Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa
File:                     AS2856.roa (raw, json)
Hash identifier:          gb1yDXsuPOHClYDh2LOAL1zeg/gTrJ4kqC5BQNMwFjc=
Subject key identifier:   C9:17:D5:36:6B:5C:22:2B:91:27:02:FE:A7:4D:58:8B:93:85:70:5E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0D51A18BAD818C9E66A6E5AE9B8EC7F3990094A5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa
Signing time:             Wed 30 Oct 2024 19:55:08 +0000
ROA not before:           Wed 30 Oct 2024 19:50:08 +0000
ROA not after:            Wed 29 Oct 2025 19:55:08 +0000
asID:                     2856
IP address blocks:        92.112.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:51:a1:8b:ad:81:8c:9e:66:a6:e5:ae:9b:8e:c7:f3:99:00:94:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 30 19:50:08 2024 GMT
            Not After : Oct 29 19:55:08 2025 GMT
        Subject: CN=C917D5366B5C222B912702FEA74D588B9385705E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e0:77:22:d6:73:93:81:7d:1b:30:88:0a:ed:
                    b7:85:88:88:7e:b9:6b:31:c0:86:1e:74:92:a7:60:
                    67:fc:31:4b:a8:3d:8a:e3:8c:af:33:3a:d6:31:15:
                    39:5b:45:65:36:07:88:97:50:a3:09:97:8d:cb:7c:
                    0d:fe:fb:50:6f:6d:c1:21:30:81:61:b9:e1:f8:18:
                    d0:bc:3e:53:1f:32:42:f7:be:91:9f:05:ca:e0:5e:
                    25:ce:8f:49:84:34:f0:36:e7:c2:26:73:b8:dd:18:
                    2a:23:6c:2e:9f:53:7c:8c:de:6c:c2:2b:4f:05:1d:
                    5d:70:e5:6f:d7:99:cc:ed:72:8a:4a:2c:29:b7:6b:
                    2a:b9:73:3a:92:58:e8:4d:22:e8:3d:bb:b7:79:5c:
                    05:56:49:5d:bf:65:ea:f6:f8:a5:65:42:e9:a1:51:
                    6c:c4:49:f6:cb:d2:d0:35:19:31:00:b9:f7:3d:f2:
                    ed:bc:48:5a:b7:9b:21:52:6f:92:b5:5b:f3:90:74:
                    be:26:a7:9f:fe:cd:7d:51:dc:31:a0:b5:9e:e2:37:
                    14:37:cf:37:32:33:6b:eb:dc:4d:08:ee:83:e3:b0:
                    98:ef:6c:f9:b1:c4:e1:1c:45:79:49:1f:12:46:20:
                    1a:47:e7:bf:0e:be:f0:4e:03:1c:11:82:8d:5d:60:
                    2b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:17:D5:36:6B:5C:22:2B:91:27:02:FE:A7:4D:58:8B:93:85:70:5E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:77:06:1b:ff:07:12:f9:b7:7c:c2:aa:fd:44:da:74:37:f5:
         a6:9a:f5:a0:34:7f:c8:74:14:00:6a:99:01:d7:f9:23:4e:56:
         e1:dc:f6:f1:0b:48:61:09:54:2c:61:af:e0:c1:4e:76:cf:af:
         e1:9a:6e:36:fe:7c:69:2e:5b:9b:a2:01:57:36:23:f1:7d:18:
         cc:09:18:a8:ff:43:d0:94:cb:5a:7b:10:d5:29:f7:4a:96:41:
         e3:35:df:1e:a9:fa:84:a1:25:5e:f9:61:af:8f:7b:9c:e6:20:
         85:22:50:da:66:e0:4f:5b:31:3e:cc:e7:69:7a:5a:f3:af:df:
         8d:8e:93:a5:f2:2b:a9:81:fa:a1:5c:56:b7:43:f1:5d:c1:fb:
         dd:0a:11:24:2e:f2:67:01:d4:5e:4e:f9:77:2c:8b:f4:52:1b:
         f3:e5:85:dc:c3:b0:d7:84:89:aa:a6:7d:50:f0:1a:45:af:96:
         0f:29:41:8e:cb:8f:a1:15:43:f5:90:63:12:ff:ab:c9:e0:15:
         97:2e:52:c4:f5:9b:ac:22:05:ec:44:74:5c:09:72:70:f3:2c:
         6d:99:ab:a0:2c:0d:ec:13:58:5b:75:2c:aa:9a:16:26:b5:c0:
         24:c6:32:cf:1f:43:3b:fc:ca:0f:ec:22:c7:cf:9e:7f:56:80:
         0e:a0:3c:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUDVGhi62BjJ5mpuWum47H85kAlKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDEwMzAxOTUwMDhaFw0yNTEwMjkxOTU1MDhaMDMxMTAvBgNV
BAMTKEM5MTdENTM2NkI1QzIyMkI5MTI3MDJGRUE3NEQ1ODhCOTM4NTcwNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK4Hci1nOTgX0bMIgK7beFiIh+
uWsxwIYedJKnYGf8MUuoPYrjjK8zOtYxFTlbRWU2B4iXUKMJl43LfA3++1BvbcEh
MIFhueH4GNC8PlMfMkL3vpGfBcrgXiXOj0mENPA258Imc7jdGCojbC6fU3yM3mzC
K08FHV1w5W/XmcztcopKLCm3ayq5czqSWOhNIug9u7d5XAVWSV2/Zer2+KVlQumh
UWzESfbL0tA1GTEAufc98u28SFq3myFSb5K1W/OQdL4mp5/+zX1R3DGgtZ7iNxQ3
zzcyM2vr3E0I7oPjsJjvbPmxxOEcRXlJHxJGIBpH578OvvBOAxwRgo1dYCtfAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUyRfVNmtcIiuRJwL+p01Yi5OFcF4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjg1Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFxwpDAN
BgkqhkiG9w0BAQsFAAOCAQEAB3cGG/8HEvm3fMKq/UTadDf1ppr1oDR/yHQUAGqZ
Adf5I05W4dz28QtIYQlULGGv4MFOds+v4ZpuNv58aS5bm6IBVzYj8X0YzAkYqP9D
0JTLWnsQ1Sn3SpZB4zXfHqn6hKElXvlhr497nOYghSJQ2mbgT1sxPsznaXpa86/f
jY6TpfIrqYH6oVxWt0PxXcH73QoRJC7yZwHUXk75dyyL9FIb8+WF3MOw14SJqqZ9
UPAaRa+WDylBjsuPoRVD9ZBjEv+ryeAVly5SxPWbrCIF7ER0XAlycPMsbZmroCwN
7BNYW3UsqpoWJrXAJMYyzx9DO/zKD+wix8+ef1aADqA8TQ==
-----END CERTIFICATE-----