Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23679.roa
File:                     AS23679.roa (raw, json)
Hash identifier:          Ok4XRwELul6iFmUKDyMknSIfPHCtzWteFSULXbhO4Js=
Subject key identifier:   EC:31:02:C4:F1:65:A9:D7:7C:B0:3D:33:53:4F:95:24:0B:3A:3A:B7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3695B920DC5773065BFB49E3CF38791D813CC744
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23679.roa
Signing time:             Fri 23 Feb 2024 09:39:38 +0000
ROA not before:           Fri 23 Feb 2024 09:34:38 +0000
ROA not after:            Fri 21 Feb 2025 09:39:38 +0000
asID:                     23679
IP address blocks:        91.124.132.0/24 maxlen: 24
                          91.124.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:95:b9:20:dc:57:73:06:5b:fb:49:e3:cf:38:79:1d:81:3c:c7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 23 09:34:38 2024 GMT
            Not After : Feb 21 09:39:38 2025 GMT
        Subject: CN=EC3102C4F165A9D77CB03D33534F95240B3A3AB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a2:89:65:64:80:fe:e7:db:2f:17:c9:77:4e:
                    43:4b:46:47:0b:9b:51:df:52:de:1d:3f:9d:c7:11:
                    cb:09:4a:dc:72:1f:9a:ed:dc:e9:c8:de:ce:d8:7d:
                    8b:0d:2d:4c:75:ae:f4:07:e0:f2:eb:1f:f5:6a:67:
                    5a:3e:75:79:3d:5a:29:38:c8:d7:fb:1a:d7:93:59:
                    25:72:6c:d1:c6:f7:cc:24:11:cb:10:81:2a:7d:f4:
                    6c:44:95:10:fd:fc:67:d6:ab:09:cb:d8:bb:8b:a7:
                    53:16:9f:d8:4d:eb:70:7d:53:37:99:0a:0b:de:a7:
                    f7:4d:44:09:7a:b0:11:28:8b:e9:2e:5f:75:f2:a8:
                    07:8e:3d:af:11:a5:85:3d:4a:cd:a1:67:33:75:62:
                    b2:73:b4:94:4a:16:d0:08:e4:f9:f2:fc:f8:c5:72:
                    a9:0f:cb:36:e7:74:cf:c6:4e:bc:e4:c8:89:c1:95:
                    02:32:0e:bf:91:6b:e9:76:31:c2:cd:ec:90:d2:a0:
                    ec:e6:d2:4a:1c:a9:f8:87:62:bb:8b:bd:44:2b:08:
                    de:e2:ab:98:c0:df:1d:b1:fe:f3:34:a2:d8:3b:28:
                    17:1d:0c:64:f4:5a:4c:ba:48:f5:8a:ba:a2:9f:dd:
                    f7:fd:f2:a6:ec:5f:0f:4b:d0:6a:1b:fd:11:ef:be:
                    31:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:31:02:C4:F1:65:A9:D7:7C:B0:3D:33:53:4F:95:24:0B:3A:3A:B7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS23679.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.132.0/24
                  91.124.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:86:1f:49:65:03:06:09:2b:5e:8f:58:f1:01:c0:be:09:aa:
         8a:9a:43:fa:60:5e:9d:29:d3:44:69:f1:33:db:89:65:41:d8:
         0b:f5:74:55:89:5d:ab:a1:c8:05:c9:de:4e:57:d7:98:b9:83:
         f2:92:c1:8d:ff:e8:34:3a:a6:5d:92:4c:14:05:69:ce:ce:58:
         99:79:f8:f3:fe:96:ff:ea:ba:20:5a:15:4e:4d:3e:90:85:18:
         0c:d6:fd:98:b3:66:ed:35:b1:64:30:e9:19:89:2e:a0:9e:d6:
         3a:e6:3b:47:24:56:88:c7:1d:37:34:2d:bd:22:4a:b8:4c:22:
         1f:47:ea:b2:5d:35:a2:01:0c:d1:3c:68:82:2c:56:23:a4:22:
         fe:3c:88:2f:a0:05:42:d5:c5:ae:fa:56:e5:7d:26:47:24:c0:
         88:e4:a5:7e:6f:6b:3a:3c:45:24:b0:5f:f0:97:5d:20:4d:ee:
         9a:ba:e5:9f:79:da:38:49:86:b4:3e:87:ba:42:bb:15:41:45:
         c6:5d:61:67:4b:d5:96:b7:ae:6e:4b:4e:31:e1:d4:bf:97:ee:
         bd:cb:99:2e:12:97:af:93:fe:bb:fd:64:87:81:95:ba:8c:73:
         cb:db:8e:1f:f9:09:4a:4c:33:a5:6f:f5:7c:48:dd:66:fd:93:
         20:6d:c3:cf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUNpW5INxXcwZb+0njzzh5HYE8x0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDAyMjMwOTM0MzhaFw0yNTAyMjEwOTM5MzhaMDMxMTAvBgNV
BAMTKEVDMzEwMkM0RjE2NUE5RDc3Q0IwM0QzMzUzNEY5NTI0MEIzQTNBQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQoollZID+59svF8l3TkNLRkcL
m1HfUt4dP53HEcsJStxyH5rt3OnI3s7YfYsNLUx1rvQH4PLrH/VqZ1o+dXk9Wik4
yNf7GteTWSVybNHG98wkEcsQgSp99GxElRD9/GfWqwnL2LuLp1MWn9hN63B9UzeZ
Cgvep/dNRAl6sBEoi+kuX3XyqAeOPa8RpYU9Ss2hZzN1YrJztJRKFtAI5Pny/PjF
cqkPyzbndM/GTrzkyInBlQIyDr+Ra+l2McLN7JDSoOzm0kocqfiHYruLvUQrCN7i
q5jA3x2x/vM0otg7KBcdDGT0Wky6SPWKuqKf3ff98qbsXw9L0Gob/RHvvjHVAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU7DECxPFlqdd8sD0zU0+VJAs6OrcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjM2Nzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABbfIQD
BABbfIowDQYJKoZIhvcNAQELBQADggEBAAWGH0llAwYJK16PWPEBwL4JqoqaQ/pg
Xp0p00Rp8TPbiWVB2Av1dFWJXauhyAXJ3k5X15i5g/KSwY3/6DQ6pl2STBQFac7O
WJl5+PP+lv/quiBaFU5NPpCFGAzW/ZizZu01sWQw6RmJLqCe1jrmO0ckVojHHTc0
Lb0iSrhMIh9H6rJdNaIBDNE8aIIsViOkIv48iC+gBULVxa76VuV9JkckwIjkpX5v
azo8RSSwX/CXXSBN7pq65Z952jhJhrQ+h7pCuxVBRcZdYWdL1Za3rm5LTjHh1L+X
7r3LmS4Sl6+T/rv9ZIeBlbqMc8vbjh/5CUpMM6Vv9XxI3Wb9kyBtw88=
-----END CERTIFICATE-----