Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa
File:                     AS54004.roa (raw, json)
Hash identifier:          xC/L/ietf5qplM94aojoioFBgQin25UgTOcGwm4noVs=
Subject key identifier:   34:73:0A:5C:F2:EF:0B:D5:83:50:30:39:98:DD:63:96:A7:F5:ED:87
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       620ECAC2CA8C7E38A7105777A124490176F7892B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa
Signing time:             Sat 08 Mar 2025 11:53:56 +0000
ROA not before:           Sat 08 Mar 2025 11:48:56 +0000
ROA not after:            Sat 07 Mar 2026 11:53:56 +0000
asID:                     54004
IP address blocks:        147.79.32.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:0e:ca:c2:ca:8c:7e:38:a7:10:57:77:a1:24:49:01:76:f7:89:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  8 11:48:56 2025 GMT
            Not After : Mar  7 11:53:56 2026 GMT
        Subject: CN=34730A5CF2EF0BD58350303998DD6396A7F5ED87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:98:dc:2d:cc:13:3c:13:58:7a:97:d6:0c:fd:
                    08:4b:21:c4:c3:da:8f:23:8f:7a:64:c3:6b:d4:40:
                    11:8d:ab:64:10:ad:21:ce:a0:0c:67:d0:a4:08:32:
                    59:e8:62:54:50:01:db:6e:40:9d:95:a6:2b:03:5b:
                    76:5f:3c:bb:e6:46:4b:cf:cc:44:82:1c:d6:9f:95:
                    11:4b:fb:c0:cf:34:da:38:2a:28:67:09:3d:98:09:
                    11:80:4a:fd:87:a9:58:3e:ce:b2:44:24:e4:9d:3a:
                    ac:96:d5:94:79:6f:f1:ba:f3:73:ec:98:96:84:91:
                    7c:ac:c8:38:d3:76:eb:20:b0:9c:4d:83:5a:5f:37:
                    b7:2f:42:29:bf:c4:01:01:4a:54:9c:e0:26:99:92:
                    d0:9d:d5:06:47:88:f3:21:15:f3:8d:63:e8:50:c2:
                    3e:02:55:0d:ed:ea:89:24:d4:21:97:f3:d8:8c:24:
                    37:a5:ac:ec:7c:b1:d7:18:51:d3:5d:ec:77:b9:7f:
                    9d:43:8c:9b:06:76:5d:ce:cb:50:a9:e3:4a:e8:d2:
                    6f:db:f7:bc:91:58:fe:76:a7:6f:c2:64:ed:5a:b6:
                    76:8b:00:06:1d:16:7e:e8:53:a6:13:78:3b:41:de:
                    48:5d:93:63:f1:97:33:27:f4:15:ed:a4:7f:ae:30:
                    74:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:73:0A:5C:F2:EF:0B:D5:83:50:30:39:98:DD:63:96:A7:F5:ED:87
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54004.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a1:67:aa:fb:b2:b1:4d:be:bb:62:a2:a7:27:55:b4:07:a6:94:
         07:32:6f:05:14:88:80:c9:3d:5f:80:d0:40:30:2d:4c:82:ab:
         d1:16:64:7c:65:1e:20:5c:08:27:8f:1f:9b:22:c9:38:9d:87:
         10:ab:25:4f:6a:65:b9:e1:36:bd:6a:c8:a3:d5:a7:02:03:11:
         97:ab:b3:bf:1f:eb:07:ed:c0:53:b5:90:12:b1:76:1c:09:dd:
         f4:90:4b:b0:19:cf:30:76:f8:91:d1:89:1a:f4:74:5a:40:0a:
         24:08:ff:73:8e:bf:7d:5a:31:d4:f7:b7:19:58:38:7b:3a:39:
         8c:84:28:e1:e5:c1:2c:2e:da:b7:a5:76:a0:a3:86:ec:e3:ab:
         0d:79:e6:ab:4b:32:60:5a:f0:47:59:2a:af:74:23:fd:13:3b:
         79:9c:3b:ae:b6:f7:e8:7d:f5:03:33:20:9d:7b:27:50:83:78:
         05:90:60:89:d8:a1:55:5a:2a:c9:18:27:c7:f2:99:1f:00:51:
         33:28:60:ca:86:75:26:ef:e8:57:bc:04:1a:46:de:44:2c:84:
         c4:34:2b:1f:b0:db:fe:17:ef:d1:d2:25:f1:25:ae:21:0a:24:
         7b:63:1e:ff:07:1e:70:8b:4b:2a:11:5e:b9:eb:1e:c8:c3:9b:
         a3:28:7c:92
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYg7KwsqMfjinEFd3oSRJAXb3iSswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMDgxMTQ4NTZaFw0yNjAzMDcxMTUzNTZaMDMxMTAvBgNV
BAMTKDM0NzMwQTVDRjJFRjBCRDU4MzUwMzAzOTk4REQ2Mzk2QTdGNUVEODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmmNwtzBM8E1h6l9YM/QhLIcTD
2o8jj3pkw2vUQBGNq2QQrSHOoAxn0KQIMlnoYlRQAdtuQJ2VpisDW3ZfPLvmRkvP
zESCHNaflRFL+8DPNNo4KihnCT2YCRGASv2HqVg+zrJEJOSdOqyW1ZR5b/G683Ps
mJaEkXysyDjTdusgsJxNg1pfN7cvQim/xAEBSlSc4CaZktCd1QZHiPMhFfONY+hQ
wj4CVQ3t6okk1CGX89iMJDelrOx8sdcYUdNd7He5f51DjJsGdl3Oy1Cp40ro0m/b
97yRWP52p2/CZO1atnaLAAYdFn7oU6YTeDtB3khdk2PxlzMn9BXtpH+uMHSjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNHMKXPLvC9WDUDA5mN1jlqf17YcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTQwMDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBASTTyAw
DQYJKoZIhvcNAQELBQADggEBAKFnqvuysU2+u2KipydVtAemlAcybwUUiIDJPV+A
0EAwLUyCq9EWZHxlHiBcCCePH5siyTidhxCrJU9qZbnhNr1qyKPVpwIDEZers78f
6wftwFO1kBKxdhwJ3fSQS7AZzzB2+JHRiRr0dFpACiQI/3OOv31aMdT3txlYOHs6
OYyEKOHlwSwu2reldqCjhuzjqw155qtLMmBa8EdZKq90I/0TO3mcO6629+h99QMz
IJ17J1CDeAWQYInYoVVaKskYJ8fymR8AUTMoYMqGdSbv6Fe8BBpG3kQshMQ0Kx+w
2/4X79HSJfElriEKJHtjHv8HHnCLSyoRXrnrHsjDm6MofJI=
-----END CERTIFICATE-----