Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa
File:                     AS5511.roa (raw, json)
Hash identifier:          +vl9azSUMGeDaaNG6Uel5/M0PJHAFIAa7t6cog2fAQ8=
Subject key identifier:   C2:C1:18:1C:05:08:EF:E9:B9:40:CE:97:3C:53:D2:1D:BD:09:ED:49
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1A4C145F51D8ECE4B67615C09FBEDEF0DAF9E2FC
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa
Signing time:             Fri 02 Aug 2024 16:05:00 +0000
ROA not before:           Fri 02 Aug 2024 16:00:00 +0000
ROA not after:            Fri 01 Aug 2025 16:05:00 +0000
asID:                     5511
IP address blocks:        45.154.104.0/24 maxlen: 24
                          193.29.97.0/24 maxlen: 24
                          193.151.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:4c:14:5f:51:d8:ec:e4:b6:76:15:c0:9f:be:de:f0:da:f9:e2:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  2 16:00:00 2024 GMT
            Not After : Aug  1 16:05:00 2025 GMT
        Subject: CN=C2C1181C0508EFE9B940CE973C53D21DBD09ED49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4d:ec:3c:6f:4a:fb:a4:af:4d:e3:9e:40:50:
                    cb:8a:d9:2c:f1:c5:8f:8f:f3:ab:3f:b5:82:c1:ec:
                    69:e7:c5:1e:c7:51:e6:a9:c5:cc:3d:0b:2f:0f:e8:
                    68:14:2f:5e:6f:3d:59:b0:75:a7:18:e6:fb:e2:2f:
                    b6:e7:78:16:5a:c2:c4:42:69:7c:f4:06:4f:70:3a:
                    7e:d6:d9:99:fe:ed:4a:46:45:b8:07:e7:4d:ab:ea:
                    24:65:09:ef:00:19:f2:ea:69:db:2d:f4:8f:f2:e3:
                    00:c3:27:fd:02:dc:71:2b:45:00:95:9b:ba:0e:9d:
                    b5:a1:9a:08:0f:74:88:55:93:0d:6e:1a:ad:26:6a:
                    c9:fb:5a:e5:6f:ea:1a:90:83:6b:db:cb:e4:5d:f1:
                    f8:5f:44:08:a1:61:83:f3:f5:f9:5e:97:9f:03:3d:
                    15:cc:db:ef:77:61:1e:80:d2:a2:54:86:57:d4:c6:
                    47:44:ab:5f:61:fb:3a:21:47:7c:aa:52:a9:97:75:
                    44:20:b1:be:fe:dd:96:b9:ae:83:15:41:0a:07:25:
                    94:01:6b:49:f4:85:15:75:20:24:37:e9:23:b0:6e:
                    b0:1b:99:64:67:16:36:31:1a:1d:9b:46:7b:45:8f:
                    92:6f:0f:8f:80:7c:ea:b1:cd:37:a4:3a:59:dd:fd:
                    c0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C1:18:1C:05:08:EF:E9:B9:40:CE:97:3C:53:D2:1D:BD:09:ED:49
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.104.0/24
                  193.29.97.0/24
                  193.151.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:29:7d:06:98:a1:45:1b:14:71:21:82:92:a7:1e:59:51:30:
         04:71:f3:e7:22:01:46:bb:6a:ea:e8:9c:48:de:bf:d6:ea:fd:
         80:f9:03:16:a4:ae:8b:9c:64:98:2d:31:a3:7d:de:71:10:8e:
         9a:7d:03:d4:eb:bd:2c:f8:c9:00:d1:bf:34:42:c6:18:4a:69:
         e8:8c:73:f9:36:76:72:78:59:40:4f:51:36:68:b2:35:42:a4:
         c1:94:c3:5a:1a:39:05:d9:f0:b7:f3:4e:3b:58:1f:d0:87:95:
         84:28:2f:83:dc:39:13:e6:50:bb:89:b9:e8:52:01:3e:33:24:
         11:73:74:b8:c9:44:e3:a1:0a:5f:90:bc:f5:86:b2:e7:6b:4b:
         fb:36:26:c1:bf:88:9d:61:3d:e8:f4:70:9e:21:9f:e8:cc:83:
         50:c8:6b:6e:b5:65:33:6b:33:78:73:f3:5e:60:56:fa:28:4a:
         98:f2:b3:1a:8f:38:56:8b:af:d7:b9:53:17:ec:77:15:a9:9d:
         de:1d:81:fa:06:27:1c:13:0f:0d:ec:7a:5c:2c:6c:0f:0d:6a:
         ce:4e:4e:7f:86:4c:ab:56:38:a5:a5:2d:72:f5:6e:a6:75:88:
         83:de:68:58:90:00:48:4a:95:47:fd:7e:13:83:76:12:bf:b1:
         d1:6a:fe:5e
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUGkwUX1HY7OS2dhXAn77e8Nr54vwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MDIxNjAwMDBaFw0yNTA4MDExNjA1MDBaMDMxMTAvBgNV
BAMTKEMyQzExODFDMDUwOEVGRTlCOTQwQ0U5NzNDNTNEMjFEQkQwOUVENDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDTew8b0r7pK9N455AUMuK2Szx
xY+P86s/tYLB7GnnxR7HUeapxcw9Cy8P6GgUL15vPVmwdacY5vviL7bneBZawsRC
aXz0Bk9wOn7W2Zn+7UpGRbgH502r6iRlCe8AGfLqadst9I/y4wDDJ/0C3HErRQCV
m7oOnbWhmggPdIhVkw1uGq0masn7WuVv6hqQg2vby+Rd8fhfRAihYYPz9flel58D
PRXM2+93YR6A0qJUhlfUxkdEq19h+zohR3yqUqmXdUQgsb7+3Za5roMVQQoHJZQB
a0n0hRV1ICQ36SOwbrAbmWRnFjYxGh2bRntFj5JvD4+AfOqxzTekOlnd/cAFAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUwsEYHAUI7+m5QM6XPFPSHb0J7UkwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTUxMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC2aaAME
AMEdYQMEAMGXtzANBgkqhkiG9w0BAQsFAAOCAQEAASl9BpihRRsUcSGCkqceWVEw
BHHz5yIBRrtq6uicSN6/1ur9gPkDFqSui5xkmC0xo33ecRCOmn0D1Ou9LPjJANG/
NELGGEpp6Ixz+TZ2cnhZQE9RNmiyNUKkwZTDWho5Bdnwt/NOO1gf0IeVhCgvg9w5
E+ZQu4m56FIBPjMkEXN0uMlE46EKX5C89Yay52tL+zYmwb+InWE96PRwniGf6MyD
UMhrbrVlM2szeHPzXmBW+ihKmPKzGo84Vouv17lTF+x3Famd3h2B+gYnHBMPDex6
XCxsDw1qzk5Of4ZMq1Y4paUtcvVupnWIg95oWJAASEqVR/1+E4N2Er+x0Wr+Xg==
-----END CERTIFICATE-----