Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa
File:                     AS58955.roa (raw, json)
Hash identifier:          A4qjRQxhjSlZGGJkawSZkBJuVpBV9gXz0KuxoT+xeNg=
Subject key identifier:   88:5D:B8:11:28:BF:93:2A:7B:3D:B6:C5:F0:89:D9:FD:CD:BC:1A:C3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0E3E97560C48B779A1D8F6348E52839989D3040E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     58955
IP address blocks:        191.96.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:3e:97:56:0c:48:b7:79:a1:d8:f6:34:8e:52:83:99:89:d3:04:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=885DB81128BF932A7B3DB6C5F089D9FDCDBC1AC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c0:77:ad:b4:30:e0:04:d3:f8:2d:92:ec:1a:
                    20:17:37:67:10:4e:5b:fe:35:ee:44:1a:71:4f:cb:
                    01:ee:99:c8:c3:70:39:51:34:67:5c:9e:17:0e:a1:
                    70:60:4a:21:af:5e:2a:bc:a9:9e:40:6f:59:85:6a:
                    65:c8:a0:fa:54:df:0c:ff:ef:df:ac:43:41:e5:4d:
                    63:32:a7:1a:c2:bd:4b:d7:0e:a8:d3:6d:6b:9f:13:
                    62:be:1c:c5:ad:a5:a0:f8:b3:39:03:7e:76:c7:88:
                    98:57:8b:d2:3a:de:4f:6d:db:b4:7c:18:1b:d5:03:
                    0a:fb:c2:ba:12:fd:b5:17:a6:c5:57:ca:50:a7:7b:
                    71:88:8f:71:eb:bf:53:53:6a:01:4b:76:8b:2a:c0:
                    a8:36:51:3d:b5:c8:7c:a4:2e:19:9a:7a:ad:8f:92:
                    bb:32:f1:5a:af:3e:21:c0:e5:f9:70:11:1a:06:ea:
                    33:eb:e1:33:ac:95:5b:84:e3:c4:dc:79:ad:f3:29:
                    71:88:39:09:8b:40:1d:d0:64:28:70:5d:46:5b:58:
                    8e:07:a0:9a:c8:6e:92:28:c8:35:be:d2:0a:9b:9e:
                    9d:55:6e:aa:b2:b0:25:74:26:44:44:a9:d0:1e:97:
                    61:c5:46:42:7e:3a:5d:52:d8:1d:8f:df:64:78:b5:
                    fc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5D:B8:11:28:BF:93:2A:7B:3D:B6:C5:F0:89:D9:FD:CD:BC:1A:C3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS58955.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:5e:ed:77:a4:06:a4:9f:f7:15:84:a2:37:ff:e0:49:a1:35:
         d2:25:01:95:c5:5a:05:30:18:10:fc:89:19:c9:45:e8:1f:96:
         1e:68:1a:19:5d:aa:89:21:5b:58:1d:75:1a:39:20:07:39:90:
         ba:6e:b0:51:b8:a2:3b:4c:3e:9f:8f:ab:00:56:b8:b4:5b:0e:
         71:c7:dd:b3:54:d3:a5:8e:a0:fe:6e:ee:e0:2e:42:0a:53:c9:
         a9:98:5b:d3:55:2a:b2:21:51:10:79:1c:fe:c9:1c:21:0b:26:
         a4:76:d4:3c:27:99:1a:9d:73:46:76:48:d9:31:3f:51:b0:75:
         65:29:4d:c1:de:44:09:87:50:e3:d4:20:e3:d3:b5:a5:3c:db:
         65:3f:2c:b5:23:c6:41:cd:3a:d8:a9:c2:40:e7:d8:a8:92:c4:
         43:20:d4:da:2a:2d:92:54:cf:fb:78:7b:1f:5a:70:48:15:e1:
         7f:44:2e:f2:58:05:34:cc:5c:17:c3:f2:77:6d:f8:11:2a:59:
         cb:95:10:03:8c:78:04:55:ba:07:5a:a9:9a:48:fa:c8:01:bd:
         2e:f5:e2:2f:19:53:b7:b9:a9:96:d3:85:88:36:52:09:86:e6:
         b5:26:37:fc:23:83:85:3d:60:b9:90:36:80:e5:a0:25:c6:34:
         bd:bf:42:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDj6XVgxIt3mh2PY0jlKDmYnTBA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKDg4NURCODExMjhCRjkzMkE3QjNEQjZDNUYwODlEOUZEQ0RCQzFBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnwHettDDgBNP4LZLsGiAXN2cQ
Tlv+Ne5EGnFPywHumcjDcDlRNGdcnhcOoXBgSiGvXiq8qZ5Ab1mFamXIoPpU3wz/
79+sQ0HlTWMypxrCvUvXDqjTbWufE2K+HMWtpaD4szkDfnbHiJhXi9I63k9t27R8
GBvVAwr7wroS/bUXpsVXylCne3GIj3Hrv1NTagFLdosqwKg2UT21yHykLhmaeq2P
krsy8VqvPiHA5flwERoG6jPr4TOslVuE48Tcea3zKXGIOQmLQB3QZChwXUZbWI4H
oJrIbpIoyDW+0gqbnp1VbqqysCV0JkREqdAel2HFRkJ+Ol1S2B2P32R4tfy/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUiF24ESi/kyp7PbbF8InZ/c28GsMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTg5NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YHcw
DQYJKoZIhvcNAQELBQADggEBAGNe7XekBqSf9xWEojf/4EmhNdIlAZXFWgUwGBD8
iRnJRegflh5oGhldqokhW1gddRo5IAc5kLpusFG4ojtMPp+PqwBWuLRbDnHH3bNU
06WOoP5u7uAuQgpTyamYW9NVKrIhURB5HP7JHCELJqR21DwnmRqdc0Z2SNkxP1Gw
dWUpTcHeRAmHUOPUIOPTtaU822U/LLUjxkHNOtipwkDn2KiSxEMg1NoqLZJUz/t4
ex9acEgV4X9ELvJYBTTMXBfD8ndt+BEqWcuVEAOMeARVugdaqZpI+sgBvS714i8Z
U7e5qZbThYg2UgmG5rUmN/wjg4U9YLmQNoDloCXGNL2/Qus=
-----END CERTIFICATE-----