Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5511.roa
File:                     AS5511.roa (raw, json)
Hash identifier:          ghuFsEk+BdzeKfIXyD4urC28RHaSgeFlx9Lo5WSeSpE=
Subject key identifier:   99:07:57:66:ED:E7:1F:C7:BA:A4:26:36:DA:0E:BE:42:D4:54:C6:BB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       710C14426AFCE152FBEBD5C6553E689A92E8FB63
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5511.roa
Signing time:             Mon 31 Mar 2025 06:58:56 +0000
ROA not before:           Mon 31 Mar 2025 06:53:56 +0000
ROA not after:            Mon 30 Mar 2026 06:58:56 +0000
asID:                     5511
IP address blocks:        96.62.183.0/24 maxlen: 24
                          96.62.184.0/24 maxlen: 24
                          96.62.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:32:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0c:14:42:6a:fc:e1:52:fb:eb:d5:c6:55:3e:68:9a:92:e8:fb:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 31 06:53:56 2025 GMT
            Not After : Mar 30 06:58:56 2026 GMT
        Subject: CN=99075766EDE71FC7BAA42636DA0EBE42D454C6BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a8:47:05:78:71:04:c7:af:4c:e5:fc:e4:b6:
                    b4:3e:50:13:a6:6f:06:e5:22:4a:70:cb:bf:e1:67:
                    01:ae:e8:1f:01:63:9e:6a:c9:77:77:d1:01:d2:b8:
                    35:c2:96:d0:b8:3b:e5:de:a9:0a:b7:0d:f5:68:5d:
                    48:15:82:da:46:73:4b:ad:a3:ee:38:54:2b:ae:5f:
                    a7:64:b8:68:fd:01:3b:79:23:58:a6:b9:85:ca:a3:
                    59:11:e9:db:af:ab:d4:6a:67:90:c6:95:f4:fe:ed:
                    32:27:e1:f9:65:fa:34:ad:af:00:1f:73:8f:00:c7:
                    91:da:b4:5e:28:e4:1d:c7:48:cc:63:13:45:47:a2:
                    e4:b5:25:44:41:ef:b0:a3:d4:ec:3d:15:cf:af:7e:
                    5f:4d:49:73:60:7d:5d:c5:b1:d5:77:fb:7d:40:fe:
                    15:29:d9:62:8c:d4:6d:c4:1b:bf:d0:0d:08:be:48:
                    2e:c4:2d:8a:6f:db:3f:a6:d4:4a:ef:60:f1:62:b4:
                    c1:ca:a0:7b:51:3e:db:35:77:f9:fe:86:37:45:9b:
                    fe:2d:8d:0e:29:df:79:ff:65:26:13:b7:c0:ce:59:
                    0d:0c:68:24:c2:29:b2:e9:65:9e:a8:a4:39:2a:9f:
                    7b:89:8b:1f:a5:a6:08:be:37:0e:e9:8d:fb:74:c3:
                    06:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:07:57:66:ED:E7:1F:C7:BA:A4:26:36:DA:0E:BE:42:D4:54:C6:BB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.183.0-96.62.184.255
                  96.62.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:cb:90:6e:48:e9:cc:cb:d2:f2:4d:73:a3:64:28:1f:ce:5f:
         e0:8b:af:e2:75:e3:5c:84:77:e7:5f:aa:56:3d:90:d9:4f:eb:
         b6:82:3e:f6:b8:45:c3:2b:28:b7:26:33:54:d2:20:cc:cc:34:
         e4:c1:aa:ba:d5:19:72:8c:55:77:d5:b3:d3:9b:3c:9a:4c:65:
         27:95:0c:8e:5f:c9:ba:c0:1c:c1:53:1f:37:dd:53:81:bc:ff:
         67:92:81:de:ff:9c:74:5d:94:05:f9:eb:d8:b6:77:37:a2:0c:
         fb:42:30:ca:b6:6a:6a:78:bc:6d:be:9f:56:56:2d:e3:d6:33:
         a1:da:05:a7:44:23:9e:0f:9e:f5:48:49:67:8f:8e:58:db:03:
         90:f5:0b:fa:1a:33:b6:1f:61:d8:eb:ee:53:ef:0c:86:ed:3f:
         4c:3e:bd:19:6b:5d:13:85:ff:0c:7b:32:63:93:70:2b:54:cd:
         55:a7:dd:5c:ff:7c:a9:9d:5a:97:3d:81:6d:23:46:10:95:42:
         6f:03:db:aa:88:b0:66:47:aa:bf:2b:b9:85:5d:f2:51:47:cd:
         08:42:84:4a:56:9c:40:65:37:e1:c2:e4:d9:f3:22:c3:49:ea:
         e7:88:d8:be:ab:06:49:1d:4f:70:05:33:8e:2f:4b:6b:4e:38:
         58:d2:18:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcQwUQmr84VL769XGVT5ompLo+2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMzEwNjUzNTZaFw0yNjAzMzAwNjU4NTZaMDMxMTAvBgNV
BAMTKDk5MDc1NzY2RURFNzFGQzdCQUE0MjYzNkRBMEVCRTQyRDQ1NEM2QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3qEcFeHEEx69M5fzktrQ+UBOm
bwblIkpwy7/hZwGu6B8BY55qyXd30QHSuDXCltC4O+XeqQq3DfVoXUgVgtpGc0ut
o+44VCuuX6dkuGj9ATt5I1imuYXKo1kR6duvq9RqZ5DGlfT+7TIn4fll+jStrwAf
c48Ax5HatF4o5B3HSMxjE0VHouS1JURB77Cj1Ow9Fc+vfl9NSXNgfV3FsdV3+31A
/hUp2WKM1G3EG7/QDQi+SC7ELYpv2z+m1ErvYPFitMHKoHtRPts1d/n+hjdFm/4t
jQ4p33n/ZSYTt8DOWQ0MaCTCKbLpZZ6opDkqn3uJix+lpgi+Nw7pjft0wwbrAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUmQdXZu3nH8e6pCY22g6+QtRUxrswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTUxMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQAYD63
AwQAYD64AwQAYD7BMA0GCSqGSIb3DQEBCwUAA4IBAQCfy5BuSOnMy9LyTXOjZCgf
zl/gi6/ideNchHfnX6pWPZDZT+u2gj72uEXDKyi3JjNU0iDMzDTkwaq61RlyjFV3
1bPTmzyaTGUnlQyOX8m6wBzBUx833VOBvP9nkoHe/5x0XZQF+evYtnc3ogz7QjDK
tmpqeLxtvp9WVi3j1jOh2gWnRCOeD571SElnj45Y2wOQ9Qv6GjO2H2HY6+5T7wyG
7T9MPr0Za10Thf8MezJjk3ArVM1Vp91c/3ypnVqXPYFtI0YQlUJvA9uqiLBmR6q/
K7mFXfJRR80IQoRKVpxAZTfhwuTZ8yLDSerniNi+qwZJHU9wBTOOL0trTjhY0hh4
-----END CERTIFICATE-----