Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26548.roa
File:                     AS26548.roa (raw, json)
Hash identifier:          dvhhzfuCLb5/aGgcdr0511sw1m0pye6WFtNnIy2mNOY=
Subject key identifier:   0C:12:14:12:70:12:1E:52:79:29:40:55:47:EE:94:1C:DB:DB:2A:14
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       576F7193BEC18303789A7BC3B4AE78DBBC6678FC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26548.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     26548
IP address blocks:        191.96.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:6f:71:93:be:c1:83:03:78:9a:7b:c3:b4:ae:78:db:bc:66:78:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=0C12141270121E527929405547EE941CDBDB2A14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b8:f6:85:69:6f:a9:6b:4e:b1:69:87:ea:3f:
                    cd:70:69:e2:ea:b2:13:0a:0b:46:e9:30:85:81:14:
                    7d:d2:76:00:2c:18:24:a5:9f:22:61:76:bb:c3:e3:
                    9c:c6:10:70:24:83:7c:79:01:75:10:2d:e3:37:46:
                    c5:75:33:05:fd:51:28:dc:50:8e:99:e9:3e:93:09:
                    79:0b:fe:6e:92:f1:cc:fa:b6:7f:0f:69:06:be:b9:
                    74:dc:b9:6e:cf:7e:d3:4d:ff:57:5d:dc:f2:fd:fe:
                    6b:69:96:a1:2f:c6:90:d5:cc:8f:3b:89:bd:55:69:
                    5d:6d:54:24:69:fb:02:cb:08:ee:97:ad:4b:e7:0e:
                    7c:82:57:4f:25:57:1e:e2:ed:83:c0:9b:08:c9:74:
                    b3:05:6e:31:bd:ad:c8:13:49:62:1a:de:e2:1f:88:
                    66:6a:87:b6:c9:38:36:fa:89:01:e8:e8:c1:97:f9:
                    c3:97:05:92:2b:98:7f:4c:1e:79:e9:d8:0d:3d:b5:
                    67:59:98:4e:c6:c1:93:2c:13:eb:d4:66:61:7b:96:
                    bb:85:00:b6:95:4a:18:4c:89:1d:9b:42:38:d3:9f:
                    22:58:48:90:ed:b8:65:c0:bc:f8:cf:98:b6:a8:07:
                    88:5b:7f:3b:89:25:1a:8c:f3:01:66:8b:4e:24:6f:
                    44:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:12:14:12:70:12:1E:52:79:29:40:55:47:EE:94:1C:DB:DB:2A:14
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS26548.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:47:e0:0b:ad:d1:65:f3:42:4f:d9:6b:1d:a1:8f:1f:52:1a:
         e8:45:56:84:3e:5a:c1:a0:8b:09:d9:8d:35:86:0d:c0:ac:5f:
         2c:48:a7:4f:d9:57:04:9c:5e:f5:54:20:ba:df:81:88:54:52:
         f6:f9:55:4e:53:61:27:c8:8e:99:4a:bb:22:d7:69:31:5b:2f:
         1b:4c:e0:dd:81:e8:85:e0:56:74:6d:5f:8e:d9:4a:d7:d6:a0:
         bd:80:56:d3:54:fd:df:a5:11:12:a7:69:fb:82:c0:19:23:4f:
         7f:f5:48:30:10:00:54:ef:6c:b2:7f:76:cd:3d:e1:80:e7:44:
         2c:36:fe:ac:7b:09:8d:91:6e:d8:74:25:32:32:d8:63:e5:48:
         d5:dd:89:ad:71:85:dc:80:7f:c2:8c:3c:34:d2:0c:83:d4:22:
         57:fa:7d:10:b2:38:06:61:99:93:a5:5b:cf:ac:11:20:b7:5d:
         ec:a6:cb:cc:01:ea:e2:9f:70:c4:45:43:f8:33:ad:31:37:92:
         9f:f5:8d:95:d4:8b:8e:8a:31:c2:ac:84:08:c0:56:1f:12:1a:
         dd:39:47:62:71:4b:c3:22:84:fc:43:6f:95:73:90:19:15:4f:
         6a:66:97:6f:66:86:7d:d8:93:a0:03:76:70:75:e5:4b:eb:df:
         0a:f9:77:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUV29xk77BgwN4mnvDtK5427xmePwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKDBDMTIxNDEyNzAxMjFFNTI3OTI5NDA1NTQ3RUU5NDFDREJEQjJBMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCluPaFaW+pa06xaYfqP81waeLq
shMKC0bpMIWBFH3SdgAsGCSlnyJhdrvD45zGEHAkg3x5AXUQLeM3RsV1MwX9USjc
UI6Z6T6TCXkL/m6S8cz6tn8PaQa+uXTcuW7PftNN/1dd3PL9/mtplqEvxpDVzI87
ib1VaV1tVCRp+wLLCO6XrUvnDnyCV08lVx7i7YPAmwjJdLMFbjG9rcgTSWIa3uIf
iGZqh7bJODb6iQHo6MGX+cOXBZIrmH9MHnnp2A09tWdZmE7GwZMsE+vUZmF7lruF
ALaVShhMiR2bQjjTnyJYSJDtuGXAvPjPmLaoB4hbfzuJJRqM8wFmi04kb0RxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUDBIUEnASHlJ5KUBVR+6UHNvbKhQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY1NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YMQw
DQYJKoZIhvcNAQELBQADggEBAB5H4Aut0WXzQk/Zax2hjx9SGuhFVoQ+WsGgiwnZ
jTWGDcCsXyxIp0/ZVwScXvVUILrfgYhUUvb5VU5TYSfIjplKuyLXaTFbLxtM4N2B
6IXgVnRtX47ZStfWoL2AVtNU/d+lERKnafuCwBkjT3/1SDAQAFTvbLJ/ds094YDn
RCw2/qx7CY2Rbth0JTIy2GPlSNXdia1xhdyAf8KMPDTSDIPUIlf6fRCyOAZhmZOl
W8+sESC3Xeymy8wB6uKfcMRFQ/gzrTE3kp/1jZXUi46KMcKshAjAVh8SGt05R2Jx
S8MihPxDb5VzkBkVT2pml29mhn3Yk6ADdnB15Uvr3wr5d+I=
-----END CERTIFICATE-----