Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60781.roa
File:                     AS60781.roa (raw, json)
Hash identifier:          UNft03CprOfuLxjrJU4PJaFAoZx2p6oVmpWfFUdWQhQ=
Subject key identifier:   25:DE:95:25:AC:45:16:26:28:B2:42:AF:0B:26:7A:2F:CA:9E:29:A9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       51F0AAE20D805FBFA54B81E579E97E226CCF8F59
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60781.roa
Signing time:             Thu 30 Nov 2023 13:05:08 +0000
ROA not before:           Thu 30 Nov 2023 13:00:08 +0000
ROA not after:            Thu 28 Nov 2024 13:05:08 +0000
asID:                     60781
IP address blocks:        152.89.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:f0:aa:e2:0d:80:5f:bf:a5:4b:81:e5:79:e9:7e:22:6c:cf:8f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:08 2023 GMT
            Not After : Nov 28 13:05:08 2024 GMT
        Subject: CN=25DE9525AC45162628B242AF0B267A2FCA9E29A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c2:4e:d8:16:07:35:00:f0:1d:78:8e:9e:94:
                    65:4f:20:a7:7b:16:e8:5f:06:ac:93:36:86:fc:9b:
                    4b:79:26:30:a1:cf:c1:ee:a6:85:b3:fc:28:bb:89:
                    2c:ff:4b:42:58:e0:80:0f:5d:e0:b5:8d:6c:08:b6:
                    39:70:f6:e9:d6:fd:16:e0:cd:d4:f4:4b:e8:7c:5e:
                    c3:2b:7f:cd:75:e2:3a:3c:e9:71:c7:36:80:3f:74:
                    8d:d0:0d:04:bb:27:43:d1:67:66:95:b2:eb:ed:84:
                    2f:b8:ed:ad:bf:d5:76:e4:0a:2c:0f:52:05:e7:75:
                    c1:93:ca:1c:d6:96:2d:4c:4c:42:c7:3b:4c:27:23:
                    65:be:ed:ba:59:d1:fb:47:89:db:a3:bf:91:a8:3b:
                    dc:0f:74:82:04:be:c6:4e:da:fd:88:cb:2d:a7:36:
                    e1:17:d9:2c:56:bc:55:fb:a1:f4:a6:9b:47:5d:1f:
                    9b:db:f7:35:10:4d:85:6e:e7:d7:67:7e:63:be:32:
                    8c:2e:38:1a:48:48:f5:6a:2f:f0:83:34:02:fe:fa:
                    74:3d:0e:c8:96:45:ee:e9:c7:1a:c6:9f:1d:e9:9f:
                    f6:ae:b0:cf:d8:df:02:2b:8c:8a:92:7e:6f:4d:99:
                    12:43:4e:76:fd:85:37:a7:4a:3f:8c:82:35:5b:97:
                    ea:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:DE:95:25:AC:45:16:26:28:B2:42:AF:0B:26:7A:2F:CA:9E:29:A9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60781.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:2e:01:7f:44:fb:9f:f1:86:7f:f6:d6:c9:72:e8:dd:f5:09:
         24:18:8e:35:6f:74:bc:0a:b0:c5:f8:29:96:d6:76:9f:1e:5f:
         8c:3a:d4:f9:14:bb:56:0f:12:d8:40:38:c6:0f:50:6c:1b:08:
         df:89:87:b8:34:5b:d0:be:31:f3:bd:e5:c8:cb:d2:84:93:7f:
         8e:55:fb:19:42:71:b0:19:06:4b:2a:ff:54:de:64:78:3c:f0:
         11:fb:d8:ae:32:51:88:9d:8e:d2:ed:70:bb:e9:69:55:b3:a1:
         d5:f4:fb:4d:b4:a7:ef:0b:89:17:cd:ea:a8:f8:53:b2:a0:f2:
         66:da:c1:36:d5:64:ff:93:2d:50:ee:4f:d8:c2:df:71:47:46:
         a6:a0:8b:81:f0:3b:e6:3a:3d:cf:71:a2:8d:20:69:3f:03:0a:
         39:7d:57:5b:4e:46:1f:69:62:0a:a8:08:90:e4:d8:0c:50:57:
         8f:fe:35:77:6d:16:48:15:ee:07:84:26:23:ff:f5:83:87:6e:
         a1:22:f8:b5:cc:4b:55:14:26:f2:ee:a8:e9:f1:32:60:8d:c6:
         c4:8b:d9:f5:df:75:64:82:63:f3:b0:c3:e0:d6:00:ed:f8:a9:
         a7:e8:5e:3e:c1:9d:1d:f7:8f:a2:3b:5b:1f:52:ab:a6:b5:3b:
         62:a0:b1:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUfCq4g2AX7+lS4Hleel+ImzPj1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDhaFw0yNDExMjgxMzA1MDhaMDMxMTAvBgNV
BAMTKDI1REU5NTI1QUM0NTE2MjYyOEIyNDJBRjBCMjY3QTJGQ0E5RTI5QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdwk7YFgc1APAdeI6elGVPIKd7
FuhfBqyTNob8m0t5JjChz8HupoWz/Ci7iSz/S0JY4IAPXeC1jWwItjlw9unW/Rbg
zdT0S+h8XsMrf8114jo86XHHNoA/dI3QDQS7J0PRZ2aVsuvthC+47a2/1XbkCiwP
UgXndcGTyhzWli1MTELHO0wnI2W+7bpZ0ftHidujv5GoO9wPdIIEvsZO2v2Iyy2n
NuEX2SxWvFX7ofSmm0ddH5vb9zUQTYVu59dnfmO+MowuOBpISPVqL/CDNAL++nQ9
DsiWRe7pxxrGnx3pn/ausM/Y3wIrjIqSfm9NmRJDTnb9hTenSj+MgjVbl+oTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUJd6VJaxFFiYoskKvCyZ6L8qeKakwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjA3ODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACYWfsw
DQYJKoZIhvcNAQELBQADggEBAC8uAX9E+5/xhn/21sly6N31CSQYjjVvdLwKsMX4
KZbWdp8eX4w61PkUu1YPEthAOMYPUGwbCN+Jh7g0W9C+MfO95cjL0oSTf45V+xlC
cbAZBksq/1TeZHg88BH72K4yUYidjtLtcLvpaVWzodX0+020p+8LiRfN6qj4U7Kg
8mbawTbVZP+TLVDuT9jC33FHRqagi4HwO+Y6Pc9xoo0gaT8DCjl9V1tORh9pYgqo
CJDk2AxQV4/+NXdtFkgV7geEJiP/9YOHbqEi+LXMS1UUJvLuqOnxMmCNxsSL2fXf
dWSCY/Oww+DWAO34qafoXj7BnR33j6I7Wx9Sq6a1O2KgsT8=
-----END CERTIFICATE-----