Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29538.roa
File:                     AS29538.roa (raw, json)
Hash identifier:          mzfoptLOlaYvrEgsLTwNc1lQ9jKFDZpBacMEFO+jabc=
Subject key identifier:   4F:5F:03:17:A1:35:89:6B:27:8B:9F:69:45:DC:54:85:41:96:DD:E3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       088B107355A952FCCB244D9A574ED85A78F18097
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29538.roa
Signing time:             Thu 14 Nov 2024 08:43:28 +0000
ROA not before:           Thu 14 Nov 2024 08:38:28 +0000
ROA not after:            Thu 13 Nov 2025 08:43:28 +0000
asID:                     29538
IP address blocks:        147.78.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:8b:10:73:55:a9:52:fc:cb:24:4d:9a:57:4e:d8:5a:78:f1:80:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 14 08:38:28 2024 GMT
            Not After : Nov 13 08:43:28 2025 GMT
        Subject: CN=4F5F0317A135896B278B9F6945DC54854196DDE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c4:67:61:87:50:87:c7:1b:bc:d5:8d:96:59:
                    1d:70:c4:97:d0:3b:3f:1f:de:ee:25:a9:25:63:0b:
                    00:d2:88:81:6c:84:62:99:a5:3d:63:34:e1:0d:3d:
                    9d:1c:db:e6:a0:90:da:c4:5f:f7:37:45:cf:e0:42:
                    04:bb:98:fa:87:33:01:9e:ca:98:bb:4f:6c:78:db:
                    d9:f4:85:61:7f:4a:c5:05:85:58:fb:12:67:81:7e:
                    4e:01:50:a0:b6:94:ed:3a:4f:74:64:50:c6:f2:fe:
                    c6:d2:c6:04:75:23:54:37:70:d5:b4:c4:e1:c4:9b:
                    f8:14:fe:dc:bc:55:7c:23:45:ef:30:d8:a1:11:8d:
                    f0:dc:ff:88:68:95:1c:cd:6e:89:74:75:30:04:f7:
                    f5:2c:05:e3:c4:3b:e8:c1:d6:b8:ee:36:2c:be:c6:
                    12:b0:49:cf:a7:f3:b9:ea:1f:ca:71:77:17:63:02:
                    4a:46:bd:40:db:94:ad:bd:5d:bb:e6:35:12:aa:f4:
                    c9:26:33:75:d9:1e:2d:f0:6c:22:69:f3:34:19:7a:
                    1e:47:0d:1b:87:79:01:a6:0d:f1:a5:b1:d0:cd:d7:
                    d4:ac:ef:14:0a:e7:18:09:7d:d0:92:ad:03:c8:6a:
                    69:9a:85:0a:10:a4:c1:93:1b:c1:72:0e:88:c2:6e:
                    8e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:5F:03:17:A1:35:89:6B:27:8B:9F:69:45:DC:54:85:41:96:DD:E3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS29538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:49:a1:6a:b6:73:c4:10:ac:54:a2:c7:17:c5:61:a4:5d:95:
         5e:e8:3e:86:a1:85:aa:5e:ea:b0:36:64:41:4d:f7:81:c1:da:
         05:8b:75:f1:ab:60:ff:b3:25:d3:68:7d:72:7a:cc:b7:31:9c:
         2c:80:5f:83:75:9b:20:46:31:02:4a:f3:d4:0f:57:20:a3:bb:
         40:bb:60:38:43:31:5c:f6:de:6f:8e:d4:96:aa:7f:ad:12:12:
         86:bb:01:ae:0c:e5:86:af:b5:e2:db:ac:6f:e8:83:4b:6c:0a:
         22:b7:63:57:8f:a4:9c:f3:e8:c5:65:08:74:0e:76:73:8a:a2:
         41:bb:0a:a7:c5:67:c0:ce:34:5a:ce:71:58:4d:e8:b3:65:0d:
         da:ab:66:9a:ca:e3:e1:fc:9c:a4:81:16:4d:62:02:99:a7:10:
         e8:d2:46:6c:bc:f0:33:a8:a6:65:64:c8:2e:41:95:69:43:96:
         e4:d0:53:03:23:35:f8:d6:1d:55:a7:d9:26:ed:ae:9b:49:98:
         56:f8:7b:1c:de:3d:50:7c:81:2b:ee:10:17:e8:12:2b:c0:bc:
         77:9e:29:ea:fb:09:72:6f:a5:93:e0:ef:00:82:88:ef:67:23:
         2b:9e:2a:0e:0d:40:e5:d8:b5:74:c9:23:28:ef:40:f5:74:ec:
         1a:d7:30:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUCIsQc1WpUvzLJE2aV07YWnjxgJcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDExMTQwODM4MjhaFw0yNTExMTMwODQzMjhaMDMxMTAvBgNV
BAMTKDRGNUYwMzE3QTEzNTg5NkIyNzhCOUY2OTQ1REM1NDg1NDE5NkRERTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6xGdhh1CHxxu81Y2WWR1wxJfQ
Oz8f3u4lqSVjCwDSiIFshGKZpT1jNOENPZ0c2+agkNrEX/c3Rc/gQgS7mPqHMwGe
ypi7T2x429n0hWF/SsUFhVj7EmeBfk4BUKC2lO06T3RkUMby/sbSxgR1I1Q3cNW0
xOHEm/gU/ty8VXwjRe8w2KERjfDc/4holRzNbol0dTAE9/UsBePEO+jB1rjuNiy+
xhKwSc+n87nqH8pxdxdjAkpGvUDblK29XbvmNRKq9MkmM3XZHi3wbCJp8zQZeh5H
DRuHeQGmDfGlsdDN19Ss7xQK5xgJfdCSrQPIammahQoQpMGTG8FyDojCbo7VAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUT18DF6E1iWsni59pRdxUhUGW3eMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjk1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTnkw
DQYJKoZIhvcNAQELBQADggEBAJNJoWq2c8QQrFSixxfFYaRdlV7oPoahhape6rA2
ZEFN94HB2gWLdfGrYP+zJdNofXJ6zLcxnCyAX4N1myBGMQJK89QPVyCju0C7YDhD
MVz23m+O1Jaqf60SEoa7Aa4M5YavteLbrG/og0tsCiK3Y1ePpJzz6MVlCHQOdnOK
okG7CqfFZ8DONFrOcVhN6LNlDdqrZprK4+H8nKSBFk1iApmnEOjSRmy88DOopmVk
yC5BlWlDluTQUwMjNfjWHVWn2SbtrptJmFb4exzePVB8gSvuEBfoEivAvHeeKer7
CXJvpZPg7wCCiO9nIyueKg4NQOXYtXTJIyjvQPV07BrXMLY=
-----END CERTIFICATE-----