Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200002.roa
File:                     AS200002.roa (raw, json)
Hash identifier:          7gORPFnfXKUVU4b68SOAzzHPaWtSQyAYBo33ZhEz2aI=
Subject key identifier:   7D:6E:4A:3E:0A:0E:E2:1F:D3:9A:F8:23:B7:19:48:37:7D:7E:C7:C5
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3C0AF23F623164CCC221A5D3EEA5A25C8EFD5FB7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200002.roa
Signing time:             Fri 14 Feb 2025 20:50:11 +0000
ROA not before:           Fri 14 Feb 2025 20:45:11 +0000
ROA not after:            Fri 13 Feb 2026 20:50:11 +0000
asID:                     200002
IP address blocks:        91.124.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:0a:f2:3f:62:31:64:cc:c2:21:a5:d3:ee:a5:a2:5c:8e:fd:5f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 14 20:45:11 2025 GMT
            Not After : Feb 13 20:50:11 2026 GMT
        Subject: CN=7D6E4A3E0A0EE21FD39AF823B71948377D7EC7C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0f:d5:32:18:d9:ea:e3:28:ca:cf:95:94:11:
                    2b:a5:5f:5b:84:75:b7:e8:a5:e5:63:95:f5:35:8b:
                    13:0a:78:fb:6b:e6:4e:0c:2c:1f:ec:0f:ff:cf:6f:
                    71:46:2d:80:2b:54:eb:1c:39:81:08:f4:94:a1:0d:
                    e9:03:ab:a9:72:cd:aa:3b:e5:1f:11:2f:a1:62:cf:
                    a3:ee:f0:62:91:1e:58:91:a8:60:a2:fa:d8:ec:ae:
                    ff:be:c6:95:b1:92:22:c0:27:73:67:27:8f:15:10:
                    85:4d:f3:a4:85:fd:ee:e2:6a:6f:65:84:cb:ea:84:
                    c7:bd:b7:cd:12:d5:3c:30:11:36:b6:06:44:d0:45:
                    ea:ad:88:8a:79:98:78:e5:28:ff:2a:d0:b3:cc:1e:
                    e8:7d:53:dd:00:94:7a:a1:81:c6:99:ec:23:ee:77:
                    f4:d1:5a:c7:6e:58:18:ab:86:de:bb:5f:33:0c:95:
                    da:d2:75:e0:62:a3:26:6e:4c:d6:91:3e:35:b8:24:
                    dc:3a:da:50:ce:f3:f6:44:54:ce:87:6a:bf:21:d0:
                    a7:5d:a7:ba:94:f5:50:49:e2:fd:e7:f6:33:db:bc:
                    4e:69:66:1d:19:db:a9:fa:1e:b4:2e:d9:f2:56:88:
                    3b:15:76:2a:d2:5f:e4:7d:cc:51:ba:21:99:12:8e:
                    b1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6E:4A:3E:0A:0E:E2:1F:D3:9A:F8:23:B7:19:48:37:7D:7E:C7:C5
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS200002.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e6:0b:7d:6d:c9:c1:b1:b0:99:82:d1:51:15:9f:6e:09:85:
         fe:7e:9f:ff:1f:d4:07:fa:ad:fc:d1:6c:d7:b5:f5:2d:02:df:
         ac:ce:be:92:05:63:18:b4:1e:1b:36:2c:b6:79:e5:a6:d4:ac:
         2e:b6:46:72:5b:fe:77:2c:6f:2c:54:f6:32:8f:9d:8c:da:5d:
         7b:b3:c6:c2:64:69:df:c5:a8:29:71:a1:d6:0f:52:b3:24:e8:
         25:db:98:19:0f:23:60:a8:a9:d1:da:24:2e:b0:8e:70:d8:02:
         87:e8:18:80:ac:a7:82:80:ed:cd:9a:de:04:ad:ae:26:4b:13:
         02:4a:96:0e:fe:70:b1:43:a2:94:9a:b2:3e:c4:1a:5a:b4:db:
         8b:e7:43:c2:bc:3e:55:d4:50:72:68:e9:36:7c:1e:08:6d:db:
         bf:fa:6f:1b:9e:05:fc:b3:6f:03:42:1d:36:a4:d7:73:b8:95:
         53:a5:de:7a:8d:af:e0:46:8e:52:4a:c3:fa:8c:2f:ad:b6:d4:
         47:62:91:04:e6:43:68:87:41:d5:74:37:63:dd:9f:cf:37:56:
         65:0a:0f:0a:99:09:db:e4:56:d7:65:5f:35:6f:eb:93:9d:5f:
         de:56:71:12:98:57:cc:26:2b:cc:98:9a:5e:cd:f1:79:d0:c5:
         7e:ab:2d:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPAryP2IxZMzCIaXT7qWiXI79X7cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAyMTQyMDQ1MTFaFw0yNjAyMTMyMDUwMTFaMDMxMTAvBgNV
BAMTKDdENkU0QTNFMEEwRUUyMUZEMzlBRjgyM0I3MTk0ODM3N0Q3RUM3QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKD9UyGNnq4yjKz5WUESulX1uE
dbfopeVjlfU1ixMKePtr5k4MLB/sD//Pb3FGLYArVOscOYEI9JShDekDq6lyzao7
5R8RL6Fiz6Pu8GKRHliRqGCi+tjsrv++xpWxkiLAJ3NnJ48VEIVN86SF/e7iam9l
hMvqhMe9t80S1TwwETa2BkTQReqtiIp5mHjlKP8q0LPMHuh9U90AlHqhgcaZ7CPu
d/TRWsduWBirht67XzMMldrSdeBioyZuTNaRPjW4JNw62lDO8/ZEVM6Har8h0Kdd
p7qU9VBJ4v3n9jPbvE5pZh0Z26n6HrQu2fJWiDsVdirSX+R9zFG6IZkSjrEhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfW5KPgoO4h/TmvgjtxlIN31+x8UwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAwMDAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3xb
MA0GCSqGSIb3DQEBCwUAA4IBAQAa5gt9bcnBsbCZgtFRFZ9uCYX+fp//H9QH+q38
0WzXtfUtAt+szr6SBWMYtB4bNiy2eeWm1KwutkZyW/53LG8sVPYyj52M2l17s8bC
ZGnfxagpcaHWD1KzJOgl25gZDyNgqKnR2iQusI5w2AKH6BiArKeCgO3Nmt4Era4m
SxMCSpYO/nCxQ6KUmrI+xBpatNuL50PCvD5V1FByaOk2fB4Ibdu/+m8bngX8s28D
Qh02pNdzuJVTpd56ja/gRo5SSsP6jC+tttRHYpEE5kNoh0HVdDdj3Z/PN1ZlCg8K
mQnb5FbXZV81b+uTnV/eVnESmFfMJivMmJpezfF50MV+qy0A
-----END CERTIFICATE-----