Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS197071.roa
File:                     AS197071.roa (raw, json)
Hash identifier:          lEEdd1X/t4PRVERkDLDE9CW/6D9dXQDds7UaFqDOlkM=
Subject key identifier:   BD:36:53:00:BD:78:3B:F6:59:31:D8:C5:59:5E:8F:4B:68:20:FE:35
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6C711FB6D6FCE34B53B8D8836066F0DD1FEF46F1
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS197071.roa
Signing time:             Tue 01 Jul 2025 18:59:39 +0000
ROA not before:           Tue 01 Jul 2025 18:54:39 +0000
ROA not after:            Tue 30 Jun 2026 18:59:39 +0000
asID:                     197071
IP address blocks:        178.93.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:71:1f:b6:d6:fc:e3:4b:53:b8:d8:83:60:66:f0:dd:1f:ef:46:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul  1 18:54:39 2025 GMT
            Not After : Jun 30 18:59:39 2026 GMT
        Subject: CN=BD365300BD783BF65931D8C5595E8F4B6820FE35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5b:20:5a:4d:4c:ec:b7:b5:3a:5f:d5:b0:e1:
                    8b:7f:32:a3:16:50:53:14:2d:3a:f0:c5:c0:32:fb:
                    7d:9a:a5:f1:7a:00:c5:f2:3b:c5:f6:f0:d6:03:65:
                    49:d0:6d:e0:f4:c0:65:22:b2:df:3a:da:ad:6d:f0:
                    a4:f0:63:76:7f:d9:4a:92:fc:91:23:ae:a6:e6:56:
                    58:c5:f9:66:dc:15:cc:c3:b5:f0:11:6d:f3:ab:54:
                    18:8d:26:55:e9:fa:0e:ae:c0:fc:4e:64:76:87:83:
                    37:fc:7e:94:0e:cf:4e:4d:8f:e4:67:51:d3:5b:e4:
                    13:74:81:ed:f5:12:22:14:83:50:d6:9c:63:48:f7:
                    90:ac:e9:e3:b6:26:93:9b:01:9b:28:f2:d5:47:9f:
                    a2:ee:8e:93:e8:39:9a:0f:21:83:d0:c7:02:64:df:
                    8d:c8:dd:fe:3b:b4:b7:f5:27:eb:89:6e:f7:80:6d:
                    a1:25:b3:c0:bf:e5:eb:7e:0d:20:01:8a:42:84:ad:
                    22:9b:7f:0b:16:8d:91:dc:5a:5b:b8:43:74:ef:d4:
                    b2:2d:bd:c3:d3:54:61:c8:e3:98:12:ad:4e:71:52:
                    2b:ca:06:b5:2a:19:11:3b:cd:69:95:e5:c6:d5:88:
                    a9:01:c8:4d:9a:8e:9a:50:5a:15:ac:c9:a3:7d:bf:
                    1f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:36:53:00:BD:78:3B:F6:59:31:D8:C5:59:5E:8F:4B:68:20:FE:35
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS197071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:fa:c5:8f:28:47:dc:55:d2:61:7d:c2:c7:3b:e9:82:c0:a0:
         f7:2b:70:82:1f:36:64:9c:3b:1c:94:c7:fa:92:0b:ef:5f:64:
         1a:85:e0:99:ec:1c:d6:e4:a9:0f:3b:ba:0b:ae:36:26:da:1f:
         84:58:fa:95:82:6a:13:fd:97:92:46:15:e8:62:bc:c6:d7:f4:
         87:cf:52:59:71:c4:b0:20:5c:0f:16:20:8a:45:b6:79:03:02:
         1a:7e:10:95:61:54:9b:13:28:ed:2d:94:aa:35:ac:3b:86:d3:
         b8:bd:a5:73:4a:3d:f2:35:a5:8a:47:ac:3a:4a:8f:f6:78:0a:
         6e:79:6b:25:a8:d5:6a:21:db:28:51:2b:47:9a:88:1b:47:08:
         fd:28:63:c8:0a:3c:a1:94:9c:17:96:84:89:cc:76:25:80:ac:
         29:7b:16:fb:79:79:99:a6:e2:c0:c6:08:8b:ab:d2:c6:a8:76:
         0a:05:14:fe:b6:43:5d:d7:02:d2:c8:3c:e4:67:1f:f8:a5:35:
         2f:de:3f:e1:11:ac:35:e7:bb:63:0e:eb:8a:0e:98:6a:1d:56:
         83:3d:b6:37:23:49:76:44:5a:d3:de:e1:15:8a:7b:a5:d6:0d:
         b7:0b:d5:6f:26:5b:ad:ff:2f:66:18:33:51:e3:8d:25:ef:3f:
         4b:94:49:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbHEfttb840tTuNiDYGbw3R/vRvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MDExODU0MzlaFw0yNjA2MzAxODU5MzlaMDMxMTAvBgNV
BAMTKEJEMzY1MzAwQkQ3ODNCRjY1OTMxRDhDNTU5NUU4RjRCNjgyMEZFMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjWyBaTUzst7U6X9Ww4Yt/MqMW
UFMULTrwxcAy+32apfF6AMXyO8X28NYDZUnQbeD0wGUist862q1t8KTwY3Z/2UqS
/JEjrqbmVljF+WbcFczDtfARbfOrVBiNJlXp+g6uwPxOZHaHgzf8fpQOz05Nj+Rn
UdNb5BN0ge31EiIUg1DWnGNI95Cs6eO2JpObAZso8tVHn6LujpPoOZoPIYPQxwJk
343I3f47tLf1J+uJbveAbaEls8C/5et+DSABikKErSKbfwsWjZHcWlu4Q3Tv1LIt
vcPTVGHI45gSrU5xUivKBrUqGRE7zWmV5cbViKkByE2ajppQWhWsyaN9vx8zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvTZTAL14O/ZZMdjFWV6PS2gg/jUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk3MDcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl3T
MA0GCSqGSIb3DQEBCwUAA4IBAQCj+sWPKEfcVdJhfcLHO+mCwKD3K3CCHzZknDsc
lMf6kgvvX2QaheCZ7BzW5KkPO7oLrjYm2h+EWPqVgmoT/ZeSRhXoYrzG1/SHz1JZ
ccSwIFwPFiCKRbZ5AwIafhCVYVSbEyjtLZSqNaw7htO4vaVzSj3yNaWKR6w6So/2
eApueWslqNVqIdsoUStHmogbRwj9KGPICjyhlJwXloSJzHYlgKwpexb7eXmZpuLA
xgiLq9LGqHYKBRT+tkNd1wLSyDzkZx/4pTUv3j/hEaw157tjDuuKDphqHVaDPbY3
I0l2RFrT3uEVinul1g23C9VvJlut/y9mGDNR440l7z9LlEkF
-----END CERTIFICATE-----