:58 +0000
asID:                     201814
IP address blocks:        91.124.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 22:13:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b4:8d:a5:a5:d3:c3:b6:15:81:64:9e:dd:05:20:3c:97:03:a8:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 16 08:03:58 2025 GMT
            Not After : Jul 15 08:08:58 2026 GMT
        Subject: CN=52F7B431EEBB26B399FED2AAC66B15B317C465E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:33:f0:0c:df:88:7b:34:fd:d0:27:80:1d:d5:
                    28:f4:8e:ad:15:bb:2a:a6:92:e1:a7:9c:cd:13:ee:
                    86:43:1a:b5:5b:7d:69:11:e4:61:a5:b8:bc:cf:e3:
                    fa:99:2d:8f:65:2d:0f:69:5f:fb:c5:34:2f:be:03:
                    87:cc:9b:da:90:ac:2f:39:5e:30:74:4a:72:17:26:
                    bf:e5:a7:50:f0:4b:b6:5f:0a:c7:f6:f3:71:df:a1:
                    2e:80:da:4f:c2:ed:f4:15:5a:95:f1:67:18:f0:b8:
                    9d:b2:64:70:22:ec:c3:54:d9:fc:76:53:90:df:69:
                    74:f6:31:a2:f2:2e:fe:b4:51:79:06:b8:ab:9f:e5:
                    68:48:c0:a2:3f:54:39:b1:83:ca:8a:09:3a:31:50:
                    06:63:e1:cf:c1:bd:ef:99:27:75:77:6c:f8:08:e4:
                    c0:38:71:d9:2e:06:7d:d8:49:e9:3f:c6:59:ac:71:
                    d7:ba:d5:d3:61:fa:ca:1d:34:00:17:b9:c2:d1:d4:
                    d5:20:7c:ce:aa:4d:2c:96:0c:c0:e4:be:89:bf:e4:
                    15:13:00:e1:10:20:c4:68:1e:36:cd:58:58:aa:43:
                    99:f7:fc:c8:65:b7:f3:53:14:d1:8f:e5:ba:19:6d:
                    e9:51:6e:71:37:ca:d9:8a:ec:0c:99:71:bc:ba:af:
                    9b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F7:B4:31:EE:BB:26:B3:99:FE:D2:AA:C6:6B:15:B3:17:C4:65:E1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:dc:ed:32:65:a3:7b:be:f0:87:84:c7:b0:a2:b8:f4:7a:ec:
         bb:ae:96:8e:82:bf:11:bf:4f:39:66:a0:a1:14:a7:2c:19:97:
         ff:35:8f:01:86:db:f8:af:54:fb:1e:9f:83:87:9c:8f:77:a4:
         cb:09:73:6a:2d:72:35:94:03:22:84:64:31:6b:55:a9:d9:33:
         dd:c9:14:d6:9a:96:a7:ad:39:cc:a6:a0:7e:c5:80:3e:55:ce:
         23:1e:42:0d:12:66:e8:22:d8:7c:f4:b6:49:13:57:9b:85:c2:
         8c:d2:3b:c9:2d:f6:40:c6:35:18:17:96:5f:7e:1f:22:61:7f:
         48:db:43:28:84:ca:5a:48:43:23:4b:03:ad:08:aa:7a:67:9d:
         94:40:89:8e:45:94:84:33:54:74:3d:f4:d1:bb:30:dc:2e:6d:
         9e:15:22:83:54:f7:9d:b3:b6:cb:94:15:b2:e8:c5:f1:0f:31:
         d6:9f:34:cd:45:85:a8:27:19:4e:9c:26:39:9a:91:d8:db:62:
         97:40:d5:ec:cb:ae:f1:81:09:f0:2e:54:ca:81:a8:8a:76:77:
         d7:d6:17:e4:87:4a:b0:37:0b:ba:80:eb:a4:18:27:b7:8b:c3:
         43:47:d6:c4:8d:36:23:fe:cc:f3:f2:79:a2:7e:b4:77:08:63:
         e3:34:89:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUULSNpaXTw7YVgWSe3QUgPJcDqHIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MTYwODAzNThaFw0yNjA3MTUwODA4NThaMDMxMTAvBgNV
BAMTKDUyRjdCNDMxRUVCQjI2QjM5OUZFRDJBQUM2NkIxNUIzMTdDNDY1RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0M/AM34h7NP3QJ4Ad1Sj0jq0V
uyqmkuGnnM0T7oZDGrVbfWkR5GGluLzP4/qZLY9lLQ9pX/vFNC++A4fMm9qQrC85
XjB0SnIXJr/lp1DwS7ZfCsf283HfoS6A2k/C7fQVWpXxZxjwuJ2yZHAi7MNU2fx2
U5DfaXT2MaLyLv60UXkGuKuf5WhIwKI/VDmxg8qKCToxUAZj4c/Bve+ZJ3V3bPgI
5MA4cdkuBn3YSek/xlmscde61dNh+sodNAAXucLR1NUgfM6qTSyWDMDkvom/5BUT
AOEQIMRoHjbNWFiqQ5n3/Mhlt/NTFNGP5boZbelRbnE3ytmK7AyZcby6r5tLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUve0Me67JrOZ/tKqxmsVsxfEZeEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAxODE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3x4
MA0GCSqGSIb3DQEBCwUAA4IBAQCl3O0yZaN7vvCHhMeworj0euy7rpaOgr8Rv085
ZqChFKcsGZf/NY8Bhtv4r1T7Hp+Dh5yPd6TLCXNqLXI1lAMihGQxa1Wp2TPdyRTW
mpanrTnMpqB+xYA+Vc4jHkINEmboIth89LZJE1ebhcKM0jvJLfZAxjUYF5Zffh8i
YX9I20MohMpaSEMjSwOtCKp6Z52UQImORZSEM1R0PfTRuzDcLm2eFSKDVPeds7bL
lBWy6MXxDzHWnzTNRYWoJxlOnCY5mpHY22KXQNXsy67xgQnwLlTKgaiKdnfX1hfk
h0qwNwu6gOukGCe3i8NDR9bEjTYj/szz8nmifrR3CGPjNIlL
-----END CERTIFICATE-----