Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395954.roa
File:                     AS395954.roa (raw, json)
Hash identifier:          wyWWoXck2x7afWMj9W4yykBUAkYDVgflQucHWDt8nXc=
Subject key identifier:   41:F5:04:50:FF:41:F9:A2:1E:73:53:18:DE:EC:89:97:18:65:93:58
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       07ECB06E78D355114B323ECFEBB2277CF73111D6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395954.roa
Signing time:             Mon 07 Oct 2024 09:26:46 +0000
ROA not before:           Mon 07 Oct 2024 09:21:46 +0000
ROA not after:            Mon 06 Oct 2025 09:26:46 +0000
asID:                     395954
IP address blocks:        191.96.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:ec:b0:6e:78:d3:55:11:4b:32:3e:cf:eb:b2:27:7c:f7:31:11:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  7 09:21:46 2024 GMT
            Not After : Oct  6 09:26:46 2025 GMT
        Subject: CN=41F50450FF41F9A21E735318DEEC899718659358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:79:41:57:88:5c:e5:41:f3:ab:85:9e:de:7b:
                    16:fc:8b:b6:8f:a0:09:3a:0a:ce:98:6a:d2:ef:eb:
                    7f:11:ca:61:48:70:72:3c:a0:69:21:bf:e9:0b:29:
                    a5:8f:8c:36:98:e9:4d:90:bd:3c:d3:da:9f:0b:e9:
                    17:aa:c0:8f:f4:20:05:f3:cc:91:97:f8:f6:94:96:
                    64:10:4f:9b:7b:c9:14:ca:22:45:41:01:42:01:ba:
                    7c:1d:75:2c:c4:c2:aa:f5:84:83:46:55:53:58:fb:
                    83:32:ca:a8:52:33:ff:53:c5:f3:56:7e:45:4b:af:
                    b1:98:a4:27:d1:f3:1f:6b:8d:b6:1a:ba:5a:6c:51:
                    c6:f8:20:5b:58:07:2f:8e:42:3e:fd:01:d6:a1:27:
                    c3:50:27:8d:d5:7d:b7:d8:18:6b:27:9c:5a:4c:a3:
                    78:d0:26:e5:a1:c5:94:01:46:5e:7c:54:3f:b2:e8:
                    2e:92:16:ca:fd:d0:3d:90:00:6c:4f:4b:63:1c:00:
                    07:2d:fa:f8:df:d6:ee:54:25:e0:a1:3a:13:26:44:
                    2d:b1:d3:64:a2:08:b2:19:35:30:70:0f:99:b8:94:
                    bc:1a:26:ff:cd:ee:01:43:e5:5b:df:2a:be:61:22:
                    11:d6:03:84:e9:90:bf:1b:0a:90:8d:64:99:bb:9e:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F5:04:50:FF:41:F9:A2:1E:73:53:18:DE:EC:89:97:18:65:93:58
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395954.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:1d:24:f0:94:8d:4d:6a:f4:63:ea:35:57:ca:7a:38:e1:d9:
         36:c1:7f:21:fd:8e:d2:c0:45:7f:dc:46:13:4e:c5:b7:70:13:
         5c:63:42:d0:20:5d:15:4d:fb:74:ad:43:38:2f:14:20:3f:53:
         1b:bb:55:56:a5:fc:89:1e:f3:ad:f7:b3:e5:55:de:71:28:81:
         2e:e1:6c:17:6a:52:28:fd:f2:25:0c:40:82:fd:9d:d3:3d:3f:
         dd:11:1a:d6:83:29:11:15:2c:7f:ef:73:de:f9:26:bb:9a:b8:
         26:50:63:02:74:6c:af:fc:1c:2e:4b:f1:1d:82:da:e2:59:74:
         1c:cd:cd:df:28:12:c4:75:18:12:2b:12:c0:7c:9c:b9:75:be:
         33:44:16:c1:53:84:3c:a7:b0:30:2e:ce:79:f5:d1:0b:c6:90:
         f7:94:40:b1:1b:cd:f8:4a:5b:79:cf:7c:be:b0:68:e8:40:b6:
         54:64:68:91:3c:0f:ee:e7:4b:f6:c4:7c:3f:3c:d1:cd:9f:40:
         a3:41:19:52:c9:4d:9f:9a:fb:76:cf:64:86:9f:c4:b8:7e:38:
         ca:a6:4c:46:eb:39:39:51:fb:55:01:b0:78:2b:30:61:24:5e:
         75:5e:2f:3f:8f:e6:3f:00:f7:81:0d:8c:8b:7b:be:6e:4b:be:
         1e:46:f1:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB+ywbnjTVRFLMj7P67InfPcxEdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDcwOTIxNDZaFw0yNTEwMDYwOTI2NDZaMDMxMTAvBgNV
BAMTKDQxRjUwNDUwRkY0MUY5QTIxRTczNTMxOERFRUM4OTk3MTg2NTkzNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjeUFXiFzlQfOrhZ7eexb8i7aP
oAk6Cs6YatLv638RymFIcHI8oGkhv+kLKaWPjDaY6U2QvTzT2p8L6ReqwI/0IAXz
zJGX+PaUlmQQT5t7yRTKIkVBAUIBunwddSzEwqr1hINGVVNY+4MyyqhSM/9TxfNW
fkVLr7GYpCfR8x9rjbYaulpsUcb4IFtYBy+OQj79AdahJ8NQJ43VfbfYGGsnnFpM
o3jQJuWhxZQBRl58VD+y6C6SFsr90D2QAGxPS2McAAct+vjf1u5UJeChOhMmRC2x
02SiCLIZNTBwD5m4lLwaJv/N7gFD5VvfKr5hIhHWA4TpkL8bCpCNZJm7nkK5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQfUEUP9B+aIec1MY3uyJlxhlk1gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk1OTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2B1
MA0GCSqGSIb3DQEBCwUAA4IBAQBEHSTwlI1NavRj6jVXyno44dk2wX8h/Y7SwEV/
3EYTTsW3cBNcY0LQIF0VTft0rUM4LxQgP1Mbu1VWpfyJHvOt97PlVd5xKIEu4WwX
alIo/fIlDECC/Z3TPT/dERrWgykRFSx/73Pe+Sa7mrgmUGMCdGyv/BwuS/Edgtri
WXQczc3fKBLEdRgSKxLAfJy5db4zRBbBU4Q8p7AwLs559dELxpD3lECxG834Slt5
z3y+sGjoQLZUZGiRPA/u50v2xHw/PNHNn0CjQRlSyU2fmvt2z2SGn8S4fjjKpkxG
6zk5UftVAbB4KzBhJF51Xi8/j+Y/APeBDYyLe75uS74eRvHF
-----END CERTIFICATE-----