Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          iNxVHY5bfrPpqRaMpJW6WDjRyg57T56ouJYfCD2aqVA=
Subject key identifier:   26:4F:8D:31:65:64:45:50:C3:19:D5:06:D7:55:01:F7:36:B2:2B:C6
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3236BFA925D32F53800EA16CD1BF095D475DA78F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa
Signing time:             Tue 03 Dec 2024 06:43:28 +0000
ROA not before:           Tue 03 Dec 2024 06:38:28 +0000
ROA not after:            Tue 02 Dec 2025 06:43:28 +0000
asID:                     996
IP address blocks:        45.155.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:36:bf:a9:25:d3:2f:53:80:0e:a1:6c:d1:bf:09:5d:47:5d:a7:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec  3 06:38:28 2024 GMT
            Not After : Dec  2 06:43:28 2025 GMT
        Subject: CN=264F8D3165644550C319D506D75501F736B22BC6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b7:71:31:8d:82:8c:01:7b:00:cd:aa:8f:eb:
                    6f:14:b3:08:36:d5:52:e5:89:5a:0c:1b:d3:f3:36:
                    99:67:37:62:7d:d7:07:e7:32:66:68:ed:d8:24:25:
                    c4:61:e5:0a:81:dd:f4:2f:3c:19:81:79:09:f1:04:
                    e0:f8:52:60:87:b2:36:3f:c8:4b:51:a3:4b:7b:88:
                    f1:4e:97:7b:69:2a:6b:72:1f:24:32:e4:c9:3f:40:
                    51:f5:89:46:34:73:31:c9:cd:67:40:32:d7:e4:09:
                    e0:27:49:fc:c5:1e:f5:f9:22:cf:35:90:eb:69:3b:
                    f5:41:12:e9:58:a0:f0:2a:11:e5:ab:4e:3a:4f:14:
                    89:16:2b:0e:ed:11:7c:21:5e:5f:85:8f:28:a0:e0:
                    30:15:92:09:44:f8:6a:a1:41:d2:4c:6e:a9:69:b1:
                    5e:fe:8f:66:4d:ec:d5:05:c1:ac:ee:94:4b:99:1c:
                    24:bd:a6:d7:cc:a6:1c:57:0a:d1:b6:aa:b7:07:ee:
                    cc:1e:9b:88:e4:d4:54:1f:25:ed:ed:1d:c1:4d:f2:
                    7e:6e:a7:90:ec:ac:27:39:fd:d0:6d:c3:58:67:f5:
                    c1:9c:f5:57:c9:17:f5:b7:01:71:9c:2f:ff:c9:b7:
                    6a:fb:e1:65:1f:3a:b1:80:31:f4:f7:9d:d9:dc:ab:
                    76:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:4F:8D:31:65:64:45:50:C3:19:D5:06:D7:55:01:F7:36:B2:2B:C6
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d1:37:df:5e:45:33:ca:16:f6:c4:95:e3:39:48:10:b5:ae:
         36:6c:e2:db:95:a3:0d:8f:56:35:23:19:cc:f4:f0:9c:a5:7d:
         f9:1f:02:c8:81:62:16:94:3f:75:3a:43:04:9e:2a:d9:a6:65:
         e5:7e:46:14:0a:ee:ba:9b:ae:45:6c:8c:9a:de:33:43:16:d9:
         24:56:f0:de:d4:07:8d:12:8f:e7:a6:d9:6c:4f:b6:d2:6a:c6:
         1d:c8:9b:cf:ab:15:68:53:4a:f7:e6:ab:6d:d2:95:ff:6f:e6:
         9d:b5:d6:d6:92:e9:9b:2c:ea:b2:fa:c6:ae:20:a1:9d:e2:71:
         c5:5e:d0:e3:a3:e4:01:fa:ca:f4:b5:6b:c9:04:d5:fb:3e:bd:
         5a:21:89:de:1c:d8:d1:87:e3:fd:ba:95:0e:29:72:07:a8:aa:
         01:c9:16:24:02:23:83:99:8b:50:eb:98:d2:24:17:b7:f3:ea:
         f2:55:7f:79:fa:ec:29:62:5c:41:87:aa:74:01:5f:75:3c:03:
         a1:5f:ae:34:1c:df:4c:a0:c8:b3:c8:8e:f0:99:53:4d:be:f0:
         62:3d:eb:b8:86:51:31:fb:37:8b:f7:05:00:06:1c:17:5e:31:
         c6:af:4d:8c:90:52:cd:f2:0c:65:32:b5:2e:bb:59:ee:10:f8:
         dd:93:9f:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUMja/qSXTL1OADqFs0b8JXUddp48wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEyMDMwNjM4MjhaFw0yNTEyMDIwNjQzMjhaMDMxMTAvBgNV
BAMTKDI2NEY4RDMxNjU2NDQ1NTBDMzE5RDUwNkQ3NTUwMUY3MzZCMjJCQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1t3ExjYKMAXsAzaqP628Uswg2
1VLliVoMG9PzNplnN2J91wfnMmZo7dgkJcRh5QqB3fQvPBmBeQnxBOD4UmCHsjY/
yEtRo0t7iPFOl3tpKmtyHyQy5Mk/QFH1iUY0czHJzWdAMtfkCeAnSfzFHvX5Is81
kOtpO/VBEulYoPAqEeWrTjpPFIkWKw7tEXwhXl+Fjyig4DAVkglE+GqhQdJMbqlp
sV7+j2ZN7NUFwazulEuZHCS9ptfMphxXCtG2qrcH7swem4jk1FQfJe3tHcFN8n5u
p5DsrCc5/dBtw1hn9cGc9VfJF/W3AXGcL//Jt2r74WUfOrGAMfT3ndncq3ZLAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUJk+NMWVkRVDDGdUG11UB9zayK8YwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZsTMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0TffXkUzyhb2xJXjOUgQta42bOLblaMNj1Y1IxnM
9PCcpX35HwLIgWIWlD91OkMEnirZpmXlfkYUCu66m65FbIya3jNDFtkkVvDe1AeN
Eo/nptlsT7bSasYdyJvPqxVoU0r35qtt0pX/b+adtdbWkumbLOqy+sauIKGd4nHF
XtDjo+QB+sr0tWvJBNX7Pr1aIYneHNjRh+P9upUOKXIHqKoByRYkAiODmYtQ65jS
JBe38+ryVX95+uwpYlxBh6p0AV91PAOhX640HN9MoMizyI7wmVNNvvBiPeu4hlEx
+zeL9wUABhwXXjHGr02MkFLN8gxlMrUuu1nuEPjdk58o
-----END CERTIFICATE-----