Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          j3Ry7vBhuckeLStoevaAu6tWp+PkVNqZIjd8SvVFvJw=
Subject key identifier:   AC:FD:45:B4:44:7B:24:5E:E4:C7:30:71:C1:B7:7F:A6:71:8C:9B:2D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5C95F81F792FF49BF4ABC5A90D66B2C85EB8B4F9
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:26:18 +0000
ROA not after:            Tue 31 Dec 2024 06:31:18 +0000
asID:                     996
IP address blocks:        45.155.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:95:f8:1f:79:2f:f4:9b:f4:ab:c5:a9:0d:66:b2:c8:5e:b8:b4:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan  2 06:26:18 2024 GMT
            Not After : Dec 31 06:31:18 2024 GMT
        Subject: CN=ACFD45B4447B245EE4C73071C1B77FA6718C9B2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:06:24:6e:1e:ef:a8:ff:a1:76:44:8a:6d:0c:
                    aa:c5:d6:19:a8:27:de:82:18:21:20:ca:2d:0f:b5:
                    e3:58:ef:81:dd:71:20:a6:9e:0f:fe:bc:03:5b:07:
                    3f:2b:89:77:05:99:34:40:b8:73:11:a0:9d:6e:88:
                    30:27:6e:f0:fd:7d:55:45:3a:43:13:c6:a8:11:44:
                    e0:0f:be:9b:ab:e7:44:2d:06:6f:2e:ba:53:67:e6:
                    cd:40:6c:ac:8e:cf:b1:54:aa:ec:d2:b6:3b:30:34:
                    24:4a:18:c2:d9:66:b3:9a:7b:23:45:b5:f9:6d:76:
                    f4:0c:94:12:7d:7f:fb:6b:67:75:af:c0:09:92:99:
                    8d:70:e4:54:40:cf:c3:34:c9:20:14:95:13:a5:28:
                    e6:96:fa:a0:d8:9e:3d:dd:9e:86:f3:2e:99:63:90:
                    28:5e:b1:1d:63:15:ef:6d:6f:5f:c4:2e:5f:61:ba:
                    da:04:13:c9:fc:d5:48:41:f9:af:fc:4d:2a:7a:f8:
                    28:5f:44:be:9f:ed:f4:53:7d:0c:a0:b2:a6:2e:56:
                    c1:fe:8d:08:e2:71:9a:56:98:12:f9:8a:b0:10:f6:
                    9b:52:ca:41:b3:24:a7:d0:bb:0f:cc:a9:30:5f:ae:
                    c7:4b:68:67:8c:fb:89:5e:26:cd:39:e9:0d:c1:d0:
                    8c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FD:45:B4:44:7B:24:5E:E4:C7:30:71:C1:B7:7F:A6:71:8C:9B:2D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:de:87:d8:ec:96:b1:24:ac:e5:d1:62:ec:ae:90:5f:45:46:
         b2:c0:a4:af:d9:68:8c:28:d3:e5:a7:7c:86:e5:c4:5c:4e:99:
         28:1f:b4:19:26:59:63:50:b1:40:a0:28:9a:38:e9:2d:d4:4b:
         a8:49:d6:ae:bf:89:6e:11:8a:c6:d8:fb:5e:35:00:29:82:af:
         4d:e8:90:08:85:b0:7a:e4:62:18:75:1d:1b:28:25:d1:63:17:
         b6:75:a1:a6:4c:b9:8d:b9:a3:61:a5:e6:52:12:36:e0:75:64:
         3a:eb:1f:3c:50:46:2b:44:40:d2:d5:24:87:ce:b2:5e:dc:51:
         a9:3f:ba:ae:e3:3b:03:5c:7c:0d:3d:e0:68:22:0a:4b:4c:7e:
         69:e9:6b:09:29:eb:af:16:f3:fa:3d:32:70:ec:8e:a6:1a:05:
         b4:89:45:42:03:60:28:3b:14:2a:30:9f:27:9f:56:40:76:9c:
         c2:a0:d0:ab:eb:d3:54:eb:ad:ed:b9:09:08:73:c3:13:e6:f3:
         cd:8a:a4:1c:0a:75:a3:4b:d7:81:76:55:1c:03:f2:ed:a5:3c:
         11:47:30:70:e1:b7:df:8d:8a:5e:a6:12:f4:76:d3:da:db:91:
         fc:e6:c8:d9:6b:6b:60:62:e6:47:06:55:84:08:50:7f:d6:51:
         e0:42:0e:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUXJX4H3kv9Jv0q8WpDWayyF64tPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMDIwNjI2MThaFw0yNDEyMzEwNjMxMThaMDMxMTAvBgNV
BAMTKEFDRkQ0NUI0NDQ3QjI0NUVFNEM3MzA3MUMxQjc3RkE2NzE4QzlCMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwBiRuHu+o/6F2RIptDKrF1hmo
J96CGCEgyi0PteNY74HdcSCmng/+vANbBz8riXcFmTRAuHMRoJ1uiDAnbvD9fVVF
OkMTxqgRROAPvpur50QtBm8uulNn5s1AbKyOz7FUquzStjswNCRKGMLZZrOaeyNF
tfltdvQMlBJ9f/trZ3WvwAmSmY1w5FRAz8M0ySAUlROlKOaW+qDYnj3dnobzLplj
kChesR1jFe9tb1/ELl9hutoEE8n81UhB+a/8TSp6+ChfRL6f7fRTfQygsqYuVsH+
jQjicZpWmBL5irAQ9ptSykGzJKfQuw/MqTBfrsdLaGeM+4leJs056Q3B0Iz5AgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUrP1FtER7JF7kxzBxwbd/pnGMmy0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZsTMA0G
CSqGSIb3DQEBCwUAA4IBAQBD3ofY7JaxJKzl0WLsrpBfRUaywKSv2WiMKNPlp3yG
5cRcTpkoH7QZJlljULFAoCiaOOkt1EuoSdauv4luEYrG2PteNQApgq9N6JAIhbB6
5GIYdR0bKCXRYxe2daGmTLmNuaNhpeZSEjbgdWQ66x88UEYrREDS1SSHzrJe3FGp
P7qu4zsDXHwNPeBoIgpLTH5p6WsJKeuvFvP6PTJw7I6mGgW0iUVCA2AoOxQqMJ8n
n1ZAdpzCoNCr69NU663tuQkIc8MT5vPNiqQcCnWjS9eBdlUcA/LtpTwRRzBw4bff
jYpephL0dtPa25H85sjZa2tgYuZHBlWECFB/1lHgQg6n
-----END CERTIFICATE-----