Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          yaSeXm20KtFhHiscFhGEkhY56Ac9Yn3pYZvdO8JrJy8=
Subject key identifier:   56:56:3C:A7:DA:28:73:88:F2:C0:00:49:AE:E7:CF:66:4A:2A:90:E6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5E29BC2D5244B05A3B33109A617438BF61BFD527
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa
Signing time:             Tue 15 Apr 2025 12:11:14 +0000
ROA not before:           Tue 15 Apr 2025 12:06:14 +0000
ROA not after:            Tue 14 Apr 2026 12:11:14 +0000
asID:                     53356
IP address blocks:        148.135.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:29:bc:2d:52:44:b0:5a:3b:33:10:9a:61:74:38:bf:61:bf:d5:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 15 12:06:14 2025 GMT
            Not After : Apr 14 12:11:14 2026 GMT
        Subject: CN=56563CA7DA287388F2C00049AEE7CF664A2A90E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b5:84:6e:62:73:27:bd:05:ca:66:46:33:3b:
                    b1:35:d2:7c:c9:ea:ab:6f:ea:05:7a:25:25:ed:64:
                    77:0b:45:43:58:99:fa:cd:5a:3c:5c:2e:2e:c8:ac:
                    3e:03:35:d1:0c:8f:d9:56:d2:12:46:8b:dc:1c:2e:
                    94:ef:70:2d:b0:00:92:63:be:31:44:40:0f:55:9f:
                    8b:29:41:46:ca:4a:60:d3:02:30:8e:19:bf:80:2e:
                    30:5a:c8:64:b6:71:1f:63:5e:5b:bd:42:4e:db:a3:
                    33:37:9d:48:af:3a:69:de:82:32:24:6e:53:68:b5:
                    93:4d:46:2f:aa:2c:09:43:0b:9e:ad:19:fc:d7:5a:
                    1f:81:26:e7:93:d9:26:d7:9e:af:84:e6:ee:4e:77:
                    b0:33:ba:4a:72:c2:85:19:30:d3:8e:0a:b1:3a:7b:
                    66:2a:ca:75:27:52:78:5a:21:07:d4:18:7b:0c:7c:
                    84:a6:a8:a5:27:96:55:41:66:c6:41:a3:99:1e:c0:
                    f8:e2:43:d2:e8:58:f4:2d:89:cd:b2:45:d6:ac:6f:
                    9d:e2:2b:ee:f4:66:27:2d:6c:ef:e1:32:4c:1e:55:
                    56:db:a4:09:c0:49:51:82:7c:e5:7c:51:6a:7a:5d:
                    e9:ee:8b:98:5b:a3:7e:6b:5b:28:ee:10:2d:e2:54:
                    e6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:56:3C:A7:DA:28:73:88:F2:C0:00:49:AE:E7:CF:66:4A:2A:90:E6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:c8:a6:1d:95:41:86:06:81:3c:e3:e8:b9:78:c1:9f:2b:49:
         a4:7b:4a:ed:f0:27:16:32:02:f5:67:04:8c:5c:82:c9:7a:15:
         90:c3:9f:00:82:b7:74:e1:c2:98:0b:7c:18:1e:0f:2c:f5:32:
         0d:cf:84:b9:19:68:12:67:02:54:46:e4:33:4c:db:11:73:1d:
         96:53:32:24:32:10:74:4c:3b:9c:40:c6:e0:f2:55:9e:f7:d9:
         f4:88:c4:9e:13:a5:c0:ae:03:b1:2d:58:b5:2a:01:6c:50:19:
         ae:c6:d5:63:9d:4d:05:4b:f4:57:51:af:2c:19:1d:c2:42:70:
         ea:b9:5b:60:a6:ce:a0:70:bd:e8:93:55:50:40:f6:2c:8a:8c:
         42:a5:b2:a9:d7:d7:27:e4:ae:9e:ef:ec:1c:c3:98:10:e7:dd:
         8e:27:bf:48:4a:98:22:0a:91:1c:1b:10:e4:93:7a:29:68:fd:
         5f:f3:59:3f:14:9b:3b:0c:bd:99:43:8d:3c:cf:f6:46:e8:42:
         61:ff:80:f5:7f:4d:7c:f9:e5:cc:fc:7c:3a:cd:8e:1a:11:95:
         61:9e:a0:07:3a:ad:19:b1:32:2f:85:99:aa:28:d7:c2:9c:02:
         5f:bf:0a:3b:b3:7b:41:cb:50:8a:23:59:f9:ca:b9:4a:03:68:
         41:aa:7b:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXim8LVJEsFo7MxCaYXQ4v2G/1ScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MTUxMjA2MTRaFw0yNjA0MTQxMjExMTRaMDMxMTAvBgNV
BAMTKDU2NTYzQ0E3REEyODczODhGMkMwMDA0OUFFRTdDRjY2NEEyQTkwRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDktYRuYnMnvQXKZkYzO7E10nzJ
6qtv6gV6JSXtZHcLRUNYmfrNWjxcLi7IrD4DNdEMj9lW0hJGi9wcLpTvcC2wAJJj
vjFEQA9Vn4spQUbKSmDTAjCOGb+ALjBayGS2cR9jXlu9Qk7bozM3nUivOmnegjIk
blNotZNNRi+qLAlDC56tGfzXWh+BJueT2SbXnq+E5u5Od7AzukpywoUZMNOOCrE6
e2YqynUnUnhaIQfUGHsMfISmqKUnllVBZsZBo5kewPjiQ9LoWPQtic2yRdasb53i
K+70ZictbO/hMkweVVbbpAnASVGCfOV8UWp6Xenui5hbo35rWyjuEC3iVOYLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVlY8p9ooc4jywABJrufPZkoqkOYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACUh6Mw
DQYJKoZIhvcNAQELBQADggEBAIjIph2VQYYGgTzj6Ll4wZ8rSaR7Su3wJxYyAvVn
BIxcgsl6FZDDnwCCt3ThwpgLfBgeDyz1Mg3PhLkZaBJnAlRG5DNM2xFzHZZTMiQy
EHRMO5xAxuDyVZ732fSIxJ4TpcCuA7EtWLUqAWxQGa7G1WOdTQVL9FdRrywZHcJC
cOq5W2CmzqBwveiTVVBA9iyKjEKlsqnX1yfkrp7v7BzDmBDn3Y4nv0hKmCIKkRwb
EOSTeilo/V/zWT8UmzsMvZlDjTzP9kboQmH/gPV/TXz55cz8fDrNjhoRlWGeoAc6
rRmxMi+Fmaoo18KcAl+/Cjuze0HLUIojWfnKuUoDaEGqe+M=
-----END CERTIFICATE-----