Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          yHJR4nnv2i2OptSXCLVS+kK/NJja2YaolKSBX01aWTA=
Subject key identifier:   24:DE:D0:EC:9C:03:3E:84:5B:8D:12:4E:8E:F0:B9:6E:E1:96:C2:27
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0BC7CDC0BA9AA0A9C55452471911F1AB61DA9073
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
Signing time:             Thu 13 Mar 2025 00:00:09 +0000
ROA not before:           Wed 12 Mar 2025 23:55:09 +0000
ROA not after:            Thu 12 Mar 2026 00:00:09 +0000
asID:                     147003
IP address blocks:        191.96.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:c7:cd:c0:ba:9a:a0:a9:c5:54:52:47:19:11:f1:ab:61:da:90:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 12 23:55:09 2025 GMT
            Not After : Mar 12 00:00:09 2026 GMT
        Subject: CN=24DED0EC9C033E845B8D124E8EF0B96EE196C227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b3:0e:7a:a3:4c:fa:d1:33:7e:83:81:44:71:
                    ef:b6:f0:5b:5d:7f:3d:ba:86:70:31:d5:e0:9b:b3:
                    6a:ec:8e:ff:b2:68:9b:2a:b0:1f:a9:08:c3:02:4d:
                    61:6e:e4:8e:68:bd:6d:00:82:d9:35:25:36:b7:73:
                    a4:ee:08:89:1d:fc:eb:7e:e4:bb:2d:dd:4d:58:a2:
                    7c:08:a0:e4:9d:80:1f:7f:a9:fb:b3:04:2d:0f:e7:
                    6c:3f:53:98:22:44:9b:fc:42:2b:4e:04:0f:74:8b:
                    44:a8:27:c4:3f:4f:7d:58:61:20:29:d2:23:a2:29:
                    ad:9f:17:8d:f4:b1:16:c2:e2:35:56:a1:c9:04:8d:
                    63:f3:04:92:cc:65:94:d2:da:76:0d:01:30:c6:ce:
                    03:b1:6f:30:70:fe:59:3d:34:92:84:39:46:62:85:
                    f4:bd:47:4d:59:68:4e:f2:c5:66:98:a5:6c:4b:6f:
                    be:03:f9:f8:8d:f9:55:60:f5:97:76:81:4d:2a:cc:
                    26:2c:57:cb:bb:31:4b:3c:32:30:fe:ca:18:c2:57:
                    a6:f0:4e:99:c6:57:6e:4b:86:d0:5e:e2:13:d1:f5:
                    5d:cb:a4:65:f5:97:0c:78:2c:9c:07:df:d8:ad:a4:
                    b9:9c:5c:a6:5b:74:fa:4b:99:ad:68:08:32:fe:3d:
                    58:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DE:D0:EC:9C:03:3E:84:5B:8D:12:4E:8E:F0:B9:6E:E1:96:C2:27
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f8:9b:f4:96:b8:26:2f:14:f0:34:25:0b:48:95:19:33:23:
         9d:85:08:de:92:df:41:f7:69:fc:4b:5f:04:5d:fb:b2:1d:c8:
         ca:62:0d:14:41:c0:94:64:08:05:f3:f0:c1:3f:38:45:8c:a1:
         e1:62:ed:65:5d:05:d6:ab:08:91:d1:20:e1:93:dd:a9:d5:be:
         da:e3:7b:8c:f7:15:47:5a:59:02:07:c2:ec:aa:6b:79:d4:6c:
         03:17:30:db:31:9a:60:29:0a:d5:fe:73:90:8c:28:6a:10:3c:
         b8:33:40:e8:af:0f:cd:71:cd:40:b2:a7:64:ac:6c:b9:dc:13:
         13:69:df:6f:87:ab:d9:ba:8e:a0:11:5b:78:f0:0c:1f:4b:3a:
         38:5b:12:98:a6:0b:d1:01:cd:2a:c8:c8:3a:5e:dc:ed:03:ae:
         0b:81:d5:16:18:92:1d:77:e1:96:f8:d1:de:e3:06:a1:c9:66:
         d4:b2:b6:e2:42:38:b3:e6:18:b0:b5:f8:f1:c6:47:11:d8:45:
         bc:b4:df:3d:76:35:fd:cb:32:3c:5e:9d:79:4b:63:12:37:60:
         58:e5:82:cb:d4:75:a2:7e:09:fd:f3:7b:ba:33:64:2a:ac:9b:
         1e:47:16:e3:26:11:08:bd:4c:91:54:67:c2:95:66:f1:9b:c8:
         53:15:32:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC8fNwLqaoKnFVFJHGRHxq2HakHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMTIyMzU1MDlaFw0yNjAzMTIwMDAwMDlaMDMxMTAvBgNV
BAMTKDI0REVEMEVDOUMwMzNFODQ1QjhEMTI0RThFRjBCOTZFRTE5NkMyMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDasw56o0z60TN+g4FEce+28Ftd
fz26hnAx1eCbs2rsjv+yaJsqsB+pCMMCTWFu5I5ovW0Agtk1JTa3c6TuCIkd/Ot+
5Lst3U1YonwIoOSdgB9/qfuzBC0P52w/U5giRJv8QitOBA90i0SoJ8Q/T31YYSAp
0iOiKa2fF430sRbC4jVWockEjWPzBJLMZZTS2nYNATDGzgOxbzBw/lk9NJKEOUZi
hfS9R01ZaE7yxWaYpWxLb74D+fiN+VVg9Zd2gU0qzCYsV8u7MUs8MjD+yhjCV6bw
TpnGV25LhtBe4hPR9V3LpGX1lwx4LJwH39itpLmcXKZbdPpLma1oCDL+PVi7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJN7Q7JwDPoRbjRJOjvC5buGWwicwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ad
MA0GCSqGSIb3DQEBCwUAA4IBAQCW+Jv0lrgmLxTwNCULSJUZMyOdhQjekt9B92n8
S18EXfuyHcjKYg0UQcCUZAgF8/DBPzhFjKHhYu1lXQXWqwiR0SDhk92p1b7a43uM
9xVHWlkCB8Lsqmt51GwDFzDbMZpgKQrV/nOQjChqEDy4M0Dorw/Ncc1AsqdkrGy5
3BMTad9vh6vZuo6gEVt48AwfSzo4WxKYpgvRAc0qyMg6XtztA64LgdUWGJIdd+GW
+NHe4wahyWbUsrbiQjiz5hiwtfjxxkcR2EW8tN89djX9yzI8Xp15S2MSN2BY5YLL
1HWifgn983u6M2QqrJseRxbjJhEIvUyRVGfClWbxm8hTFTKA
-----END CERTIFICATE-----