Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16509.roa
File:                     AS16509.roa (raw, json)
Hash identifier:          m8LL9r4hSKoj46UDQBBqfTnAoKOg/8pkhxOLen0LvNU=
Subject key identifier:   1A:67:3E:92:D0:BA:D6:E4:E5:74:C9:9D:49:0D:A9:1B:F3:67:94:3C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       79677D546E1316272831CC2AFC4F13CB56B65A69
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16509.roa
Signing time:             Wed 31 Jul 2024 17:06:25 +0000
ROA not before:           Wed 31 Jul 2024 17:01:25 +0000
ROA not after:            Wed 30 Jul 2025 17:06:25 +0000
asID:                     16509
IP address blocks:        91.124.131.0/24 maxlen: 24
                          91.124.133.0/24 maxlen: 24
                          92.112.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:67:7d:54:6e:13:16:27:28:31:cc:2a:fc:4f:13:cb:56:b6:5a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 31 17:01:25 2024 GMT
            Not After : Jul 30 17:06:25 2025 GMT
        Subject: CN=1A673E92D0BAD6E4E574C99D490DA91BF367943C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:7c:e9:a8:1d:30:0b:b1:bf:5b:5b:3b:b8:bb:
                    b1:7a:1a:56:78:eb:fa:96:e5:6a:de:72:65:8d:fe:
                    92:4e:6d:e6:b4:33:e4:81:70:13:9b:de:c9:92:ed:
                    3c:f8:c8:7e:42:e0:03:75:49:b8:66:8e:7e:31:0c:
                    b2:46:dc:40:dd:db:b1:1a:af:67:d9:4e:44:0e:ee:
                    a4:a1:d0:a7:d7:9a:28:58:1c:1c:98:0d:1c:ab:53:
                    99:8d:e8:25:9c:0c:0d:9f:ca:5d:1a:a2:cb:5a:ae:
                    bb:ea:08:bb:3a:52:0e:56:f9:df:96:2d:f0:79:2f:
                    3c:7a:16:d7:bd:26:d8:28:eb:fc:d9:4b:29:eb:bf:
                    4c:41:92:e3:55:77:eb:e4:a4:4a:59:95:fb:83:0c:
                    b0:8f:46:96:2e:31:90:90:c6:b9:4a:f1:b0:12:20:
                    17:11:c7:16:f3:44:7a:ac:24:42:a1:de:3d:e2:6b:
                    c9:4e:e7:79:d6:83:d4:cc:fc:f3:a1:51:5f:0a:d0:
                    9e:08:4f:17:f9:d7:cd:e0:b4:f4:76:c7:ed:f7:02:
                    88:f4:7a:10:3f:61:74:68:67:04:4d:0c:49:b6:38:
                    02:f6:51:9a:67:f5:2a:eb:20:dd:aa:21:1f:91:d0:
                    84:9b:25:bd:e8:d6:63:dc:cf:44:a0:a3:8f:6d:89:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:67:3E:92:D0:BA:D6:E4:E5:74:C9:9D:49:0D:A9:1B:F3:67:94:3C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS16509.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.131.0/24
                  91.124.133.0/24
                  92.112.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:25:60:9e:91:f9:0e:58:b7:39:a6:05:20:35:ba:bd:71:29:
         73:98:e3:de:34:4b:1e:f1:63:c4:c2:54:83:3e:64:fd:1f:81:
         df:45:1e:92:3d:fa:08:ae:ee:51:08:5e:20:f4:d4:7a:89:9d:
         f2:87:a7:06:db:82:01:da:5e:f1:78:3d:b8:66:e8:26:c1:94:
         d5:11:b0:38:83:3f:7e:64:b2:50:18:6c:c0:f4:dd:a6:d3:be:
         0c:69:c8:ad:a1:aa:c8:6a:c8:b4:e4:a8:05:fe:d6:fc:9d:f2:
         e8:6a:9e:08:78:1d:de:45:59:a0:10:5e:0a:8a:6a:d8:4e:0e:
         dc:57:17:5e:1b:66:8a:e5:e7:a4:89:8f:46:28:4e:d4:b7:7a:
         a7:7c:22:a8:d6:22:6f:f0:56:78:8a:26:68:e6:ff:b8:01:aa:
         e9:77:24:eb:dc:de:81:20:41:38:26:e8:7e:15:9b:61:f5:c4:
         d0:42:d0:42:ab:71:5e:77:63:5d:c4:18:a8:6b:1d:b0:52:1b:
         9d:0b:24:8a:77:17:98:59:c1:d4:8d:e6:ca:11:2c:c6:40:9c:
         42:b8:d2:fc:27:e3:5c:56:e3:43:5b:24:e8:f0:b6:df:2c:ee:
         ce:1d:d5:9b:9a:82:d9:1b:7a:20:f3:8c:07:a3:b6:d1:3f:27:
         3f:46:b6:b5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUeWd9VG4TFicoMcwq/E8Ty1a2WmkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA3MzExNzAxMjVaFw0yNTA3MzAxNzA2MjVaMDMxMTAvBgNV
BAMTKDFBNjczRTkyRDBCQUQ2RTRFNTc0Qzk5RDQ5MERBOTFCRjM2Nzk0M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDifOmoHTALsb9bWzu4u7F6GlZ4
6/qW5WrecmWN/pJObea0M+SBcBOb3smS7Tz4yH5C4AN1Sbhmjn4xDLJG3EDd27Ea
r2fZTkQO7qSh0KfXmihYHByYDRyrU5mN6CWcDA2fyl0aostarrvqCLs6Ug5W+d+W
LfB5Lzx6Fte9Jtgo6/zZSynrv0xBkuNVd+vkpEpZlfuDDLCPRpYuMZCQxrlK8bAS
IBcRxxbzRHqsJEKh3j3ia8lO53nWg9TM/POhUV8K0J4ITxf5183gtPR2x+33Aoj0
ehA/YXRoZwRNDEm2OAL2UZpn9SrrIN2qIR+R0ISbJb3o1mPcz0Sgo49tid/9AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUGmc+ktC61uTldMmdSQ2pG/NnlDwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTY1MDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABbfIMD
BABbfIUDBABccDMwDQYJKoZIhvcNAQELBQADggEBAHklYJ6R+Q5YtzmmBSA1ur1x
KXOY4940Sx7xY8TCVIM+ZP0fgd9FHpI9+giu7lEIXiD01HqJnfKHpwbbggHaXvF4
Pbhm6CbBlNURsDiDP35kslAYbMD03abTvgxpyK2hqshqyLTkqAX+1vyd8uhqngh4
Hd5FWaAQXgqKathODtxXF14bZorl56SJj0YoTtS3eqd8IqjWIm/wVniKJmjm/7gB
qul3JOvc3oEgQTgm6H4Vm2H1xNBC0EKrcV53Y13EGKhrHbBSG50LJIp3F5hZwdSN
5soRLMZAnEK40vwn41xW40NbJOjwtt8s7s4d1ZuagtkbeiDzjAejttE/Jz9GtrU=
-----END CERTIFICATE-----