Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS3257.roa
File:                     AS3257.roa (raw, json)
Hash identifier:          1TRK/OP5L+qjEVqem+va3vlFF3K+i0PwXx8ObZwq2rU=
Subject key identifier:   54:1C:5A:EC:26:0E:FE:0E:DA:DE:8D:7E:AB:37:B6:4F:68:48:1A:C8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6D8B7604A5B582D3A5CC5F092A4055FA89C89092
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS3257.roa
Signing time:             Tue 05 Nov 2024 12:05:41 +0000
ROA not before:           Tue 05 Nov 2024 12:00:41 +0000
ROA not after:            Tue 04 Nov 2025 12:05:41 +0000
asID:                     3257
IP address blocks:        46.202.54.0/24 maxlen: 24
                          46.202.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:8b:76:04:a5:b5:82:d3:a5:cc:5f:09:2a:40:55:fa:89:c8:90:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Nov  5 12:00:41 2024 GMT
            Not After : Nov  4 12:05:41 2025 GMT
        Subject: CN=541C5AEC260EFE0EDADE8D7EAB37B64F68481AC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ed:b4:48:88:d6:41:cf:df:30:62:c3:1b:ab:
                    f0:68:ee:df:61:3f:2c:ff:1c:be:7e:25:16:39:ce:
                    14:e5:3b:8c:51:d9:22:d4:d6:78:e4:dc:52:29:99:
                    a9:c3:69:b0:a8:7a:86:bd:64:86:cc:03:47:2b:a9:
                    37:d6:38:36:2f:9f:ab:b2:e1:2b:5f:43:97:4d:d9:
                    34:f2:67:5c:d1:c3:bd:9f:05:f4:5f:25:e2:7e:6e:
                    b2:4e:a1:78:83:1d:9e:22:41:f1:e0:30:f0:58:4d:
                    ba:e8:7f:d4:ee:a0:e0:62:6d:8a:f0:45:82:76:4e:
                    cd:cb:65:9d:3c:64:0b:aa:fe:fc:88:dc:af:e7:87:
                    6b:dd:52:83:55:c1:f0:91:ec:42:79:7d:22:bc:92:
                    62:b2:20:cf:39:20:1e:87:55:1e:47:1d:66:4b:17:
                    77:10:44:2a:5a:f6:2d:3a:ce:80:b0:41:47:ac:a3:
                    20:03:4e:93:db:2b:54:79:aa:0c:fc:71:aa:c6:fe:
                    67:ce:10:31:6c:43:bd:41:34:9f:fa:59:2b:67:5b:
                    03:d4:95:ce:62:7d:33:16:44:6f:63:95:96:85:c4:
                    1e:a3:8b:8c:b3:b7:15:6b:fa:70:3b:80:5c:88:fe:
                    8f:9a:e2:9a:1c:78:26:d7:c0:0a:9b:5b:21:65:ff:
                    16:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:1C:5A:EC:26:0E:FE:0E:DA:DE:8D:7E:AB:37:B6:4F:68:48:1A:C8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS3257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.54.0/24
                  46.202.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1d:38:d6:f4:0f:5b:d4:f2:1e:3b:96:a3:8c:86:6c:dd:be:
         f6:30:38:ec:ac:dd:9f:3c:53:57:83:2a:73:ca:46:6f:d3:42:
         fb:ad:3a:d3:a6:dd:9d:67:87:6c:5f:1d:67:5d:cc:69:34:0d:
         e9:fa:7d:d8:40:4c:97:5d:11:76:31:c8:66:0f:1f:57:e5:b2:
         c9:78:16:3c:26:37:f3:99:5b:51:ac:60:f2:8e:e1:df:20:e9:
         92:b1:a7:d8:70:06:b5:89:2e:24:cb:00:e6:be:07:b9:22:66:
         6e:a3:2c:4d:f5:0b:29:62:ab:01:d2:94:12:91:99:6f:98:47:
         d9:91:d3:60:de:22:95:08:3d:e1:54:63:ce:07:11:79:da:44:
         91:c3:7d:f2:cc:09:f7:ad:43:57:6f:d7:7c:f0:ac:e9:ea:05:
         80:9e:78:99:21:21:ac:c9:32:30:19:93:ab:03:9e:ab:1c:89:
         7d:9b:4c:e9:ce:40:a7:9e:ea:9e:7f:0d:ff:3b:bc:a1:20:23:
         2f:0d:2c:d0:95:1e:6d:65:40:a3:13:6c:a8:e1:99:0c:13:b1:
         5d:d1:fc:4f:4b:18:17:a7:ec:73:3f:de:1d:26:ae:48:bd:2c:
         61:9c:03:4d:94:8b:1d:bc:73:ac:6b:be:73:12:e4:94:26:47:
         22:4e:92:00
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUbYt2BKW1gtOlzF8JKkBV+onIkJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDExMDUxMjAwNDFaFw0yNTExMDQxMjA1NDFaMDMxMTAvBgNV
BAMTKDU0MUM1QUVDMjYwRUZFMEVEQURFOEQ3RUFCMzdCNjRGNjg0ODFBQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD7bRIiNZBz98wYsMbq/Bo7t9h
Pyz/HL5+JRY5zhTlO4xR2SLU1njk3FIpmanDabCoeoa9ZIbMA0crqTfWODYvn6uy
4StfQ5dN2TTyZ1zRw72fBfRfJeJ+brJOoXiDHZ4iQfHgMPBYTbrof9TuoOBibYrw
RYJ2Ts3LZZ08ZAuq/vyI3K/nh2vdUoNVwfCR7EJ5fSK8kmKyIM85IB6HVR5HHWZL
F3cQRCpa9i06zoCwQUesoyADTpPbK1R5qgz8carG/mfOEDFsQ71BNJ/6WStnWwPU
lc5ifTMWRG9jlZaFxB6ji4yztxVr+nA7gFyI/o+a4poceCbXwAqbWyFl/xb1AgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUVBxa7CYO/g7a3o1+qze2T2hIGsgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzI1Ny5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC7KNgME
AC7KODANBgkqhkiG9w0BAQsFAAOCAQEAkR041vQPW9TyHjuWo4yGbN2+9jA47Kzd
nzxTV4Mqc8pGb9NC+60606bdnWeHbF8dZ13MaTQN6fp92EBMl10RdjHIZg8fV+Wy
yXgWPCY385lbUaxg8o7h3yDpkrGn2HAGtYkuJMsA5r4HuSJmbqMsTfULKWKrAdKU
EpGZb5hH2ZHTYN4ilQg94VRjzgcRedpEkcN98swJ961DV2/XfPCs6eoFgJ54mSEh
rMkyMBmTqwOeqxyJfZtM6c5Ap57qnn8N/zu8oSAjLw0s0JUebWVAoxNsqOGZDBOx
XdH8T0sYF6fscz/eHSauSL0sYZwDTZSLHbxzrGu+cxLklCZHIk6SAA==
-----END CERTIFICATE-----