Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS198376.roa
File:                     AS198376.roa (raw, json)
Hash identifier:          JEmSmJ0YmxPQKJqHO/cQFxZKDlrWgq5I18kuApShUkA=
Subject key identifier:   83:E8:F5:54:41:43:F1:9A:E0:BA:30:12:F0:F3:67:72:15:6D:82:30
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       2196F1E03DC80FCDC51B117B834AA143DDAAEE9E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS198376.roa
Signing time:             Wed 15 Jan 2025 16:37:17 +0000
ROA not before:           Wed 15 Jan 2025 16:32:17 +0000
ROA not after:            Wed 14 Jan 2026 16:37:17 +0000
asID:                     198376
IP address blocks:        84.54.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:96:f1:e0:3d:c8:0f:cd:c5:1b:11:7b:83:4a:a1:43:dd:aa:ee:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:17 2025 GMT
            Not After : Jan 14 16:37:17 2026 GMT
        Subject: CN=83E8F5544143F19AE0BA3012F0F36772156D8230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c7:7f:47:55:28:c0:5c:c1:86:65:6f:62:79:
                    0e:2c:26:e7:55:97:ea:dc:59:c4:13:f9:03:d2:e0:
                    94:c2:81:7d:ee:2a:c2:d3:96:2b:e1:d3:7c:f9:97:
                    9b:59:63:45:9e:fc:8c:ad:b3:e7:5a:d7:94:b1:9d:
                    f1:42:13:41:98:e6:01:c3:5d:ba:bd:ea:7e:1c:7c:
                    9f:45:35:77:b9:34:a5:36:7f:bb:d3:18:3a:f8:69:
                    ef:0b:da:4d:0f:48:ef:91:23:5e:34:bb:ac:8b:ad:
                    81:fc:3f:18:e2:d3:f4:10:01:94:30:e8:a7:90:d6:
                    68:5c:c6:45:af:0e:89:09:6b:f9:b0:1b:7c:56:b1:
                    f7:23:ef:af:14:a9:61:00:78:41:73:41:d7:57:78:
                    8e:ec:83:24:80:25:db:7c:8a:ca:e0:65:14:7d:05:
                    40:2c:48:f6:e7:45:c4:7f:75:8c:28:b6:2b:b2:d1:
                    59:e6:3f:80:56:72:31:84:c1:64:1e:f9:ce:09:4d:
                    5f:68:73:6e:b7:fa:6e:7d:c2:2a:1f:18:e0:bd:18:
                    1c:da:1d:3c:4f:44:49:ad:66:f2:b5:e2:87:ab:4c:
                    4a:b5:35:f8:30:99:c9:bf:2b:39:0d:45:08:eb:03:
                    77:8b:b0:f9:df:fb:eb:18:66:cf:ab:60:e8:73:7d:
                    25:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E8:F5:54:41:43:F1:9A:E0:BA:30:12:F0:F3:67:72:15:6D:82:30
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS198376.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:47:c8:62:07:94:0f:b1:55:9e:1b:ba:dc:c8:56:7c:a0:0f:
         5f:54:fc:10:84:c3:1d:af:4f:1f:6f:53:37:db:87:96:79:ec:
         1d:66:e3:10:ed:d6:43:91:32:e1:d9:c3:2f:ab:4f:31:46:8a:
         84:fd:6c:1f:cb:7b:03:b4:fa:1e:40:fa:b3:88:8b:a5:26:a3:
         c4:53:c6:58:6d:b3:fb:5f:8e:5d:8a:d0:bc:29:c7:46:7a:64:
         5a:55:e7:02:b0:6a:4b:1d:f4:5b:a6:5e:11:66:ef:4c:3d:8e:
         72:7f:4b:3a:1e:5f:fb:b2:f3:03:c4:7a:b7:92:80:b4:b2:eb:
         e4:a6:a1:5b:b2:39:6c:91:4c:65:0a:72:8b:22:e1:5f:3c:88:
         93:5a:8c:0f:dd:7c:57:50:b2:d3:3e:ba:60:1b:0c:49:a6:fa:
         24:34:8a:99:c7:cf:2d:a1:48:4e:39:7f:9c:98:80:60:04:b9:
         e8:df:30:10:5e:1d:ed:0b:d9:27:12:47:fa:47:e2:e4:06:a3:
         c7:17:33:88:cf:72:75:de:f0:02:20:17:0f:32:0f:39:e3:cf:
         0f:5d:c2:e6:a1:1e:8d:8b:d7:d1:c3:33:24:c7:77:34:ce:19:
         a8:c2:b0:2d:d6:0d:f7:84:33:06:59:eb:76:4e:93:ea:b2:16:
         5c:79:21:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIZbx4D3ID83FGxF7g0qhQ92q7p4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMTdaFw0yNjAxMTQxNjM3MTdaMDMxMTAvBgNV
BAMTKDgzRThGNTU0NDE0M0YxOUFFMEJBMzAxMkYwRjM2NzcyMTU2RDgyMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVx39HVSjAXMGGZW9ieQ4sJudV
l+rcWcQT+QPS4JTCgX3uKsLTlivh03z5l5tZY0We/Iyts+da15SxnfFCE0GY5gHD
Xbq96n4cfJ9FNXe5NKU2f7vTGDr4ae8L2k0PSO+RI140u6yLrYH8Pxji0/QQAZQw
6KeQ1mhcxkWvDokJa/mwG3xWsfcj768UqWEAeEFzQddXeI7sgySAJdt8isrgZRR9
BUAsSPbnRcR/dYwotiuy0VnmP4BWcjGEwWQe+c4JTV9oc263+m59wiofGOC9GBza
HTxPREmtZvK14oerTEq1Nfgwmcm/KzkNRQjrA3eLsPnf++sYZs+rYOhzfSWTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUg+j1VEFD8ZrgujAS8PNnchVtgjAwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTk4Mzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVDYA
MA0GCSqGSIb3DQEBCwUAA4IBAQCsR8hiB5QPsVWeG7rcyFZ8oA9fVPwQhMMdr08f
b1M324eWeewdZuMQ7dZDkTLh2cMvq08xRoqE/Wwfy3sDtPoeQPqziIulJqPEU8ZY
bbP7X45ditC8KcdGemRaVecCsGpLHfRbpl4RZu9MPY5yf0s6Hl/7svMDxHq3koC0
suvkpqFbsjlskUxlCnKLIuFfPIiTWowP3XxXULLTPrpgGwxJpvokNIqZx88toUhO
OX+cmIBgBLno3zAQXh3tC9knEkf6R+LkBqPHFzOIz3J13vACIBcPMg85488PXcLm
oR6Ni9fRwzMkx3c0zhmowrAt1g33hDMGWet2TpPqshZceSFC
-----END CERTIFICATE-----