Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
File:                     AS60790.roa (raw, json)
Hash identifier:          1wgIVjP5ThKOcjgyvDni6MLHRePWUs5dagRfTyL6EWg=
Subject key identifier:   78:C9:F7:9B:63:72:5D:FE:AA:CE:6B:83:6C:64:B3:5C:24:99:76:E5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6ED99A195DF0649DB8BE28378AF1A38D70FC653B
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
Signing time:             Thu 04 Apr 2024 18:05:16 +0000
ROA not before:           Thu 04 Apr 2024 18:00:16 +0000
ROA not after:            Thu 03 Apr 2025 18:05:16 +0000
asID:                     60790
IP address blocks:        185.155.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:d9:9a:19:5d:f0:64:9d:b8:be:28:37:8a:f1:a3:8d:70:fc:65:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  4 18:00:16 2024 GMT
            Not After : Apr  3 18:05:16 2025 GMT
        Subject: CN=78C9F79B63725DFEAACE6B836C64B35C249976E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e4:3c:ef:53:4f:90:be:0a:aa:e9:7c:29:31:
                    0e:4a:aa:1a:21:94:b7:d1:de:f8:09:fc:5b:11:08:
                    a7:8f:96:7c:d5:86:bc:45:66:1e:c8:4b:46:2e:ac:
                    33:44:61:bb:1d:8c:2d:c8:7e:11:b7:65:d5:65:c2:
                    f2:75:b9:51:5b:f5:01:42:70:75:d7:09:95:82:19:
                    0f:ce:c5:64:3d:f5:ef:3b:67:75:e6:1c:91:d5:1e:
                    af:0d:c1:b4:cd:6d:09:10:1f:63:be:8e:28:df:6e:
                    3f:09:c3:3a:7c:e2:48:b6:49:7a:33:cb:ea:0a:19:
                    46:dc:cc:62:a9:37:6c:cb:84:d8:74:21:9d:20:80:
                    05:f0:f2:d0:56:74:a4:8f:89:f1:b0:d3:de:65:4a:
                    26:3b:fe:a4:9d:38:40:89:5e:78:da:8e:e1:c8:65:
                    f8:9f:37:0a:9d:28:4f:ee:04:21:05:82:91:d0:94:
                    3e:69:21:70:30:18:45:50:75:64:ee:1b:13:8b:d9:
                    ad:4c:0e:6a:61:12:d3:f7:6e:7e:7c:a1:e7:39:ea:
                    c4:c1:5c:90:a8:d0:cf:d3:35:50:31:cc:31:df:03:
                    25:9b:78:34:89:42:08:b2:db:e3:c6:fa:5b:59:33:
                    cf:13:ce:de:76:af:9f:17:3c:d4:6f:49:c1:ff:2b:
                    73:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:C9:F7:9B:63:72:5D:FE:AA:CE:6B:83:6C:64:B3:5C:24:99:76:E5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d9:87:77:d9:0f:27:4a:07:d1:29:b2:8e:8c:7c:50:9f:e6:
         f1:80:30:8d:2e:03:d3:66:85:60:d4:b1:41:fe:2b:6f:ee:66:
         e4:7e:5a:f2:71:40:72:0c:70:f0:34:7d:d7:44:df:7f:b6:3c:
         de:37:cb:b4:d3:d9:44:f6:9e:fe:0b:d6:16:a9:ab:c4:3d:a8:
         b0:2a:e2:77:63:56:1a:d9:67:56:a8:9b:74:b4:e2:fc:a2:0f:
         a3:82:e4:43:d7:10:e2:4a:7f:a7:84:7e:b1:a8:d2:0b:5d:62:
         9b:3d:2b:6c:8b:fe:9a:62:c5:30:be:0e:66:3d:4c:85:17:8d:
         6d:d4:b6:03:a1:7c:1c:e2:d6:6e:f8:31:47:d4:2a:a5:35:6e:
         15:07:36:28:a7:d5:8d:7e:e9:65:7f:79:6b:65:3e:7e:a2:5d:
         81:c2:0f:07:5e:da:66:f4:72:bd:5c:2d:f5:b1:46:96:31:bb:
         69:ce:e2:b2:da:ec:6f:8b:8c:20:fe:fe:f6:5d:23:41:7a:aa:
         af:38:7a:51:18:67:10:f0:fa:7c:d6:24:49:10:cc:5b:cc:54:
         78:96:71:04:6b:fa:7c:51:99:95:a5:53:5c:6f:e3:f6:96:64:
         4e:bd:61:13:de:d0:68:1b:78:2c:e3:c7:2c:02:b9:e2:d2:fb:
         70:bb:e9:54
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbtmaGV3wZJ24vig3ivGjjXD8ZTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA0MDQxODAwMTZaFw0yNTA0MDMxODA1MTZaMDMxMTAvBgNV
BAMTKDc4QzlGNzlCNjM3MjVERkVBQUNFNkI4MzZDNjRCMzVDMjQ5OTc2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl5DzvU0+Qvgqq6XwpMQ5Kqhoh
lLfR3vgJ/FsRCKePlnzVhrxFZh7IS0YurDNEYbsdjC3IfhG3ZdVlwvJ1uVFb9QFC
cHXXCZWCGQ/OxWQ99e87Z3XmHJHVHq8NwbTNbQkQH2O+jijfbj8Jwzp84ki2SXoz
y+oKGUbczGKpN2zLhNh0IZ0ggAXw8tBWdKSPifGw095lSiY7/qSdOECJXnjajuHI
ZfifNwqdKE/uBCEFgpHQlD5pIXAwGEVQdWTuGxOL2a1MDmphEtP3bn58oec56sTB
XJCo0M/TNVAxzDHfAyWbeDSJQgiy2+PG+ltZM88Tzt52r58XPNRvScH/K3MnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeMn3m2NyXf6qzmuDbGSzXCSZduUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjA3OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5m9ww
DQYJKoZIhvcNAQELBQADggEBAE7Zh3fZDydKB9Epso6MfFCf5vGAMI0uA9NmhWDU
sUH+K2/uZuR+WvJxQHIMcPA0fddE33+2PN43y7TT2UT2nv4L1hapq8Q9qLAq4ndj
VhrZZ1aom3S04vyiD6OC5EPXEOJKf6eEfrGo0gtdYps9K2yL/ppixTC+DmY9TIUX
jW3UtgOhfBzi1m74MUfUKqU1bhUHNiin1Y1+6WV/eWtlPn6iXYHCDwde2mb0cr1c
LfWxRpYxu2nO4rLa7G+LjCD+/vZdI0F6qq84elEYZxDw+nzWJEkQzFvMVHiWcQRr
+nxRmZWlU1xv4/aWZE69YRPe0GgbeCzjxywCueLS+3C76VQ=
-----END CERTIFICATE-----