Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS10753.roa
File:                     AS10753.roa (raw, json)
Hash identifier:          CiXCcvu7rTIE2gZBx+mwaKLEIejqF+v0CglAFce9aDg=
Subject key identifier:   BB:DD:94:D3:20:68:13:F1:80:98:ED:66:B4:5E:8B:C2:2C:93:50:E4
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3683A97149D165809DBDF14529878105F399B828
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS10753.roa
Signing time:             Thu 23 Jan 2025 11:39:51 +0000
ROA not before:           Thu 23 Jan 2025 11:34:51 +0000
ROA not after:            Thu 22 Jan 2026 11:39:51 +0000
asID:                     10753
IP address blocks:        91.124.116.0/22 maxlen: 24
                          91.124.120.0/22 maxlen: 24
                          91.124.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:83:a9:71:49:d1:65:80:9d:bd:f1:45:29:87:81:05:f3:99:b8:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jan 23 11:34:51 2025 GMT
            Not After : Jan 22 11:39:51 2026 GMT
        Subject: CN=BBDD94D3206813F18098ED66B45E8BC22C9350E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b2:3a:f4:dc:ef:b4:e4:b2:08:b4:fa:c8:15:
                    9d:88:4c:61:0e:fc:81:a0:69:77:04:0a:40:6d:62:
                    f8:93:85:40:b8:88:6c:f3:ea:90:99:e2:b0:e5:42:
                    f0:ef:ae:27:fa:b0:4c:bd:7e:69:d1:86:8c:53:d4:
                    6e:d1:eb:cf:e3:7b:03:80:02:0e:c5:63:04:d8:db:
                    52:d9:b9:6e:66:b3:31:98:52:18:e7:39:11:e0:96:
                    dc:c3:b3:a8:3a:30:7a:6d:0f:65:6d:89:00:94:33:
                    84:66:89:df:c4:82:3f:63:eb:46:5f:44:76:41:b6:
                    61:01:f6:d0:7f:0a:86:60:70:0d:b0:b0:52:e5:88:
                    8d:26:dc:4b:0b:f2:8f:22:e9:33:8e:36:d7:6b:f9:
                    6f:ad:24:47:4a:d6:2e:c8:16:27:7f:bf:ab:9f:60:
                    dd:66:db:22:46:3f:9a:4a:4b:e4:90:59:f6:cf:f5:
                    7e:67:b5:cb:70:4f:7c:a1:59:18:42:8c:bc:39:4d:
                    ae:02:05:f3:52:cd:ec:e4:0a:3f:b8:d2:8e:ec:ab:
                    e1:f6:2f:97:7b:68:19:f3:2e:42:07:5d:99:62:9b:
                    55:ad:da:6a:af:b5:07:d3:71:06:f5:39:98:20:ba:
                    01:06:7d:55:53:9a:ad:ff:28:ff:57:15:ce:7d:04:
                    85:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:DD:94:D3:20:68:13:F1:80:98:ED:66:B4:5E:8B:C2:2C:93:50:E4
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS10753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.116.0-91.124.123.255
                  91.124.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:35:a5:ef:d0:ef:dc:ca:0f:36:60:dc:7b:c7:9f:3b:fc:f7:
         9d:b0:82:57:9e:ab:ac:dc:c6:9c:fe:a4:a0:0b:1c:dd:d9:a7:
         dc:c0:8c:0b:43:db:82:67:67:16:33:40:c1:60:9e:70:82:69:
         bb:55:8d:d3:be:9d:85:70:d7:34:39:bd:65:42:8c:54:e3:23:
         1b:20:c5:81:cc:82:a5:03:9b:4a:72:49:b9:8f:02:f5:9e:90:
         0a:61:3d:f9:bc:05:9d:be:4e:40:12:f2:51:8f:e2:5f:46:3a:
         e1:7e:9c:52:18:54:90:d8:25:82:98:01:e2:b7:00:7d:4b:bd:
         50:c0:27:fc:4f:23:d3:9a:d5:52:3e:fc:0b:4e:aa:ca:b9:23:
         57:27:46:d1:58:e5:b3:38:ef:1b:9f:8a:91:a3:54:b2:7d:4b:
         5a:37:3f:95:b7:7d:71:24:09:e2:72:80:8f:8c:e4:95:09:93:
         92:1c:e0:41:00:56:b3:6a:3e:0e:9e:f5:91:15:b8:45:83:ef:
         27:87:83:8c:1f:74:c7:72:b6:bf:8d:ac:23:3b:7c:bf:76:30:
         0d:31:f2:a4:c4:16:0b:98:86:81:80:e7:b4:8f:22:b6:f0:31:
         e5:09:d2:f4:87:1c:6b:41:87:1f:1c:7d:85:2e:e5:38:4d:e4:
         62:12:74:bc
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIUNoOpcUnRZYCdvfFFKYeBBfOZuCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAxMjMxMTM0NTFaFw0yNjAxMjIxMTM5NTFaMDMxMTAvBgNV
BAMTKEJCREQ5NEQzMjA2ODEzRjE4MDk4RUQ2NkI0NUU4QkMyMkM5MzUwRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIsjr03O+05LIItPrIFZ2ITGEO
/IGgaXcECkBtYviThUC4iGzz6pCZ4rDlQvDvrif6sEy9fmnRhoxT1G7R68/jewOA
Ag7FYwTY21LZuW5mszGYUhjnORHgltzDs6g6MHptD2VtiQCUM4Rmid/Egj9j60Zf
RHZBtmEB9tB/CoZgcA2wsFLliI0m3EsL8o8i6TOONtdr+W+tJEdK1i7IFid/v6uf
YN1m2yJGP5pKS+SQWfbP9X5ntctwT3yhWRhCjLw5Ta4CBfNSzezkCj+40o7sq+H2
L5d7aBnzLkIHXZlim1Wt2mqvtQfTcQb1OZggugEGfVVTmq3/KP9XFc59BIVpAgMB
AAGjggIXMIICEzAdBgNVHQ4EFgQUu92U0yBoE/GAmO1mtF6LwiyTUOQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTA3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgABMBQwDAMEAlt8
dAMEAlt8eAMEAlt8nDANBgkqhkiG9w0BAQsFAAOCAQEArDWl79Dv3MoPNmDce8ef
O/z3nbCCV56rrNzGnP6koAsc3dmn3MCMC0PbgmdnFjNAwWCecIJpu1WN076dhXDX
NDm9ZUKMVOMjGyDFgcyCpQObSnJJuY8C9Z6QCmE9+bwFnb5OQBLyUY/iX0Y64X6c
UhhUkNglgpgB4rcAfUu9UMAn/E8j05rVUj78C06qyrkjVydG0VjlszjvG5+KkaNU
sn1LWjc/lbd9cSQJ4nKAj4zklQmTkhzgQQBWs2o+Dp71kRW4RYPvJ4eDjB90x3K2
v42sIzt8v3YwDTHypMQWC5iGgYDntI8itvAx5QnS9Icca0GHHxx9hS7lOE3kYhJ0
vA==
-----END CERTIFICATE-----