Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          mkc9Yj4YMD9F3gBXEla3RGqxmQnm8KFTktBq1/g1vSc=
Subject key identifier:   74:06:6A:09:A5:1F:BB:93:A0:4D:49:04:F7:1F:D1:4E:C2:54:7F:EF
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       34FE1CB5424AD8662AF8CF959B26233CE713E828
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25369.roa
Signing time:             Tue 14 May 2024 22:50:11 +0000
ROA not before:           Tue 14 May 2024 22:45:11 +0000
ROA not after:            Tue 13 May 2025 22:50:11 +0000
asID:                     25369
IP address blocks:        91.124.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:fe:1c:b5:42:4a:d8:66:2a:f8:cf:95:9b:26:23:3c:e7:13:e8:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 14 22:45:11 2024 GMT
            Not After : May 13 22:50:11 2025 GMT
        Subject: CN=74066A09A51FBB93A04D4904F71FD14EC2547FEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6b:3a:f9:07:62:e8:fc:c7:70:de:0a:6e:d0:
                    ad:d7:9f:03:16:30:33:9f:1b:2b:36:92:35:da:34:
                    4b:e2:98:a4:8e:60:11:aa:18:02:94:a2:93:04:9b:
                    80:87:3b:07:38:44:8c:67:59:2c:a0:fd:71:8b:e6:
                    9d:52:ea:04:39:08:e5:8e:e3:15:7d:db:55:ab:f7:
                    8e:c4:e9:d6:92:4a:bd:f3:cd:f1:d3:71:6a:7d:99:
                    f2:77:74:66:dc:9f:61:90:df:82:fa:55:e5:f9:3e:
                    ad:11:d1:b8:41:58:b2:6a:c8:31:3b:d5:1e:10:90:
                    95:93:29:1c:32:cb:4e:56:bd:06:c5:1c:3b:5a:42:
                    51:70:6d:0b:2a:42:ec:f4:d9:c4:c6:1e:d1:95:3a:
                    7f:4d:ff:81:ce:f9:de:be:8f:98:8f:a4:3e:76:e0:
                    04:bb:f1:05:75:e9:30:38:52:63:b8:0e:8a:ea:4b:
                    2b:91:bf:53:f5:6b:9a:57:c3:c7:59:d6:59:e9:2d:
                    36:58:64:22:eb:7d:aa:32:d1:33:c8:d9:6a:5d:8d:
                    d4:9f:c9:e8:ec:1a:7e:9f:56:73:ee:4b:a2:f1:16:
                    26:2c:37:bc:93:eb:df:89:a5:fa:2c:f8:ea:9a:86:
                    1c:73:37:db:24:18:dc:a4:d6:17:79:18:81:69:11:
                    5d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:06:6A:09:A5:1F:BB:93:A0:4D:49:04:F7:1F:D1:4E:C2:54:7F:EF
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:47:6e:c3:40:9c:eb:b4:11:62:dd:ca:20:49:5e:8c:06:16:
         d8:8f:8c:87:c5:07:e9:73:55:88:fc:50:c0:a2:1d:24:a8:74:
         e9:a4:94:3f:03:b7:7f:8f:60:bb:b4:a1:69:54:c5:d5:a9:6c:
         1c:ac:db:86:b0:9d:bc:0d:c2:2f:10:ce:fc:22:78:eb:61:53:
         74:eb:e1:e1:fb:66:90:dd:a1:52:68:bd:da:76:4e:f9:bc:15:
         84:8f:1c:18:8d:d6:d3:73:7d:0f:6b:fd:d5:12:f8:a6:eb:a4:
         60:1f:2f:45:61:3f:00:1d:0a:52:84:77:ad:89:35:d4:b7:b1:
         1e:b9:9d:ca:53:e2:d0:37:3c:06:f3:2a:17:c5:c3:5f:7e:76:
         a9:b3:91:42:6f:33:7c:33:ed:5d:5d:3d:e7:09:d2:ae:4e:d1:
         a9:3d:bf:fe:97:2a:ff:25:32:00:3c:61:95:0a:18:ae:20:bb:
         f9:aa:ef:2e:9e:7a:8d:67:44:5c:8b:4e:27:91:cd:d8:3d:98:
         63:7f:5b:c0:bb:1b:a8:7d:15:75:25:ba:57:b6:39:8c:ac:8d:
         7c:cb:f2:72:a8:21:b0:9a:9b:b5:24:83:76:ba:d1:66:2f:36:
         9b:6c:3c:96:9b:47:cb:03:67:48:d0:7e:4f:31:94:45:02:95:
         e2:0b:20:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNP4ctUJK2GYq+M+VmyYjPOcT6CgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA1MTQyMjQ1MTFaFw0yNTA1MTMyMjUwMTFaMDMxMTAvBgNV
BAMTKDc0MDY2QTA5QTUxRkJCOTNBMDRENDkwNEY3MUZEMTRFQzI1NDdGRUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrazr5B2Lo/Mdw3gpu0K3XnwMW
MDOfGys2kjXaNEvimKSOYBGqGAKUopMEm4CHOwc4RIxnWSyg/XGL5p1S6gQ5COWO
4xV921Wr947E6daSSr3zzfHTcWp9mfJ3dGbcn2GQ34L6VeX5Pq0R0bhBWLJqyDE7
1R4QkJWTKRwyy05WvQbFHDtaQlFwbQsqQuz02cTGHtGVOn9N/4HO+d6+j5iPpD52
4AS78QV16TA4UmO4DorqSyuRv1P1a5pXw8dZ1lnpLTZYZCLrfaoy0TPI2WpdjdSf
yejsGn6fVnPuS6LxFiYsN7yT69+Jpfos+OqahhxzN9skGNyk1hd5GIFpEV3nAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdAZqCaUfu5OgTUkE9x/RTsJUf+8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfFsw
DQYJKoZIhvcNAQELBQADggEBAJFHbsNAnOu0EWLdyiBJXowGFtiPjIfFB+lzVYj8
UMCiHSSodOmklD8Dt3+PYLu0oWlUxdWpbBys24awnbwNwi8QzvwieOthU3Tr4eH7
ZpDdoVJovdp2Tvm8FYSPHBiN1tNzfQ9r/dUS+KbrpGAfL0VhPwAdClKEd62JNdS3
sR65ncpT4tA3PAbzKhfFw19+dqmzkUJvM3wz7V1dPecJ0q5O0ak9v/6XKv8lMgA8
YZUKGK4gu/mq7y6eeo1nRFyLTieRzdg9mGN/W8C7G6h9FXUlule2OYysjXzL8nKo
IbCam7Ukg3a60WYvNptsPJabR8sDZ0jQfk8xlEUCleILIH0=
-----END CERTIFICATE-----