Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54252.roa
File:                     AS54252.roa (raw, json)
Hash identifier:          AmqwzGznH2Mx/IiqN502823wZisOomlZVmn90d7bLMs=
Subject key identifier:   B8:E9:36:D6:F9:31:71:72:FA:D7:22:8E:AE:27:1A:22:DE:EE:8A:9B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4DD4176856E94DEBDFD822193CC0AF8EC4E9039A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54252.roa
Signing time:             Mon 22 Jan 2024 07:39:45 +0000
ROA not before:           Mon 22 Jan 2024 07:34:45 +0000
ROA not after:            Mon 20 Jan 2025 07:39:45 +0000
asID:                     54252
IP address blocks:        147.78.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d4:17:68:56:e9:4d:eb:df:d8:22:19:3c:c0:af:8e:c4:e9:03:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 22 07:34:45 2024 GMT
            Not After : Jan 20 07:39:45 2025 GMT
        Subject: CN=B8E936D6F9317172FAD7228EAE271A22DEEE8A9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:66:cf:20:a4:27:5d:f5:cb:ed:63:0c:10:54:
                    e0:d9:03:f4:1c:a2:9c:aa:db:61:d2:a1:71:62:e4:
                    91:20:c8:a3:72:09:0d:86:da:29:84:45:db:cb:4d:
                    26:cf:75:fb:e4:37:2c:b8:cb:26:a0:f8:56:28:28:
                    3b:5d:34:70:ec:ec:b1:ca:b5:2c:a2:62:a9:37:1b:
                    c3:ee:19:48:52:63:48:fe:c6:d5:3e:3c:d4:cb:c9:
                    c1:2d:b9:d5:e2:f3:d6:2e:5d:da:75:3b:8a:3c:f2:
                    5a:b4:03:f8:7f:59:d7:0c:60:4d:c7:65:70:a5:08:
                    de:d3:3c:72:31:bb:1b:26:b4:cd:7f:dc:6c:7a:f8:
                    6d:cb:43:82:42:d5:67:88:85:af:63:79:2f:4f:ef:
                    db:63:4d:78:c5:6f:b0:9d:48:b2:d5:be:96:b6:3e:
                    03:e2:fc:00:79:70:db:df:df:07:ae:0b:4e:5e:2c:
                    12:ff:bf:e0:f5:3c:42:38:ff:8b:43:c3:e7:d9:e1:
                    25:13:93:2c:4b:a4:18:a9:9b:7d:16:d7:22:01:de:
                    bc:87:cb:96:a9:97:0d:67:4f:47:24:df:6e:c4:ad:
                    2b:d3:96:89:99:00:d3:73:f5:4a:2d:1a:d4:0a:db:
                    94:0c:99:6a:ea:1a:59:6e:35:37:b1:d3:5f:69:d0:
                    64:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E9:36:D6:F9:31:71:72:FA:D7:22:8E:AE:27:1A:22:DE:EE:8A:9B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS54252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ac:9a:3d:b2:02:47:c7:4f:4a:84:65:a2:23:b5:ce:82:20:
         df:28:bc:6e:32:7b:bb:ba:33:6a:d3:b9:e4:3c:a3:4e:a3:0c:
         1b:4b:4a:6d:bb:1c:78:44:81:c4:32:e5:a9:58:27:7f:55:5a:
         2c:58:f2:4c:0d:3f:02:e6:6f:b3:5f:d7:21:d2:5d:8a:a4:79:
         c5:fd:20:92:e4:e3:3a:e4:78:e7:62:40:91:95:c9:4f:fb:21:
         6d:b8:96:bc:a3:4f:a2:49:67:b7:2a:8d:ba:e3:85:f5:d1:9b:
         5c:24:ae:e0:ac:22:0b:1c:b9:65:c4:ab:26:df:77:56:15:56:
         f1:f3:51:65:7c:6e:06:f3:fa:69:96:69:6b:d5:1a:80:3e:fe:
         9a:df:bd:f0:e2:aa:45:67:13:4b:3f:96:92:36:39:ea:d2:97:
         9d:51:50:26:0b:84:f5:43:7b:c0:e9:b3:42:60:cf:e4:c0:29:
         c7:b0:3b:23:07:8b:d7:3c:d7:de:85:75:68:7b:07:f0:11:7b:
         51:05:86:40:29:88:d7:71:4e:f9:e1:df:0f:1c:14:8c:c3:a1:
         0d:fa:63:59:71:22:49:f2:23:57:7e:b9:a6:1c:bc:c0:0e:d8:
         11:09:fd:d4:66:6e:ae:ad:cd:d7:a0:a9:4d:c2:9d:73:ef:b9:
         7c:78:54:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTdQXaFbpTevf2CIZPMCvjsTpA5owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjIwNzM0NDVaFw0yNTAxMjAwNzM5NDVaMDMxMTAvBgNV
BAMTKEI4RTkzNkQ2RjkzMTcxNzJGQUQ3MjI4RUFFMjcxQTIyREVFRThBOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPZs8gpCdd9cvtYwwQVODZA/Qc
opyq22HSoXFi5JEgyKNyCQ2G2imERdvLTSbPdfvkNyy4yyag+FYoKDtdNHDs7LHK
tSyiYqk3G8PuGUhSY0j+xtU+PNTLycEtudXi89YuXdp1O4o88lq0A/h/WdcMYE3H
ZXClCN7TPHIxuxsmtM1/3Gx6+G3LQ4JC1WeIha9jeS9P79tjTXjFb7CdSLLVvpa2
PgPi/AB5cNvf3weuC05eLBL/v+D1PEI4/4tDw+fZ4SUTkyxLpBipm30W1yIB3ryH
y5aplw1nT0ck327ErSvTlomZANNz9UotGtQK25QMmWrqGlluNTex019p0GQ7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuOk21vkxcXL61yKOricaIt7uipswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTQyNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTnow
DQYJKoZIhvcNAQELBQADggEBAKWsmj2yAkfHT0qEZaIjtc6CIN8ovG4ye7u6M2rT
ueQ8o06jDBtLSm27HHhEgcQy5alYJ39VWixY8kwNPwLmb7Nf1yHSXYqkecX9IJLk
4zrkeOdiQJGVyU/7IW24lryjT6JJZ7cqjbrjhfXRm1wkruCsIgscuWXEqybfd1YV
VvHzUWV8bgbz+mmWaWvVGoA+/prfvfDiqkVnE0s/lpI2OerSl51RUCYLhPVDe8Dp
s0Jgz+TAKcewOyMHi9c8196FdWh7B/ARe1EFhkApiNdxTvnh3w8cFIzDoQ36Y1lx
IknyI1d+uaYcvMAO2BEJ/dRmbq6tzdegqU3CnXPvuXx4VOI=
-----END CERTIFICATE-----