Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa
File:                     AS153371.roa (raw, json)
Hash identifier:          TkxQeG77paZC4SZt3M2LDWj3bPeJzoCF9GL/76TWyqg=
Subject key identifier:   10:D6:EC:39:12:AC:4F:9C:64:39:D4:6F:F9:06:57:37:2F:1F:C8:5B
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6EB6CBC790029C50C310742AE00745A5E1EDC60E
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa
Signing time:             Mon 03 Mar 2025 15:50:59 +0000
ROA not before:           Mon 03 Mar 2025 15:45:59 +0000
ROA not after:            Mon 02 Mar 2026 15:50:59 +0000
asID:                     153371
IP address blocks:        92.113.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 15:28:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:b6:cb:c7:90:02:9c:50:c3:10:74:2a:e0:07:45:a5:e1:ed:c6:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  3 15:45:59 2025 GMT
            Not After : Mar  2 15:50:59 2026 GMT
        Subject: CN=10D6EC3912AC4F9C6439D46FF90657372F1FC85B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:75:de:d0:d8:5f:11:e4:e1:fb:a2:bc:25:d8:
                    f4:7a:05:e8:d2:70:fc:cb:92:f6:1e:3e:f0:07:6f:
                    c7:c6:a2:1f:2e:20:7e:8e:17:61:99:65:38:cb:6c:
                    32:39:60:a4:8f:e2:45:e7:30:4e:2b:ca:a6:19:01:
                    b4:f7:85:bd:c5:28:c7:36:ee:63:20:ee:a8:0b:93:
                    a8:ab:e4:43:2b:2f:46:ae:00:e4:97:ab:46:25:ff:
                    76:15:2b:18:64:e5:1c:da:78:37:f9:5a:bd:27:49:
                    66:64:f8:42:c7:06:00:05:93:b6:3e:a0:cb:01:92:
                    dc:c6:1c:6f:60:ed:8f:49:4d:78:cb:6e:5a:46:12:
                    a3:02:09:c8:ae:5e:2b:1b:00:4d:05:4e:df:1b:6e:
                    a6:63:47:c8:65:95:fd:39:b6:d0:cd:ad:26:c0:65:
                    63:e9:f1:b1:3d:f7:a6:e9:6f:a3:cc:0b:ec:75:2a:
                    a0:f1:2f:60:f2:8b:cf:3b:c5:5b:b3:e5:ed:26:59:
                    6a:5c:e9:cf:bd:db:9f:33:f1:39:a2:81:7b:70:03:
                    bd:b0:41:ce:ec:18:21:b8:84:09:a0:04:97:2f:dc:
                    3f:ea:d4:4c:0c:93:94:ef:fb:46:7c:58:d3:ad:d3:
                    7b:12:18:fc:19:2c:7a:7f:39:52:71:71:b6:d5:b0:
                    47:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D6:EC:39:12:AC:4F:9C:64:39:D4:6F:F9:06:57:37:2F:1F:C8:5B
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS153371.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:78:4c:92:50:e5:51:c1:96:85:11:bd:71:5c:3a:6f:f9:4a:
         b5:33:03:46:7b:86:4c:5e:d6:dc:6b:34:61:24:2c:be:64:5b:
         89:97:f3:0d:9b:ae:a0:dd:af:b4:c1:0e:df:48:e1:4d:9d:d6:
         6e:43:4f:d1:c0:6f:7b:e9:b5:d7:0f:66:4a:a8:44:e9:53:34:
         0e:3f:12:c3:d1:5e:81:ad:25:a1:bd:58:55:12:00:2f:c8:9d:
         29:2d:38:ed:ca:38:cc:a7:b1:12:43:ce:8a:4a:7e:91:9c:c1:
         a4:2d:73:a1:2f:60:f5:05:01:bc:b7:86:d6:a6:14:a7:47:db:
         cf:26:cf:82:1e:d4:9d:d7:11:a2:23:2b:1d:cc:cd:81:11:91:
         94:64:00:81:16:8d:df:8a:be:55:a9:67:b8:5e:9a:7d:68:62:
         9f:19:31:65:64:f9:e4:d6:85:e4:21:4d:71:7e:40:77:6f:2e:
         c8:76:c2:2f:a0:6a:ce:4f:21:64:f5:7d:61:c9:e9:bc:7c:19:
         b2:67:7c:6c:d8:b8:92:ff:aa:82:b3:71:94:5c:24:1e:f8:63:
         69:75:1f:64:e0:1f:71:91:62:6e:26:d8:b6:dd:ee:37:1a:1a:
         2c:93:ea:96:94:b7:67:86:6d:e3:a6:66:a5:60:34:8b:db:71:
         be:e1:6b:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbrbLx5ACnFDDEHQq4AdFpeHtxg4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAzMDMxNTQ1NTlaFw0yNjAzMDIxNTUwNTlaMDMxMTAvBgNV
BAMTKDEwRDZFQzM5MTJBQzRGOUM2NDM5RDQ2RkY5MDY1NzM3MkYxRkM4NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVdd7Q2F8R5OH7orwl2PR6BejS
cPzLkvYePvAHb8fGoh8uIH6OF2GZZTjLbDI5YKSP4kXnME4ryqYZAbT3hb3FKMc2
7mMg7qgLk6ir5EMrL0auAOSXq0Yl/3YVKxhk5RzaeDf5Wr0nSWZk+ELHBgAFk7Y+
oMsBktzGHG9g7Y9JTXjLblpGEqMCCciuXisbAE0FTt8bbqZjR8hllf05ttDNrSbA
ZWPp8bE996bpb6PMC+x1KqDxL2Dyi887xVuz5e0mWWpc6c+9258z8TmigXtwA72w
Qc7sGCG4hAmgBJcv3D/q1EwMk5Tv+0Z8WNOt03sSGPwZLHp/OVJxcbbVsEffAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUENbsORKsT5xkOdRv+QZXNy8fyFswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTUzMzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXHF0
MA0GCSqGSIb3DQEBCwUAA4IBAQBCeEySUOVRwZaFEb1xXDpv+Uq1MwNGe4ZMXtbc
azRhJCy+ZFuJl/MNm66g3a+0wQ7fSOFNndZuQ0/RwG976bXXD2ZKqETpUzQOPxLD
0V6BrSWhvVhVEgAvyJ0pLTjtyjjMp7ESQ86KSn6RnMGkLXOhL2D1BQG8t4bWphSn
R9vPJs+CHtSd1xGiIysdzM2BEZGUZACBFo3fir5VqWe4Xpp9aGKfGTFlZPnk1oXk
IU1xfkB3by7IdsIvoGrOTyFk9X1hyem8fBmyZ3xs2LiS/6qCs3GUXCQe+GNpdR9k
4B9xkWJuJti23e43Ghosk+qWlLdnhm3jpmalYDSL23G+4WvI
-----END CERTIFICATE-----