Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS204843.roa
File:                     AS204843.roa (raw, json)
Hash identifier:          fNXrhm79TNS1ZP505zLI5uWaJ+XQ51eaKU0riHbEtjg=
Subject key identifier:   37:85:7D:77:94:C5:F1:1B:FD:5C:E8:30:7F:03:4C:27:9D:49:73:C8
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       50CAA0E9EF98FB77B445BB166940A7A1269DCB93
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS204843.roa
Signing time:             Mon 20 Jan 2025 14:11:54 +0000
ROA not before:           Mon 20 Jan 2025 14:06:54 +0000
ROA not after:            Mon 19 Jan 2026 14:11:54 +0000
asID:                     204843
IP address blocks:        185.254.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:ca:a0:e9:ef:98:fb:77:b4:45:bb:16:69:40:a7:a1:26:9d:cb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 20 14:06:54 2025 GMT
            Not After : Jan 19 14:11:54 2026 GMT
        Subject: CN=37857D7794C5F11BFD5CE8307F034C279D4973C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d7:84:22:2c:74:a0:e8:62:64:15:dc:10:5b:
                    e4:bc:1e:90:34:af:78:f3:f2:cc:9e:34:ab:67:06:
                    a4:cb:f1:a4:6d:5a:61:cc:07:80:18:03:0a:3b:40:
                    ec:13:31:6e:93:38:7e:c8:c5:d4:28:31:81:91:b5:
                    48:68:23:1a:c1:fc:c7:8d:3c:6e:5c:1b:e0:49:da:
                    7a:a7:46:f7:cf:32:72:ac:b1:bc:7e:ac:0f:77:f9:
                    c5:1f:39:e6:e0:2c:10:d1:1f:70:5d:25:e7:b6:e2:
                    c1:ce:81:b4:46:80:1d:aa:d0:9e:05:4f:2b:ac:77:
                    2d:cf:a0:36:e7:e9:0c:7c:ef:14:76:44:79:1d:c6:
                    03:ae:e6:7a:34:02:f4:ba:b1:04:0f:db:33:39:cc:
                    a8:16:52:f2:f8:cb:a8:3a:42:5e:d3:e8:b6:69:85:
                    06:0e:7d:f0:71:fb:75:5f:cb:d3:f6:15:7f:25:c7:
                    cd:88:6f:c6:bb:5c:e4:cf:2d:41:ee:39:81:8c:9c:
                    82:13:7d:f6:0a:99:b9:a4:b1:5c:81:59:32:50:07:
                    b4:f8:6c:23:a1:4b:b3:df:5f:52:8a:ba:8c:54:7c:
                    2e:14:d3:63:4d:81:aa:1d:cb:d2:dc:a6:b0:50:dc:
                    e8:e3:7a:57:23:5c:d7:f8:13:2f:9b:9a:5c:1c:85:
                    e7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:85:7D:77:94:C5:F1:1B:FD:5C:E8:30:7F:03:4C:27:9D:49:73:C8
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS204843.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:91:f7:cb:f2:3c:69:ae:53:79:74:94:ef:d0:4b:04:03:b5:
         c9:05:1b:92:2d:a6:cb:54:b2:9f:30:f2:b2:f9:1a:29:13:08:
         f3:4f:94:a2:a5:ae:84:e2:8c:a2:da:47:52:e0:05:d4:24:6b:
         7c:c7:60:2a:51:3c:d2:26:40:58:4a:36:1b:46:4b:b1:45:47:
         66:65:71:c3:97:0d:82:2b:38:dd:fc:d7:5d:85:6f:07:77:0e:
         cd:96:d1:94:fa:64:c4:08:9f:6c:57:56:3e:d0:56:12:dd:0e:
         04:69:c7:9a:81:8b:be:3f:36:80:c9:d9:29:48:1f:7b:15:0e:
         98:51:7a:93:b8:20:22:2c:82:d2:cb:14:bc:ed:e2:8a:a5:c8:
         b9:e3:b2:43:22:12:28:bb:24:4c:88:65:f0:76:6b:6a:c9:4f:
         b0:fe:f0:d7:94:67:2e:f8:24:84:0e:a1:ec:d7:dd:25:c2:3d:
         8f:36:7b:dd:c9:54:16:ee:85:f0:fe:30:1c:72:06:10:bf:df:
         2d:f1:6f:22:19:ac:a4:fe:fe:6c:4b:cb:1a:ad:ff:c7:74:50:
         d8:74:ca:cd:9d:e9:a2:dc:3f:c3:d2:5e:9e:61:b0:c5:25:22:
         cc:f1:21:12:3e:fa:f9:6d:d1:58:fc:47:65:ce:55:ba:49:b1:
         f4:96:d9:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUMqg6e+Y+3e0RbsWaUCnoSady5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMjAxNDA2NTRaFw0yNjAxMTkxNDExNTRaMDMxMTAvBgNV
BAMTKDM3ODU3RDc3OTRDNUYxMUJGRDVDRTgzMDdGMDM0QzI3OUQ0OTczQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH14QiLHSg6GJkFdwQW+S8HpA0
r3jz8syeNKtnBqTL8aRtWmHMB4AYAwo7QOwTMW6TOH7IxdQoMYGRtUhoIxrB/MeN
PG5cG+BJ2nqnRvfPMnKssbx+rA93+cUfOebgLBDRH3BdJee24sHOgbRGgB2q0J4F
Tyusdy3PoDbn6Qx87xR2RHkdxgOu5no0AvS6sQQP2zM5zKgWUvL4y6g6Ql7T6LZp
hQYOffBx+3Vfy9P2FX8lx82Ib8a7XOTPLUHuOYGMnIITffYKmbmksVyBWTJQB7T4
bCOhS7PfX1KKuoxUfC4U02NNgaody9LcprBQ3OjjelcjXNf4Ey+bmlwcheffAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUN4V9d5TF8Rv9XOgwfwNMJ51Jc8gwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA0ODQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf42
MA0GCSqGSIb3DQEBCwUAA4IBAQBgkffL8jxprlN5dJTv0EsEA7XJBRuSLabLVLKf
MPKy+RopEwjzT5Sipa6E4oyi2kdS4AXUJGt8x2AqUTzSJkBYSjYbRkuxRUdmZXHD
lw2CKzjd/NddhW8Hdw7NltGU+mTECJ9sV1Y+0FYS3Q4EaceagYu+PzaAydkpSB97
FQ6YUXqTuCAiLILSyxS87eKKpci547JDIhIouyRMiGXwdmtqyU+w/vDXlGcu+CSE
DqHs190lwj2PNnvdyVQW7oXw/jAccgYQv98t8W8iGayk/v5sS8sarf/HdFDYdMrN
nemi3D/D0l6eYbDFJSLM8SESPvr5bdFY/EdlzlW6SbH0ltmP
-----END CERTIFICATE-----