Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa
File:                     AS149977.roa (raw, json)
Hash identifier:          wq+iTMFYyGidSv3ikPLv8dBIrJu7q95YbFS+nxfjsy0=
Subject key identifier:   77:3C:5A:C4:F0:9C:D7:CA:C6:5C:DE:67:17:E3:9F:A3:70:D7:41:93
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       723FDD901A710466A4B0CC51F8B1DB3069E081AA
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa
Signing time:             Thu 03 Apr 2025 11:05:15 +0000
ROA not before:           Thu 03 Apr 2025 11:00:15 +0000
ROA not after:            Thu 02 Apr 2026 11:05:15 +0000
asID:                     149977
IP address blocks:        91.124.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:24:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:3f:dd:90:1a:71:04:66:a4:b0:cc:51:f8:b1:db:30:69:e0:81:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  3 11:00:15 2025 GMT
            Not After : Apr  2 11:05:15 2026 GMT
        Subject: CN=773C5AC4F09CD7CAC65CDE6717E39FA370D74193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6d:94:36:2a:13:ad:58:a0:f9:d7:4e:b2:28:
                    d0:98:33:83:47:4b:29:c5:a0:de:ae:63:f8:6c:c6:
                    02:92:a3:81:ff:fb:6d:1a:e3:17:a1:f4:c9:6d:29:
                    9c:bf:b9:c4:f9:3b:69:20:42:6c:02:a6:3e:08:04:
                    22:75:5d:5b:c2:49:08:80:81:9d:06:3e:a4:8c:d8:
                    23:24:bb:7a:a8:d4:95:ec:82:63:7f:95:83:f4:4c:
                    28:6c:ef:00:85:c0:9d:96:e6:08:93:fc:00:77:69:
                    f1:fe:4c:be:b3:d3:45:30:15:f4:33:bc:62:59:79:
                    17:9c:71:11:d4:58:a8:82:35:3c:f4:3e:85:74:62:
                    63:7e:0b:fe:49:e7:b3:4e:01:8b:b3:60:f9:f7:93:
                    09:ad:1a:7a:8b:f9:1b:d9:23:d6:af:75:cb:c2:cc:
                    f6:36:8b:b8:a0:c6:04:73:12:bd:a7:d8:f4:fe:c2:
                    29:ef:1e:86:3a:3c:90:d4:6e:d6:cf:14:cc:d7:07:
                    27:52:82:cc:b4:a3:3d:23:e8:c0:16:12:02:20:de:
                    31:02:e3:75:9b:b9:ef:76:af:6a:83:59:33:76:5b:
                    e7:ba:0c:4a:49:46:d9:2e:15:b4:f3:4d:95:ed:dc:
                    5d:da:e1:ac:4e:49:3c:e0:56:07:25:d6:f4:36:aa:
                    b4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3C:5A:C4:F0:9C:D7:CA:C6:5C:DE:67:17:E3:9F:A3:70:D7:41:93
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:9d:71:22:a0:d6:72:d1:d0:8a:05:8d:da:0f:41:98:1a:01:
         20:22:98:45:af:16:93:59:b5:d2:d1:09:3e:06:60:94:67:61:
         37:0b:b9:62:31:10:8d:fd:6b:a9:48:60:c6:68:bb:c1:41:8c:
         49:15:d5:f7:61:50:40:db:d1:9c:14:4b:42:c2:2e:79:a2:0f:
         ce:45:f2:17:f0:af:90:8f:11:38:d1:da:b7:bc:25:f0:e1:3b:
         8c:33:20:4e:38:d8:a2:2e:35:a0:3b:bd:de:c6:0b:7c:d4:ee:
         4b:80:1d:67:1b:21:2e:26:6d:d5:7b:c4:a6:1e:94:8b:f9:c7:
         57:58:ed:22:36:eb:e9:87:7f:a5:28:9b:94:e0:1b:aa:df:53:
         2f:15:97:04:2f:d3:c2:f1:85:e1:41:29:56:62:ee:7f:8e:93:
         06:58:54:84:23:13:0d:e1:d6:e7:99:a1:08:c9:0a:36:3c:a4:
         5b:bf:25:9f:a4:37:2b:f9:d0:5f:30:25:43:15:2f:15:f8:23:
         cf:26:f8:05:06:18:95:21:a8:7a:78:f5:48:96:13:24:60:54:
         2b:a7:d4:07:b9:da:3a:a3:5b:35:2e:5e:90:c0:bb:b1:d4:8c:
         a2:93:6e:0f:24:ff:c8:35:a1:10:96:07:6e:51:fd:ff:12:bf:
         9a:ee:09:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcj/dkBpxBGaksMxR+LHbMGnggaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MDMxMTAwMTVaFw0yNjA0MDIxMTA1MTVaMDMxMTAvBgNV
BAMTKDc3M0M1QUM0RjA5Q0Q3Q0FDNjVDREU2NzE3RTM5RkEzNzBENzQxOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/bZQ2KhOtWKD5106yKNCYM4NH
SynFoN6uY/hsxgKSo4H/+20a4xeh9MltKZy/ucT5O2kgQmwCpj4IBCJ1XVvCSQiA
gZ0GPqSM2CMku3qo1JXsgmN/lYP0TChs7wCFwJ2W5giT/AB3afH+TL6z00UwFfQz
vGJZeReccRHUWKiCNTz0PoV0YmN+C/5J57NOAYuzYPn3kwmtGnqL+RvZI9avdcvC
zPY2i7igxgRzEr2n2PT+winvHoY6PJDUbtbPFMzXBydSgsy0oz0j6MAWEgIg3jEC
43Wbue92r2qDWTN2W+e6DEpJRtkuFbTzTZXt3F3a4axOSTzgVgcl1vQ2qrTbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdzxaxPCc18rGXN5nF+Ofo3DXQZMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTQ5OTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3wP
MA0GCSqGSIb3DQEBCwUAA4IBAQAxnXEioNZy0dCKBY3aD0GYGgEgIphFrxaTWbXS
0Qk+BmCUZ2E3C7liMRCN/WupSGDGaLvBQYxJFdX3YVBA29GcFEtCwi55og/ORfIX
8K+QjxE40dq3vCXw4TuMMyBOONiiLjWgO73exgt81O5LgB1nGyEuJm3Ve8SmHpSL
+cdXWO0iNuvph3+lKJuU4Buq31MvFZcEL9PC8YXhQSlWYu5/jpMGWFSEIxMN4dbn
maEIyQo2PKRbvyWfpDcr+dBfMCVDFS8V+CPPJvgFBhiVIah6ePVIlhMkYFQrp9QH
udo6o1s1Ll6QwLux1Iyik24PJP/INaEQlgduUf3/Er+a7gmU
-----END CERTIFICATE-----