Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
File:                     AS60790.roa (raw, json)
Hash identifier:          p4HsKZf6FjRdhDf286UNpAmm0KfY+d0xNPu4RkJ8poY=
Subject key identifier:   79:30:85:8D:FC:0F:A8:37:B4:0F:86:BE:6D:89:6F:27:96:B1:E7:21
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3C1113F051840972BF5AFF6FA6CF51D96B13860D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
Signing time:             Thu 06 Mar 2025 18:53:56 +0000
ROA not before:           Thu 06 Mar 2025 18:48:56 +0000
ROA not after:            Thu 05 Mar 2026 18:53:56 +0000
asID:                     60790
IP address blocks:        185.155.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:11:13:f0:51:84:09:72:bf:5a:ff:6f:a6:cf:51:d9:6b:13:86:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  6 18:48:56 2025 GMT
            Not After : Mar  5 18:53:56 2026 GMT
        Subject: CN=7930858DFC0FA837B40F86BE6D896F2796B1E721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d3:8a:eb:ae:91:bc:35:b6:ff:ff:78:d2:f7:
                    45:a0:85:f5:f3:df:03:cb:df:bd:63:89:21:d2:9b:
                    76:46:24:56:cd:95:95:c6:bd:41:e9:84:94:89:30:
                    69:58:1f:27:25:fe:d5:2c:46:e0:8b:be:2d:7f:f2:
                    79:dc:8d:f9:69:4e:77:9e:41:54:f9:4b:6f:42:aa:
                    9d:d9:67:ea:73:77:41:13:24:6e:49:52:6e:3e:14:
                    d2:a6:a9:3c:db:d7:58:b3:e3:d8:88:bf:de:4a:9c:
                    de:99:da:7f:86:ec:7a:40:01:38:f4:1a:eb:9a:8c:
                    5b:8c:a8:06:91:4e:fd:43:56:38:b1:00:06:94:87:
                    46:bb:74:80:46:15:32:5e:7a:2d:65:6f:05:7c:91:
                    44:30:bc:06:38:4f:f9:98:6c:1f:83:b4:bc:d2:30:
                    d0:de:fb:c4:19:31:bd:79:c4:cc:8b:83:3e:77:2c:
                    d5:c9:46:5e:01:89:07:89:cd:d1:00:fd:76:d2:3d:
                    ac:9f:de:9a:51:3b:7a:48:67:1f:c3:8e:e0:27:c7:
                    b4:41:e2:3b:cf:22:8d:8c:aa:72:30:8c:5a:8f:d6:
                    e7:dd:ea:fd:d2:9a:22:46:f7:8f:83:90:ca:0e:9a:
                    be:0f:7e:2b:90:45:b4:c9:89:45:72:d8:2b:70:21:
                    b7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:30:85:8D:FC:0F:A8:37:B4:0F:86:BE:6D:89:6F:27:96:B1:E7:21
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:65:51:4b:19:0f:90:ad:9c:24:8d:17:f3:c5:74:90:15:8e:
         6a:67:0d:dd:b8:d4:78:00:5e:d8:ea:24:bc:81:9f:00:0b:c1:
         05:fe:9d:0b:34:5d:e5:9f:3d:87:2b:2c:b7:e2:10:3e:a3:c4:
         20:ab:da:c6:d0:b4:00:8d:86:58:4f:2d:72:6b:d0:bd:53:b0:
         0b:59:b5:0c:01:82:05:a6:49:61:1a:a7:ac:01:bf:ab:0e:4c:
         05:bc:50:79:c4:84:f5:2c:76:0b:cd:51:a1:42:69:58:28:2c:
         2f:42:6c:cb:68:92:a1:eb:24:59:42:8a:b7:03:30:b1:4e:42:
         9c:d0:62:25:30:ca:c2:ea:12:4e:e1:ea:d5:a5:4d:45:b1:51:
         67:24:0a:2e:b8:1d:c3:67:0c:3e:74:d0:65:c7:41:e1:04:46:
         79:49:df:e9:58:48:8c:09:d9:3b:ce:5f:33:37:e9:bb:82:00:
         23:bf:4d:02:ee:42:ec:4f:49:2b:6c:65:54:cf:b1:6c:53:da:
         32:19:bc:3e:09:be:26:c9:18:31:c3:80:7d:3e:3f:58:8a:53:
         5c:73:94:d7:62:6f:e1:c0:0b:ac:1b:d4:40:07:e3:63:94:ce:
         a0:ea:7b:33:da:1e:97:4b:a0:eb:5a:ab:c4:51:f7:71:1a:ca:
         34:2c:56:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPBET8FGECXK/Wv9vps9R2WsThg0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMDYxODQ4NTZaFw0yNjAzMDUxODUzNTZaMDMxMTAvBgNV
BAMTKDc5MzA4NThERkMwRkE4MzdCNDBGODZCRTZEODk2RjI3OTZCMUU3MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy04rrrpG8Nbb//3jS90WghfXz
3wPL371jiSHSm3ZGJFbNlZXGvUHphJSJMGlYHycl/tUsRuCLvi1/8nncjflpTnee
QVT5S29Cqp3ZZ+pzd0ETJG5JUm4+FNKmqTzb11iz49iIv95KnN6Z2n+G7HpAATj0
GuuajFuMqAaRTv1DVjixAAaUh0a7dIBGFTJeei1lbwV8kUQwvAY4T/mYbB+DtLzS
MNDe+8QZMb15xMyLgz53LNXJRl4BiQeJzdEA/XbSPayf3ppRO3pIZx/DjuAnx7RB
4jvPIo2MqnIwjFqP1ufd6v3SmiJG94+DkMoOmr4PfiuQRbTJiUVy2CtwIbftAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeTCFjfwPqDe0D4a+bYlvJ5ax5yEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjA3OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5m9ww
DQYJKoZIhvcNAQELBQADggEBAE5lUUsZD5CtnCSNF/PFdJAVjmpnDd241HgAXtjq
JLyBnwALwQX+nQs0XeWfPYcrLLfiED6jxCCr2sbQtACNhlhPLXJr0L1TsAtZtQwB
ggWmSWEap6wBv6sOTAW8UHnEhPUsdgvNUaFCaVgoLC9CbMtokqHrJFlCircDMLFO
QpzQYiUwysLqEk7h6tWlTUWxUWckCi64HcNnDD500GXHQeEERnlJ3+lYSIwJ2TvO
XzM36buCACO/TQLuQuxPSStsZVTPsWxT2jIZvD4JvibJGDHDgH0+P1iKU1xzlNdi
b+HAC6wb1EAH42OUzqDqezPaHpdLoOtaq8RR93EayjQsVpc=
-----END CERTIFICATE-----