Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa
File:                     AS149977.roa (raw, json)
Hash identifier:          QyYR7PclbhwR+KWSmUcTxPg0FECgJ+Ea+4AECExK/Og=
Subject key identifier:   D6:3E:5E:F0:B0:C2:9A:18:1E:E6:02:E3:52:3A:BC:39:D3:CF:CC:C2
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5BFBB195FBC970B132F2B3DA154030E308ECECCC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa
Signing time:             Thu 21 Nov 2024 12:21:15 +0000
ROA not before:           Thu 21 Nov 2024 12:16:15 +0000
ROA not after:            Thu 20 Nov 2025 12:21:15 +0000
asID:                     149977
IP address blocks:        91.124.14.0/24 maxlen: 24
                          91.124.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:fb:b1:95:fb:c9:70:b1:32:f2:b3:da:15:40:30:e3:08:ec:ec:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov 21 12:16:15 2024 GMT
            Not After : Nov 20 12:21:15 2025 GMT
        Subject: CN=D63E5EF0B0C29A181EE602E3523ABC39D3CFCCC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:94:0c:2b:b6:a8:2d:49:e3:8c:a8:4e:66:6d:
                    97:7a:fd:d4:0c:6d:6b:86:cb:74:f8:87:25:a5:19:
                    5a:e8:f1:c7:79:5c:fa:e5:43:1d:62:27:7f:83:96:
                    94:da:cf:4c:eb:38:c4:e1:ad:60:e9:50:93:6e:d3:
                    9c:ae:72:5d:c6:f0:01:56:db:f7:ea:30:97:ac:3d:
                    9e:b6:65:94:78:55:ad:a3:e2:26:65:80:aa:b1:e0:
                    d1:14:b5:ac:fd:07:8e:d0:01:ed:51:ff:3a:2d:96:
                    62:49:83:67:54:a8:7b:12:77:f2:2d:0b:a1:cf:8d:
                    e3:ee:60:d0:f6:97:e1:ed:30:06:2b:b9:50:75:b2:
                    24:f5:9e:93:a5:a6:e7:7b:32:78:de:4e:cf:37:f6:
                    7d:2f:b4:6d:31:d7:ab:dc:4f:a1:0e:8e:af:eb:e4:
                    b9:c9:37:5c:39:2d:18:05:03:58:29:70:52:c0:e0:
                    35:48:cf:49:e6:12:a5:14:c6:ad:d3:bb:ec:ca:bb:
                    9b:ff:bd:72:09:90:79:da:19:b3:0b:cf:ba:a7:bf:
                    94:1a:97:af:07:51:03:83:1f:3c:48:8a:5d:d6:88:
                    55:8c:99:1e:35:c2:4f:72:c3:80:2a:94:0d:85:12:
                    f7:32:84:2d:87:65:bd:56:8e:d4:7c:dc:4d:4a:47:
                    b4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3E:5E:F0:B0:C2:9A:18:1E:E6:02:E3:52:3A:BC:39:D3:CF:CC:C2
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS149977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:5a:ba:08:e3:73:5a:44:da:43:01:d4:3d:aa:da:21:04:2d:
         89:7e:c1:d5:1c:21:46:0c:ae:17:ec:be:9c:eb:7a:12:fb:a9:
         11:a5:b8:20:97:a2:f3:87:21:e7:1b:0c:8e:dc:07:0c:cb:bb:
         46:e9:6e:f6:dc:96:bd:c3:f4:69:43:2a:c6:f7:60:49:91:9b:
         1e:fc:ea:39:fd:ec:00:a2:58:0a:84:39:f1:7c:00:2c:80:9e:
         b4:1b:75:eb:a2:73:0b:f8:5c:7b:bf:45:ed:2b:9c:6e:aa:20:
         ae:ae:37:fd:48:e0:4e:3f:15:34:b8:56:79:db:e3:b3:c1:d6:
         d7:c1:25:2d:be:9d:44:81:db:cb:1d:1e:e6:9c:e5:0b:77:a6:
         45:5f:df:c1:8b:74:7f:10:71:08:3d:6b:ff:c0:24:f0:66:e9:
         5b:25:ce:25:75:e9:b9:d1:04:a1:72:63:20:ab:4e:ca:cb:5f:
         df:68:99:93:84:23:c7:a6:ce:79:6b:41:fa:36:c1:73:2a:76:
         aa:53:72:06:4e:24:d8:22:d1:30:09:58:72:64:73:89:ef:a9:
         e3:3d:f2:fe:d0:0c:72:33:89:0c:10:91:e1:42:50:14:8f:75:
         ee:f3:3e:7c:0d:9a:5b:9c:07:d9:df:0d:5f:29:98:d8:6d:9e:
         b2:62:0d:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUW/uxlfvJcLEy8rPaFUAw4wjs7MwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMjExMjE2MTVaFw0yNTExMjAxMjIxMTVaMDMxMTAvBgNV
BAMTKEQ2M0U1RUYwQjBDMjlBMTgxRUU2MDJFMzUyM0FCQzM5RDNDRkNDQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQColAwrtqgtSeOMqE5mbZd6/dQM
bWuGy3T4hyWlGVro8cd5XPrlQx1iJ3+DlpTaz0zrOMThrWDpUJNu05yucl3G8AFW
2/fqMJesPZ62ZZR4Va2j4iZlgKqx4NEUtaz9B47QAe1R/zotlmJJg2dUqHsSd/It
C6HPjePuYND2l+HtMAYruVB1siT1npOlpud7MnjeTs839n0vtG0x16vcT6EOjq/r
5LnJN1w5LRgFA1gpcFLA4DVIz0nmEqUUxq3Tu+zKu5v/vXIJkHnaGbMLz7qnv5Qa
l68HUQODHzxIil3WiFWMmR41wk9yw4AqlA2FEvcyhC2HZb1WjtR83E1KR7RvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1j5e8LDCmhge5gLjUjq8OdPPzMIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTQ5OTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW3wO
MA0GCSqGSIb3DQEBCwUAA4IBAQB7WroI43NaRNpDAdQ9qtohBC2JfsHVHCFGDK4X
7L6c63oS+6kRpbggl6LzhyHnGwyO3AcMy7tG6W723Ja9w/RpQyrG92BJkZse/Oo5
/ewAolgKhDnxfAAsgJ60G3XronML+Fx7v0XtK5xuqiCurjf9SOBOPxU0uFZ52+Oz
wdbXwSUtvp1EgdvLHR7mnOULd6ZFX9/Bi3R/EHEIPWv/wCTwZulbJc4ldem50QSh
cmMgq07Ky1/faJmThCPHps55a0H6NsFzKnaqU3IGTiTYItEwCVhyZHOJ76njPfL+
0AxyM4kMEJHhQlAUj3Xu8z58DZpbnAfZ3w1fKZjYbZ6yYg1Q
-----END CERTIFICATE-----