Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa
File:                     AS53991.roa (raw, json)
Hash identifier:          fY6nm83MWs1HXLsFeuogRKW5or59DUWYDJ9jSJiMnw4=
Subject key identifier:   5B:BA:68:D1:3A:6B:51:B9:88:4F:57:DC:A5:3F:8A:F6:44:49:FD:D2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       590153FCE1EA60D1730FE83B15DD0D6A8779C694
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa
Signing time:             Fri 02 Feb 2024 19:05:12 +0000
ROA not before:           Fri 02 Feb 2024 19:00:12 +0000
ROA not after:            Fri 31 Jan 2025 19:05:12 +0000
asID:                     53991
IP address blocks:        181.215.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:01:53:fc:e1:ea:60:d1:73:0f:e8:3b:15:dd:0d:6a:87:79:c6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  2 19:00:12 2024 GMT
            Not After : Jan 31 19:05:12 2025 GMT
        Subject: CN=5BBA68D13A6B51B9884F57DCA53F8AF64449FDD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:23:76:d4:48:f4:34:96:d0:0a:d1:68:7b:33:
                    c9:ee:08:94:63:c4:13:03:fa:73:bc:e6:58:c2:e3:
                    b1:75:e5:0c:f5:ed:3b:4b:75:8a:f3:db:8d:17:36:
                    71:fc:fe:62:81:4e:e2:7a:6e:0e:99:37:57:3a:1c:
                    97:85:d9:06:98:27:95:6a:44:cd:0a:1f:08:98:17:
                    1d:fb:c9:bd:d2:85:41:c6:05:45:8d:2f:ef:a8:42:
                    3e:a2:d5:05:a7:7b:01:4a:cc:fc:e7:26:7a:f6:d3:
                    3f:df:7c:25:c9:f3:64:f4:6c:c6:f4:d0:73:00:8d:
                    07:08:ec:3a:45:e0:e3:16:ce:31:89:56:4f:12:5f:
                    9b:9f:8f:56:97:66:8d:31:96:57:87:0a:42:40:0f:
                    bf:97:0d:d9:4f:b6:ab:6d:27:10:78:94:fc:bf:a1:
                    ef:d3:10:de:43:ae:0f:0f:f0:f4:10:2e:94:29:89:
                    f0:59:92:ff:1e:1a:b9:79:cf:a9:83:6f:47:28:58:
                    0a:c7:38:8a:74:92:c7:3d:f6:b9:af:06:2e:f2:7e:
                    81:bb:a7:0b:04:6a:07:a5:ca:40:06:40:5b:fe:1a:
                    ba:50:2a:1c:f9:b9:17:85:95:04:6f:52:6b:b5:71:
                    bd:a0:21:2a:0b:39:ba:f0:b0:37:cb:85:6d:11:13:
                    2b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BA:68:D1:3A:6B:51:B9:88:4F:57:DC:A5:3F:8A:F6:44:49:FD:D2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:1e:03:84:2b:c7:72:01:04:c6:1d:3f:bf:60:56:72:18:61:
         ba:32:bb:63:2e:d8:b7:07:38:58:31:6b:e5:69:1d:89:2c:77:
         76:d3:51:27:d5:53:e5:df:3d:46:8b:f9:00:c0:2f:6f:15:95:
         43:c0:06:c4:38:89:78:e7:93:57:f1:ff:14:fe:b3:17:31:73:
         b5:44:ad:f7:fa:3c:d3:ce:5c:24:d5:84:8f:66:99:4f:1c:49:
         8a:c6:ce:75:78:80:58:69:3a:67:fa:2f:72:c3:f1:f3:9c:46:
         e5:44:26:db:1c:38:84:4e:83:ad:52:69:9b:c8:29:27:d3:33:
         f9:db:6f:97:d0:eb:a6:f9:74:f1:32:5c:5d:cd:5b:e4:b6:3b:
         59:b7:09:29:05:ac:91:b0:c1:b1:dc:df:25:50:b2:8e:d0:52:
         ef:a3:cc:18:0b:3d:f0:8f:0f:e4:fa:50:e7:24:5e:34:d5:2f:
         ef:84:15:4d:ac:40:57:39:34:17:08:b6:1f:03:73:fb:69:90:
         3d:ab:1b:98:cc:ff:a3:1a:98:d0:ec:26:09:b2:77:71:cf:64:
         63:df:91:14:d8:2b:c7:ec:4b:e3:08:22:1c:1e:d0:c2:c3:e8:
         7d:1d:d3:5e:05:1b:6f:8a:9b:16:3c:bf:21:2f:12:4c:fc:2c:
         9f:cd:99:51
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWQFT/OHqYNFzD+g7Fd0Naod5xpQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMDIxOTAwMTJaFw0yNTAxMzExOTA1MTJaMDMxMTAvBgNV
BAMTKDVCQkE2OEQxM0E2QjUxQjk4ODRGNTdEQ0E1M0Y4QUY2NDQ0OUZERDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoI3bUSPQ0ltAK0Wh7M8nuCJRj
xBMD+nO85ljC47F15Qz17TtLdYrz240XNnH8/mKBTuJ6bg6ZN1c6HJeF2QaYJ5Vq
RM0KHwiYFx37yb3ShUHGBUWNL++oQj6i1QWnewFKzPznJnr20z/ffCXJ82T0bMb0
0HMAjQcI7DpF4OMWzjGJVk8SX5ufj1aXZo0xlleHCkJAD7+XDdlPtqttJxB4lPy/
oe/TEN5Drg8P8PQQLpQpifBZkv8eGrl5z6mDb0coWArHOIp0ksc99rmvBi7yfoG7
pwsEagelykAGQFv+GrpQKhz5uReFlQRvUmu1cb2gISoLObrwsDfLhW0REyu9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW7po0TprUbmIT1fcpT+K9kRJ/dIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTM5OTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11x4w
DQYJKoZIhvcNAQELBQADggEBAC0eA4Qrx3IBBMYdP79gVnIYYboyu2Mu2LcHOFgx
a+VpHYksd3bTUSfVU+XfPUaL+QDAL28VlUPABsQ4iXjnk1fx/xT+sxcxc7VErff6
PNPOXCTVhI9mmU8cSYrGznV4gFhpOmf6L3LD8fOcRuVEJtscOIROg61SaZvIKSfT
M/nbb5fQ66b5dPEyXF3NW+S2O1m3CSkFrJGwwbHc3yVQso7QUu+jzBgLPfCPD+T6
UOckXjTVL++EFU2sQFc5NBcIth8Dc/tpkD2rG5jM/6MamNDsJgmyd3HPZGPfkRTY
K8fsS+MIIhwe0MLD6H0d014FG2+KmxY8vyEvEkz8LJ/NmVE=
-----END CERTIFICATE-----