Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa
File:                     AS29802.roa (raw, json)
Hash identifier:          WoSIqRTSqZv1z2EmPCIA+7sPicYbyj+Dbk+Sv3RCXOs=
Subject key identifier:   A7:0B:4A:34:15:85:7C:06:B9:28:B1:DB:C9:5F:EC:54:B8:17:7F:80
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       09343DC4FC814F77FC036980DEDE857EE3EF9FCF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa
Signing time:             Mon 18 Mar 2024 12:04:06 +0000
ROA not before:           Mon 18 Mar 2024 11:59:06 +0000
ROA not after:            Mon 17 Mar 2025 12:04:06 +0000
asID:                     29802
IP address blocks:        91.124.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 14:38:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:34:3d:c4:fc:81:4f:77:fc:03:69:80:de:de:85:7e:e3:ef:9f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 18 11:59:06 2024 GMT
            Not After : Mar 17 12:04:06 2025 GMT
        Subject: CN=A70B4A3415857C06B928B1DBC95FEC54B8177F80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8b:40:f0:c2:ea:d3:e0:f2:89:94:f1:8e:4f:
                    1a:e3:51:cc:2c:10:78:e7:54:52:62:22:f5:01:79:
                    29:8f:74:2c:82:ed:9b:37:d6:63:6e:26:64:1e:ad:
                    4f:32:c1:d3:22:7c:02:98:25:cd:8c:88:bb:77:60:
                    8e:39:bb:c7:6e:3e:5b:33:df:c0:5a:8e:94:bc:2e:
                    1e:fb:59:48:f9:5e:a6:ca:93:ad:2b:32:d3:8c:d2:
                    e7:4b:ed:d3:16:c3:42:06:50:31:3e:1c:bb:ae:b7:
                    6f:3a:92:cf:e1:bc:c9:c0:4f:14:66:83:3c:ad:0e:
                    b6:18:1e:49:f9:74:17:7c:28:91:0a:a5:63:84:8e:
                    ae:7e:9c:d8:18:d1:6a:f6:80:6c:f0:e7:77:f9:34:
                    91:e6:ed:be:ef:b4:19:32:7b:a7:2a:97:50:11:96:
                    5c:3a:2c:e4:f8:81:eb:f8:bb:70:bb:a7:b9:3b:cd:
                    03:21:19:6a:6e:41:33:21:ee:a0:fa:59:62:8f:a9:
                    bf:96:c1:70:46:8f:8f:00:e5:58:d5:86:9b:39:03:
                    a0:04:dc:e7:1a:f1:a3:6e:60:1a:d3:31:4d:96:7d:
                    81:ec:23:d0:2b:99:e6:9f:c9:ab:29:af:ce:03:d3:
                    fd:7a:8a:6c:e8:e4:3f:2d:9f:69:3a:f4:f4:5a:e9:
                    8c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:0B:4A:34:15:85:7C:06:B9:28:B1:DB:C9:5F:EC:54:B8:17:7F:80
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS29802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:d0:77:cf:42:c8:e4:02:79:df:a1:4f:69:13:6e:b0:c1:
         74:c1:54:40:bc:ed:ee:5a:64:33:2b:1a:b9:b5:04:7c:31:a2:
         cb:b4:8f:75:c0:92:97:6c:ca:9c:8a:36:fa:54:ff:ce:5d:27:
         e4:d9:1c:1e:ab:27:9c:4d:7a:ff:93:68:c0:8d:d3:d8:6a:f9:
         8f:e0:7b:da:40:00:8e:b0:35:f7:3c:bf:dc:ce:b2:8f:da:b3:
         46:c9:fb:48:e3:6f:87:2e:a7:26:13:00:b9:89:0f:d3:91:d5:
         3f:18:ed:85:ab:c8:9c:dd:e2:33:0f:4c:3b:03:c3:fa:18:f6:
         42:0c:15:f4:ce:90:01:2a:c7:67:44:f5:79:58:76:2d:46:10:
         e8:76:b4:41:01:31:d2:db:53:5d:f6:1d:45:e9:39:b9:61:5b:
         49:ca:e9:cc:ce:7e:17:c2:35:12:22:20:94:92:72:f1:ac:32:
         70:dd:75:da:15:c6:7f:fd:43:10:17:d2:83:4a:00:a8:ae:cd:
         12:20:f3:44:f5:fb:88:6c:58:aa:99:fc:cd:68:4a:b4:b0:35:
         9b:fa:a5:9f:79:bb:59:92:4a:d5:7b:93:04:7c:8f:a2:51:9e:
         0c:b6:42:cf:f4:1b:14:4c:06:e8:49:d9:e7:87:3f:92:22:a8:
         94:5b:58:5e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCTQ9xPyBT3f8A2mA3t6FfuPvn88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDAzMTgxMTU5MDZaFw0yNTAzMTcxMjA0MDZaMDMxMTAvBgNV
BAMTKEE3MEI0QTM0MTU4NTdDMDZCOTI4QjFEQkM5NUZFQzU0QjgxNzdGODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCni0DwwurT4PKJlPGOTxrjUcws
EHjnVFJiIvUBeSmPdCyC7Zs31mNuJmQerU8ywdMifAKYJc2MiLt3YI45u8duPlsz
38BajpS8Lh77WUj5XqbKk60rMtOM0udL7dMWw0IGUDE+HLuut286ks/hvMnATxRm
gzytDrYYHkn5dBd8KJEKpWOEjq5+nNgY0Wr2gGzw53f5NJHm7b7vtBkye6cql1AR
llw6LOT4gev4u3C7p7k7zQMhGWpuQTMh7qD6WWKPqb+WwXBGj48A5VjVhps5A6AE
3Oca8aNuYBrTMU2WfYHsI9Armeafyaspr84D0/16imzo5D8tn2k69PRa6YyzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUpwtKNBWFfAa5KLHbyV/sVLgXf4AwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjk4MDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfJUw
DQYJKoZIhvcNAQELBQADggEBADet0HfPQsjkAnnfoU9pE26wwXTBVEC87e5aZDMr
Grm1BHwxosu0j3XAkpdsypyKNvpU/85dJ+TZHB6rJ5xNev+TaMCN09hq+Y/ge9pA
AI6wNfc8v9zOso/as0bJ+0jjb4cupyYTALmJD9OR1T8Y7YWryJzd4jMPTDsDw/oY
9kIMFfTOkAEqx2dE9XlYdi1GEOh2tEEBMdLbU132HUXpOblhW0nK6czOfhfCNRIi
IJSScvGsMnDdddoVxn/9QxAX0oNKAKiuzRIg80T1+4hsWKqZ/M1oSrSwNZv6pZ95
u1mSStV7kwR8j6JRngy2Qs/0GxRMBuhJ2eeHP5IiqJRbWF4=
-----END CERTIFICATE-----