Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa
File:                     AS54098.roa (raw, json)
Hash identifier:          LAgtxZAJ6fOCOlrMhI0q0t+DlQ1UMWLuHd9640NVO3g=
Subject key identifier:   D5:BA:8A:66:4C:B9:4B:C6:05:70:36:BD:D0:E1:36:79:1C:DD:4E:01
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7195E2DB9DBC18D63F49026AC219A7195424B41D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa
Signing time:             Thu 31 Oct 2024 13:43:26 +0000
ROA not before:           Thu 31 Oct 2024 13:38:26 +0000
ROA not after:            Thu 30 Oct 2025 13:43:26 +0000
asID:                     54098
IP address blocks:        91.198.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:95:e2:db:9d:bc:18:d6:3f:49:02:6a:c2:19:a7:19:54:24:b4:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 31 13:38:26 2024 GMT
            Not After : Oct 30 13:43:26 2025 GMT
        Subject: CN=D5BA8A664CB94BC6057036BDD0E136791CDD4E01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:db:74:a8:d7:e2:a6:1d:06:cc:83:d4:8e:ea:
                    5d:74:8e:7b:98:38:33:38:34:17:e6:fe:ea:a2:bf:
                    b3:c5:3d:78:25:f8:f3:a3:4d:af:ba:db:b5:8f:f5:
                    62:dd:14:b4:28:9a:1c:78:e4:15:f9:61:d2:c5:e3:
                    38:81:31:9d:44:c1:ea:5d:f7:d7:d4:78:07:28:5c:
                    b8:05:40:2d:56:ef:e1:c1:98:51:9a:ab:0a:a2:dc:
                    cd:ea:16:f7:81:c2:a4:e8:7d:65:d3:5e:31:75:14:
                    e2:d9:f2:33:36:9a:b4:c1:fe:8b:8f:17:3e:09:b6:
                    3b:2e:41:b8:9d:d0:ac:06:a7:8c:fc:b8:b3:21:26:
                    c9:47:a9:79:6b:c4:ae:b7:93:47:0e:d6:7f:df:11:
                    5c:06:44:9c:37:35:62:d0:2c:18:2f:f8:89:0c:fe:
                    32:c5:c4:5e:7a:e0:08:32:9c:32:0a:ce:29:02:92:
                    81:32:3a:f4:2b:17:d8:6a:66:fc:11:c4:c8:f8:8a:
                    97:a6:ef:ed:fe:a8:33:8c:d3:9d:ab:14:7d:88:a6:
                    c4:5b:ee:d7:ae:96:4e:bd:5e:b0:62:43:0f:2b:7d:
                    f8:30:16:bb:51:3b:ba:52:5c:12:5b:b7:98:e5:dc:
                    03:1e:87:1f:5d:6d:c5:dd:e9:70:17:c6:c9:f2:aa:
                    77:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BA:8A:66:4C:B9:4B:C6:05:70:36:BD:D0:E1:36:79:1C:DD:4E:01
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:16:90:90:7c:da:97:8a:a3:8c:55:dd:1e:c2:d4:1e:c7:cc:
         46:05:74:cb:4e:46:e3:ec:38:2c:ea:23:a4:3e:8f:43:a7:b9:
         75:90:c4:65:1a:62:60:ed:91:6e:43:be:a4:ed:76:78:86:bc:
         bd:0e:05:91:dc:3c:9a:4d:27:5e:6f:33:71:ec:c1:3f:0e:8b:
         5d:8d:02:a9:85:53:75:09:0b:e4:36:2f:12:da:50:8a:69:8f:
         57:59:c3:f3:ed:c3:26:f6:da:41:a9:25:9d:5a:75:d3:58:98:
         be:8b:2e:7c:da:81:cf:b9:e1:77:ab:89:e0:f3:12:c3:78:ef:
         1f:93:e7:a2:27:20:16:87:be:9a:5b:9b:fc:34:e2:e9:e5:e9:
         71:00:25:11:c0:a2:30:97:97:15:b1:27:f1:75:75:1f:a0:8c:
         e9:25:93:d7:c6:a1:4c:f4:e1:46:62:57:cd:be:5b:ae:b3:f4:
         a8:99:1c:70:b9:d5:41:4c:4f:40:12:99:4a:71:2b:e0:1f:86:
         7a:4e:04:d5:c1:f2:f6:4b:04:e0:c2:3f:f7:0a:c9:bc:25:5d:
         f1:2e:cc:36:a9:21:6d:38:1f:5c:8a:98:0f:73:4d:71:f2:5d:
         a7:b1:22:31:bd:36:d2:6b:c1:d2:e2:12:45:91:b3:d4:50:1a:
         32:06:a8:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUcZXi2528GNY/SQJqwhmnGVQktB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzExMzM4MjZaFw0yNTEwMzAxMzQzMjZaMDMxMTAvBgNV
BAMTKEQ1QkE4QTY2NENCOTRCQzYwNTcwMzZCREQwRTEzNjc5MUNERDRFMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS23So1+KmHQbMg9SO6l10jnuY
ODM4NBfm/uqiv7PFPXgl+POjTa+627WP9WLdFLQomhx45BX5YdLF4ziBMZ1Ewepd
99fUeAcoXLgFQC1W7+HBmFGaqwqi3M3qFveBwqTofWXTXjF1FOLZ8jM2mrTB/ouP
Fz4JtjsuQbid0KwGp4z8uLMhJslHqXlrxK63k0cO1n/fEVwGRJw3NWLQLBgv+IkM
/jLFxF564AgynDIKzikCkoEyOvQrF9hqZvwRxMj4ipem7+3+qDOM052rFH2IpsRb
7teulk69XrBiQw8rffgwFrtRO7pSXBJbt5jl3AMehx9dbcXd6XAXxsnyqne9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU1bqKZky5S8YFcDa90OE2eRzdTgEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTQwOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbxnMw
DQYJKoZIhvcNAQELBQADggEBAK4WkJB82peKo4xV3R7C1B7HzEYFdMtORuPsOCzq
I6Q+j0OnuXWQxGUaYmDtkW5DvqTtdniGvL0OBZHcPJpNJ15vM3HswT8Oi12NAqmF
U3UJC+Q2LxLaUIppj1dZw/Ptwyb22kGpJZ1addNYmL6LLnzagc+54XerieDzEsN4
7x+T56InIBaHvppbm/w04unl6XEAJRHAojCXlxWxJ/F1dR+gjOklk9fGoUz04UZi
V82+W66z9KiZHHC51UFMT0ASmUpxK+AfhnpOBNXB8vZLBODCP/cKybwlXfEuzDap
IW04H1yKmA9zTXHyXaexIjG9NtJrwdLiEkWRs9RQGjIGqEY=
-----END CERTIFICATE-----