Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS197450.roa
File:                     AS197450.roa (raw, json)
Hash identifier:          rDDt0Ps+CLmfZOFqPDBBsli/A5+jhgW8Nw5AZU/s/MI=
Subject key identifier:   CF:3D:2A:7A:75:6F:0E:72:49:51:57:53:02:CE:C8:C6:C8:EF:0E:8C
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       01407D6C61FB8CFA6FFD343FB72A03F61329DA03
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS197450.roa
Signing time:             Wed 15 Jan 2025 16:37:18 +0000
ROA not before:           Wed 15 Jan 2025 16:32:18 +0000
ROA not after:            Wed 14 Jan 2026 16:37:18 +0000
asID:                     197450
IP address blocks:        176.96.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:40:7d:6c:61:fb:8c:fa:6f:fd:34:3f:b7:2a:03:f6:13:29:da:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:18 2025 GMT
            Not After : Jan 14 16:37:18 2026 GMT
        Subject: CN=CF3D2A7A756F0E724951575302CEC8C6C8EF0E8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6a:75:ca:f9:b1:e7:96:31:ac:cb:fe:66:e3:
                    98:6d:f8:ee:47:30:be:4c:91:a9:61:f8:4f:5a:67:
                    0c:f5:ef:96:19:f1:d4:42:a0:2f:2d:a1:b7:2c:36:
                    d8:e7:12:69:b2:45:a9:36:7d:1e:95:03:1d:ce:b4:
                    cb:1f:75:f6:e9:ad:3c:13:61:3c:f6:23:e8:1d:1d:
                    da:e0:d7:7a:e8:0e:62:ff:92:1a:e2:cc:74:61:dd:
                    2e:28:78:bd:ac:77:0f:ea:78:e1:51:f8:40:60:db:
                    40:5b:e1:cf:21:c9:77:30:ae:4e:07:10:70:08:e2:
                    58:30:16:5b:2c:b1:3f:2d:5a:5e:58:92:a5:f4:1e:
                    84:da:bc:fc:bc:f9:f5:03:9c:d3:80:e2:40:23:0a:
                    d5:76:50:0c:8c:2a:37:5d:c3:b3:95:80:ad:8c:c3:
                    ad:b0:d2:ff:dc:c0:5d:9f:5a:54:c1:57:15:5a:b7:
                    fa:a5:7f:3e:c5:c2:96:d8:2b:25:cd:22:fd:8a:fa:
                    aa:47:3d:8d:8f:5f:90:b4:e6:84:4f:11:5d:06:2a:
                    82:bb:37:d9:7c:34:d4:83:07:d2:25:17:02:ae:07:
                    90:8c:32:0a:5c:ca:c7:1e:72:80:1d:fd:58:5b:00:
                    3e:8b:b9:ec:aa:8f:f7:6d:0f:85:9b:55:13:f1:31:
                    a1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3D:2A:7A:75:6F:0E:72:49:51:57:53:02:CE:C8:C6:C8:EF:0E:8C
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS197450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d8:90:37:66:31:c7:35:8e:e7:07:52:8f:e6:26:c0:b2:d9:
         9e:72:a9:b5:d9:c1:d2:02:59:08:78:ec:8e:53:85:19:f0:5c:
         0c:2a:5c:7c:e5:d5:5d:8b:4a:d0:de:82:48:e9:76:af:59:bd:
         25:7b:dd:cc:a0:bf:2d:4b:cc:a8:3e:6f:50:55:f3:8c:37:99:
         52:21:e1:d4:29:bc:39:43:37:46:52:06:bc:e8:b0:ed:11:ba:
         b1:98:42:5e:85:06:5d:d1:28:6e:5d:24:f0:ed:78:3e:66:42:
         1e:5d:62:a1:06:96:59:30:9c:52:a3:66:10:35:c9:59:92:92:
         c8:76:42:88:15:04:64:ce:88:d5:51:2e:b6:7c:49:df:75:15:
         d1:8d:c9:20:21:ed:4f:7b:cd:13:99:80:be:b0:ec:66:e6:f3:
         11:fc:ef:8e:e3:4f:24:22:dd:cc:c8:5e:53:ab:06:85:b2:74:
         bf:91:2e:e0:93:1e:c8:fc:0e:b5:d4:a4:a9:ad:71:44:01:29:
         b3:d8:b4:92:88:ef:f7:5e:1d:a0:6a:ed:e3:2c:0c:a0:05:05:
         67:38:12:3a:9c:ad:88:32:10:d9:88:88:6a:1b:dc:15:2d:d5:
         ab:d4:4e:c4:97:e2:e2:0a:96:7f:32:55:9e:38:f9:e0:2a:cc:
         aa:e2:16:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAUB9bGH7jPpv/TQ/tyoD9hMp2gMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMThaFw0yNjAxMTQxNjM3MThaMDMxMTAvBgNV
BAMTKENGM0QyQTdBNzU2RjBFNzI0OTUxNTc1MzAyQ0VDOEM2QzhFRjBFOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDManXK+bHnljGsy/5m45ht+O5H
ML5Mkalh+E9aZwz175YZ8dRCoC8tobcsNtjnEmmyRak2fR6VAx3OtMsfdfbprTwT
YTz2I+gdHdrg13roDmL/khrizHRh3S4oeL2sdw/qeOFR+EBg20Bb4c8hyXcwrk4H
EHAI4lgwFlsssT8tWl5YkqX0HoTavPy8+fUDnNOA4kAjCtV2UAyMKjddw7OVgK2M
w62w0v/cwF2fWlTBVxVat/qlfz7FwpbYKyXNIv2K+qpHPY2PX5C05oRPEV0GKoK7
N9l8NNSDB9IlFwKuB5CMMgpcyscecoAd/VhbAD6Lueyqj/dtD4WbVRPxMaEZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUzz0qenVvDnJJUVdTAs7IxsjvDowwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTk3NDUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGCA
MA0GCSqGSIb3DQEBCwUAA4IBAQBi2JA3ZjHHNY7nB1KP5ibAstmecqm12cHSAlkI
eOyOU4UZ8FwMKlx85dVdi0rQ3oJI6XavWb0le93MoL8tS8yoPm9QVfOMN5lSIeHU
Kbw5QzdGUga86LDtEbqxmEJehQZd0ShuXSTw7Xg+ZkIeXWKhBpZZMJxSo2YQNclZ
kpLIdkKIFQRkzojVUS62fEnfdRXRjckgIe1Pe80TmYC+sOxm5vMR/O+O408kIt3M
yF5TqwaFsnS/kS7gkx7I/A611KSprXFEASmz2LSSiO/3Xh2gau3jLAygBQVnOBI6
nK2IMhDZiIhqG9wVLdWr1E7El+LiCpZ/MlWeOPngKsyq4hYy
-----END CERTIFICATE-----