Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          Zz21rokZJS36kNnUQ947NhxCwHF1ji+tZPwXOs1/EuY=
Subject key identifier:   A6:8F:25:90:F7:4D:45:07:97:28:06:6B:E0:96:1E:B2:37:B8:EA:E4
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       28F0BB294BCFAC2E6FEDE06069E20CB7EE7F688E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS147003.roa
Signing time:             Wed 15 Jan 2025 16:37:18 +0000
ROA not before:           Wed 15 Jan 2025 16:32:18 +0000
ROA not after:            Wed 14 Jan 2026 16:37:18 +0000
asID:                     147003
IP address blocks:        84.54.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f0:bb:29:4b:cf:ac:2e:6f:ed:e0:60:69:e2:0c:b7:ee:7f:68:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:18 2025 GMT
            Not After : Jan 14 16:37:18 2026 GMT
        Subject: CN=A68F2590F74D45079728066BE0961EB237B8EAE4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:8f:fb:7e:90:24:f3:d1:c8:a1:e9:66:3d:08:
                    c8:c8:ad:b3:06:7f:7c:cf:55:ac:3e:a8:9f:39:bc:
                    58:26:03:f0:cc:40:f7:5e:11:cc:43:1e:44:ae:7c:
                    6a:27:18:31:ff:8d:cf:a8:d9:96:8f:43:6a:92:7d:
                    91:bf:a7:d4:2f:1d:27:c0:f4:05:48:0e:cc:be:4f:
                    52:90:12:15:f7:61:fa:c9:c5:79:70:99:b6:4e:7b:
                    02:3b:86:0e:e0:c8:99:6d:5f:37:85:3c:85:e8:e5:
                    11:c2:45:ef:41:63:37:bd:e5:70:72:c5:e1:05:d6:
                    b5:0f:70:7d:a0:2d:a4:ea:d7:4e:99:19:15:a0:3f:
                    b3:08:eb:f7:cf:69:32:2c:ea:eb:16:ca:1c:0d:fc:
                    99:55:a1:ea:bd:7a:91:cd:7d:54:fc:53:2d:3d:3a:
                    2b:9c:e6:83:a3:74:81:2d:87:c4:89:d6:9b:cd:c4:
                    d9:fe:e0:d8:73:ec:5b:97:14:6a:24:ce:5e:14:dd:
                    5a:fa:a8:23:90:07:bf:f0:75:8a:7f:41:aa:dc:f1:
                    e2:d0:f6:cb:15:1d:7e:1b:89:3f:cf:f0:0c:28:71:
                    31:f2:8b:db:8a:fb:bf:db:82:b8:c1:31:22:3a:6a:
                    72:52:67:8e:0f:93:0d:a7:97:29:74:47:88:c1:89:
                    d7:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:8F:25:90:F7:4D:45:07:97:28:06:6B:E0:96:1E:B2:37:B8:EA:E4
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:5d:7c:0b:1c:6d:c7:ce:de:bb:cc:63:8a:e4:8f:4c:0c:a2:
         0b:d1:69:ef:db:a9:13:27:6a:8d:e3:88:89:9c:30:62:dd:f7:
         41:41:98:16:b9:88:c6:75:09:6d:ca:44:84:e0:6d:e8:72:52:
         49:78:09:68:57:81:3c:db:14:11:f8:24:2e:e6:b8:c0:56:e6:
         7f:8e:ef:8c:48:4e:cb:d2:23:cd:93:23:22:43:12:c6:84:ac:
         69:d1:ed:36:c5:71:99:41:ae:18:0b:8a:3d:2a:66:f7:5d:96:
         61:f7:d8:7a:49:52:cd:b5:71:bd:1d:a8:b3:2e:52:09:73:ff:
         3f:cc:01:47:67:8b:10:8d:2b:79:1e:e7:fc:46:6e:c3:b8:67:
         69:06:92:b9:9a:e1:f3:8e:fd:e3:72:64:78:53:38:05:f1:e8:
         d3:e5:21:c2:71:86:68:da:79:a3:21:83:08:2e:b0:62:a2:b6:
         58:37:62:be:3e:03:7d:82:8d:4e:71:88:9a:5c:e9:33:f3:ba:
         09:82:e5:f0:f8:bf:f9:36:99:08:c8:f9:43:29:f3:d0:db:8c:
         d1:87:9e:8b:29:13:d4:c4:d3:31:99:b8:9b:4c:48:ef:50:76:
         65:c5:d9:e5:df:02:a8:40:be:2b:7d:6a:86:da:55:dd:b9:98:
         b8:48:e1:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKPC7KUvPrC5v7eBgaeIMt+5/aI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMThaFw0yNjAxMTQxNjM3MThaMDMxMTAvBgNV
BAMTKEE2OEYyNTkwRjc0RDQ1MDc5NzI4MDY2QkUwOTYxRUIyMzdCOEVBRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcj/t+kCTz0cih6WY9CMjIrbMG
f3zPVaw+qJ85vFgmA/DMQPdeEcxDHkSufGonGDH/jc+o2ZaPQ2qSfZG/p9QvHSfA
9AVIDsy+T1KQEhX3YfrJxXlwmbZOewI7hg7gyJltXzeFPIXo5RHCRe9BYze95XBy
xeEF1rUPcH2gLaTq106ZGRWgP7MI6/fPaTIs6usWyhwN/JlVoeq9epHNfVT8Uy09
Oiuc5oOjdIEth8SJ1pvNxNn+4Nhz7FuXFGokzl4U3Vr6qCOQB7/wdYp/Qarc8eLQ
9ssVHX4biT/P8AwocTHyi9uK+7/bgrjBMSI6anJSZ44Pkw2nlyl0R4jBideFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpo8lkPdNRQeXKAZr4JYesje46uQwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVDYA
MA0GCSqGSIb3DQEBCwUAA4IBAQAsXXwLHG3Hzt67zGOK5I9MDKIL0Wnv26kTJ2qN
44iJnDBi3fdBQZgWuYjGdQltykSE4G3oclJJeAloV4E82xQR+CQu5rjAVuZ/ju+M
SE7L0iPNkyMiQxLGhKxp0e02xXGZQa4YC4o9Kmb3XZZh99h6SVLNtXG9HaizLlIJ
c/8/zAFHZ4sQjSt5Huf8Rm7DuGdpBpK5muHzjv3jcmR4UzgF8ejT5SHCcYZo2nmj
IYMILrBiorZYN2K+PgN9go1OcYiaXOkz87oJguXw+L/5NpkIyPlDKfPQ24zRh56L
KRPUxNMxmbibTEjvUHZlxdnl3wKoQL4rfWqG2lXduZi4SOFC
-----END CERTIFICATE-----