Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS201079.roa
File:                     AS201079.roa (raw, json)
Hash identifier:          YiroNHsMhmcvnTfQdTj6xU3E26sbM/UBmzpsaCfEuwg=
Subject key identifier:   91:F5:8C:84:27:7F:A1:CF:23:DB:42:10:68:67:F5:B9:B5:DF:34:9C
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       469028537B60F6A81E5DFE0124E7A1F4ED3A1B48
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS201079.roa
Signing time:             Wed 15 Jan 2025 16:37:18 +0000
ROA not before:           Wed 15 Jan 2025 16:32:18 +0000
ROA not after:            Wed 14 Jan 2026 16:37:18 +0000
asID:                     201079
IP address blocks:        185.254.53.0/24 maxlen: 24
                          185.254.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:90:28:53:7b:60:f6:a8:1e:5d:fe:01:24:e7:a1:f4:ed:3a:1b:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:18 2025 GMT
            Not After : Jan 14 16:37:18 2026 GMT
        Subject: CN=91F58C84277FA1CF23DB42106867F5B9B5DF349C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9e:cd:fd:98:c7:b2:de:e5:48:32:82:1a:3c:
                    35:5e:7d:d3:a3:44:f1:2e:80:fd:bf:56:42:6c:66:
                    8e:f3:d1:fc:2b:b1:e6:d8:14:ab:8a:15:fb:d6:80:
                    7e:0e:52:65:bb:30:45:3f:54:6a:8b:68:b9:ea:8c:
                    16:00:bd:f6:d6:21:a4:55:e6:4c:c1:80:eb:0d:e2:
                    00:de:90:b1:8b:ca:1a:bb:7b:31:64:0f:42:fa:70:
                    14:79:61:4f:61:b9:d7:e4:ac:55:e4:bb:7a:63:ee:
                    ad:7b:75:e0:89:9c:e0:f7:80:fd:bd:b3:2f:ae:bc:
                    0a:2d:83:06:3a:ff:73:5a:e3:c7:9f:d1:18:ff:1c:
                    b4:00:4f:2e:41:35:3e:e1:b3:13:5c:9a:7b:10:c3:
                    f9:6d:71:5a:d5:4a:35:ce:29:e4:68:92:67:26:a9:
                    50:38:8b:1d:f5:3b:fc:7d:37:82:7c:72:5c:44:70:
                    13:b9:4d:ee:d3:2d:4b:8d:14:78:16:09:bb:4a:0c:
                    53:cc:0c:59:b6:e5:cc:cd:65:8d:63:d5:6b:84:e8:
                    06:f4:45:28:41:83:e7:c1:33:36:eb:f2:9a:fb:a7:
                    24:83:7d:66:87:a0:ce:50:a8:cb:ed:ec:28:f6:ae:
                    33:93:5f:c4:47:bd:45:0e:66:0e:9d:02:a0:68:02:
                    19:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F5:8C:84:27:7F:A1:CF:23:DB:42:10:68:67:F5:B9:B5:DF:34:9C
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS201079.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.53.0/24
                  185.254.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:96:5a:64:a0:9a:f3:ec:c5:0c:8b:38:3d:2b:b8:03:7e:1a:
         ee:eb:cf:a9:26:f1:9d:42:42:95:a6:f1:4d:56:45:00:39:e6:
         71:0c:ba:13:3a:e9:21:f5:89:b1:96:89:67:70:9d:be:3c:1c:
         4b:3f:68:62:00:49:39:35:9b:5f:aa:ea:c3:33:2d:63:b2:dc:
         85:89:97:22:8b:9f:01:5c:04:83:51:b9:54:96:88:ef:a9:46:
         a5:f9:09:c2:f7:b1:b2:32:a8:1f:4e:95:1a:3c:2c:fe:3a:b2:
         c9:7d:8e:5d:a8:c0:df:fb:42:e8:66:9c:7a:da:ab:b8:65:26:
         fc:39:7a:57:80:72:65:c1:b4:14:20:a6:7d:6e:33:5a:4d:d5:
         17:af:f8:0e:7f:ee:fe:28:5b:5a:16:e6:9f:78:25:33:19:f4:
         04:d6:f0:5d:fc:70:c2:62:67:c9:4c:58:b4:82:56:34:62:b5:
         3a:df:16:53:48:e6:76:4e:34:67:15:77:65:82:7a:cb:fa:a2:
         b9:58:97:b0:b7:5b:9d:07:ee:cb:e4:1e:88:5f:b7:ba:63:3e:
         bc:54:3b:26:9a:76:9f:d3:99:31:05:5c:16:b7:7e:28:da:9b:
         14:d3:8a:1e:87:6d:0f:6f:b9:38:23:31:f4:0a:d9:86:32:b1:
         a0:6e:b0:2c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURpAoU3tg9qgeXf4BJOeh9O06G0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMThaFw0yNjAxMTQxNjM3MThaMDMxMTAvBgNV
BAMTKDkxRjU4Qzg0Mjc3RkExQ0YyM0RCNDIxMDY4NjdGNUI5QjVERjM0OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNns39mMey3uVIMoIaPDVefdOj
RPEugP2/VkJsZo7z0fwrsebYFKuKFfvWgH4OUmW7MEU/VGqLaLnqjBYAvfbWIaRV
5kzBgOsN4gDekLGLyhq7ezFkD0L6cBR5YU9hudfkrFXku3pj7q17deCJnOD3gP29
sy+uvAotgwY6/3Na48ef0Rj/HLQATy5BNT7hsxNcmnsQw/ltcVrVSjXOKeRokmcm
qVA4ix31O/x9N4J8clxEcBO5Te7TLUuNFHgWCbtKDFPMDFm25czNZY1j1WuE6Ab0
RShBg+fBMzbr8pr7pySDfWaHoM5QqMvt7Cj2rjOTX8RHvUUOZg6dAqBoAhnlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUkfWMhCd/oc8j20IQaGf1ubXfNJwwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjAxMDc5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf41
AwQAuf43MA0GCSqGSIb3DQEBCwUAA4IBAQCnllpkoJrz7MUMizg9K7gDfhru68+p
JvGdQkKVpvFNVkUAOeZxDLoTOukh9YmxlolncJ2+PBxLP2hiAEk5NZtfqurDMy1j
styFiZcii58BXASDUblUlojvqUal+QnC97GyMqgfTpUaPCz+OrLJfY5dqMDf+0Lo
Zpx62qu4ZSb8OXpXgHJlwbQUIKZ9bjNaTdUXr/gOf+7+KFtaFuafeCUzGfQE1vBd
/HDCYmfJTFi0glY0YrU63xZTSOZ2TjRnFXdlgnrL+qK5WJewt1udB+7L5B6IX7e6
Yz68VDsmmnaf05kxBVwWt34o2psU04oeh20Pb7k4IzH0CtmGMrGgbrAs
-----END CERTIFICATE-----