Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS5511.roa
File:                     AS5511.roa (raw, json)
Hash identifier:          V+BohYM76nra/6qbGw+6iMbwYrW03wXd5h64lRqSlbk=
Subject key identifier:   ED:F6:84:81:AC:6D:D8:5B:E6:55:5B:61:E1:F1:9C:C3:D7:D8:80:44
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0F6837CD1A7CFFE65E2ED90F6D6A18DA0CC5D713
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS5511.roa
Signing time:             Fri 24 May 2024 05:40:47 +0000
ROA not before:           Fri 24 May 2024 05:35:47 +0000
ROA not after:            Fri 23 May 2025 05:40:47 +0000
asID:                     5511
IP address blocks:        91.124.244.0/22 maxlen: 24
                          91.124.248.0/22 maxlen: 24
                          92.112.24.0/22 maxlen: 24
                          92.112.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:68:37:cd:1a:7c:ff:e6:5e:2e:d9:0f:6d:6a:18:da:0c:c5:d7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 24 05:35:47 2024 GMT
            Not After : May 23 05:40:47 2025 GMT
        Subject: CN=EDF68481AC6DD85BE6555B61E1F19CC3D7D88044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:93:72:99:d7:68:33:4c:1e:ea:15:6b:0d:9b:
                    dd:cc:18:91:7e:9d:ce:6a:e8:8d:87:bf:a2:30:cd:
                    dd:64:fc:03:11:4c:15:e4:ac:ec:cf:bc:e6:8c:e2:
                    a2:74:f3:3f:80:81:0e:f5:4c:8e:bc:cf:07:52:51:
                    77:f9:fd:9a:6d:45:a0:a3:2b:9b:1f:02:80:4d:be:
                    df:74:1c:c2:f0:80:ce:92:36:ac:5c:a7:ac:8c:47:
                    a8:57:7a:fa:48:7b:a8:e6:1d:ff:8e:2e:19:31:bd:
                    5a:c9:78:05:e8:84:2f:0e:1f:eb:9e:2b:95:40:bc:
                    b5:fb:b2:da:c4:a9:9e:5a:f6:f6:13:74:7d:21:dd:
                    16:be:0c:20:ee:23:fa:e5:cb:cb:7b:2f:e0:7d:1f:
                    ba:cc:00:38:82:f4:7c:00:46:f7:45:19:9d:d5:b1:
                    68:9f:a4:b5:93:d6:a6:61:72:41:39:e5:fb:16:75:
                    32:98:64:1c:ae:3f:58:ec:f9:6b:d2:6e:d5:b4:87:
                    04:47:b2:10:51:84:ad:26:f5:ff:6e:64:64:85:db:
                    d4:21:61:7d:54:86:99:34:06:70:52:c9:9e:de:d3:
                    23:85:0d:9d:58:09:20:b4:9f:bc:81:8f:1d:3e:dd:
                    5d:dc:1a:a9:f4:2a:d9:49:83:a6:7a:e2:e5:44:b8:
                    41:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:F6:84:81:AC:6D:D8:5B:E6:55:5B:61:E1:F1:9C:C3:D7:D8:80:44
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS5511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.244.0-91.124.251.255
                  92.112.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1b:33:f4:44:0c:1e:cf:54:d1:2e:f6:95:bd:55:f5:a0:6b:b1:
         2d:72:9a:69:17:1c:02:cb:e5:c2:23:32:8e:61:80:1f:c2:df:
         fc:c1:3b:90:cd:33:ce:41:ca:a0:6d:e7:48:33:b3:57:f2:87:
         17:fe:63:53:8b:1f:7f:e2:00:3a:95:c8:ed:b2:13:b2:d7:0f:
         03:d3:ec:a6:e7:06:38:77:9a:fe:2d:6d:1d:33:c2:8e:c4:1a:
         eb:3b:d8:da:69:c5:0d:6c:08:f2:4e:40:8b:2e:92:ed:f8:66:
         b2:af:a5:fe:6a:24:d1:67:7d:b7:f3:45:97:8c:a2:3a:ed:2c:
         43:b5:fa:cc:c6:a5:e9:39:d3:0f:62:bd:e0:d8:ac:9d:a8:1f:
         ee:2a:45:26:b0:88:81:af:47:f3:cd:3f:8f:aa:a1:04:af:4c:
         84:30:45:cc:68:26:44:51:a8:62:6d:80:ff:11:05:95:0e:3f:
         09:23:5d:e7:07:30:21:a7:64:9c:8b:2b:f6:ab:7c:b1:74:b2:
         e6:e6:d5:82:09:66:4c:d9:a3:2c:89:61:74:5d:47:c7:f7:73:
         45:95:de:b8:9c:f8:8f:1e:70:25:09:7a:40:99:1a:c2:4f:a5:
         fe:d1:95:f2:34:23:9f:5f:aa:2e:b7:9c:c4:71:45:13:49:ae:
         ce:45:b8:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUD2g3zRp8/+ZeLtkPbWoY2gzF1xMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA1MjQwNTM1NDdaFw0yNTA1MjMwNTQwNDdaMDMxMTAvBgNV
BAMTKEVERjY4NDgxQUM2REQ4NUJFNjU1NUI2MUUxRjE5Q0MzRDdEODgwNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSk3KZ12gzTB7qFWsNm93MGJF+
nc5q6I2Hv6Iwzd1k/AMRTBXkrOzPvOaM4qJ08z+AgQ71TI68zwdSUXf5/ZptRaCj
K5sfAoBNvt90HMLwgM6SNqxcp6yMR6hXevpIe6jmHf+OLhkxvVrJeAXohC8OH+ue
K5VAvLX7strEqZ5a9vYTdH0h3Ra+DCDuI/rly8t7L+B9H7rMADiC9HwARvdFGZ3V
sWifpLWT1qZhckE55fsWdTKYZByuP1js+WvSbtW0hwRHshBRhK0m9f9uZGSF29Qh
YX1Uhpk0BnBSyZ7e0yOFDZ1YCSC0n7yBjx0+3V3cGqn0KtlJg6Z64uVEuEEpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU7faEgaxt2FvmVVth4fGcw9fYgEQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTUxMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQCW3z0
AwQCW3z4AwQDXHAYMA0GCSqGSIb3DQEBCwUAA4IBAQAbM/REDB7PVNEu9pW9VfWg
a7EtcpppFxwCy+XCIzKOYYAfwt/8wTuQzTPOQcqgbedIM7NX8ocX/mNTix9/4gA6
lcjtshOy1w8D0+ym5wY4d5r+LW0dM8KOxBrrO9jaacUNbAjyTkCLLpLt+Gayr6X+
aiTRZ32380WXjKI67SxDtfrMxqXpOdMPYr3g2KydqB/uKkUmsIiBr0fzzT+PqqEE
r0yEMEXMaCZEUahibYD/EQWVDj8JI13nBzAhp2Sciyv2q3yxdLLm5tWCCWZM2aMs
iWF0XUfH93NFld64nPiPHnAlCXpAmRrCT6X+0ZXyNCOfX6out5zEcUUTSa7ORbim
-----END CERTIFICATE-----