Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS329007.roa
File:                     AS329007.roa (raw, json)
Hash identifier:          CbL9j1XTGWljHM91nV1JsRx9pgkXWSHXt+b8Hcc4UqE=
Subject key identifier:   57:D7:97:7D:D5:8E:60:3A:40:39:19:EB:49:6B:F4:D4:95:06:39:1C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       70420BBD54492FD22D0E6310F1AAC564904AFE60
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS329007.roa
Signing time:             Mon 30 Jun 2025 15:32:20 +0000
ROA not before:           Mon 30 Jun 2025 15:27:20 +0000
ROA not after:            Mon 29 Jun 2026 15:32:20 +0000
asID:                     329007
IP address blocks:        91.124.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:10:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:42:0b:bd:54:49:2f:d2:2d:0e:63:10:f1:aa:c5:64:90:4a:fe:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 30 15:27:20 2025 GMT
            Not After : Jun 29 15:32:20 2026 GMT
        Subject: CN=57D7977DD58E603A403919EB496BF4D49506391C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a5:36:87:a5:00:d1:bc:4d:d8:36:3f:a6:7f:
                    0b:90:97:cb:aa:4b:58:3b:95:01:9e:3b:bb:56:2d:
                    97:bf:ce:e0:6f:9c:55:b8:3e:18:85:2e:33:83:8e:
                    56:68:f0:f9:22:ab:36:6d:76:c5:98:b3:9e:63:a1:
                    61:82:1d:fd:59:de:de:1b:51:4e:fb:9e:af:ca:6e:
                    da:1d:b2:fc:ad:79:19:d6:01:04:c7:9c:08:77:7d:
                    a9:32:65:ff:50:71:dc:2a:15:13:a1:de:5f:9a:04:
                    19:9e:24:66:9c:cf:15:a8:7c:2d:fe:e6:bd:a2:4c:
                    cf:85:2b:6a:5f:d7:73:cb:57:19:bf:ad:e7:9c:33:
                    42:9f:ed:79:40:23:6a:c0:40:0b:2e:1d:c4:4a:99:
                    36:63:0b:3b:51:8f:46:24:a0:3f:3c:81:4c:d5:29:
                    68:a4:b2:0f:27:e9:05:03:84:04:b1:11:04:48:e5:
                    1f:0f:8e:fa:20:a6:1a:bf:29:4b:f0:77:be:db:5b:
                    02:4d:1e:0b:58:7d:8f:0c:72:f3:a4:68:ee:c6:e3:
                    4b:52:00:e7:59:c8:03:b4:25:1b:6b:71:fc:2e:e2:
                    72:96:f1:d3:0b:fc:7f:43:5b:0a:05:93:4f:80:d3:
                    35:ac:11:bb:55:fc:9a:b0:25:5d:0f:bf:48:bb:31:
                    19:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D7:97:7D:D5:8E:60:3A:40:39:19:EB:49:6B:F4:D4:95:06:39:1C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS329007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:83:8c:26:85:2c:21:8c:26:be:e1:65:cd:72:ba:be:db:b6:
         3c:b5:63:e0:61:73:6f:f0:47:6f:68:4c:93:36:60:09:20:63:
         fa:da:77:2d:61:0a:07:8f:b2:9d:75:1c:04:44:2b:77:a8:7b:
         0e:8b:59:fd:86:5c:68:01:95:a5:44:62:31:83:3d:f4:0b:59:
         3f:80:4b:17:66:32:61:3e:58:37:ba:ad:85:93:88:d8:f1:c1:
         12:aa:3c:5c:27:3d:f0:9e:62:35:41:f6:42:0a:04:90:58:7a:
         8a:4d:74:7b:89:56:dc:16:e1:c6:81:d6:bd:e6:8c:c1:0f:aa:
         ff:43:a1:8a:e4:5f:cb:1a:a8:31:2d:d2:90:4e:de:31:e2:30:
         3d:4e:4d:2f:c4:bf:2d:6c:eb:a9:c0:41:0c:59:26:62:33:f2:
         20:66:ff:86:c9:f5:c1:38:b2:f7:2b:01:58:4a:b9:2a:df:85:
         9b:eb:63:50:b2:b5:14:16:1f:2e:24:3a:74:1c:3f:1e:b7:ac:
         2a:3e:86:88:46:78:f7:a0:fa:a7:5b:3d:7f:b6:6c:77:a4:33:
         da:d6:31:5a:e5:c5:d3:9f:23:e5:67:72:d1:d7:65:37:dd:f0:
         e1:40:66:13:9f:24:ab:08:7b:f4:e9:c7:e8:86:6d:4e:86:a1:
         3e:5d:da:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcEILvVRJL9ItDmMQ8arFZJBK/mAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MzAxNTI3MjBaFw0yNjA2MjkxNTMyMjBaMDMxMTAvBgNV
BAMTKDU3RDc5NzdERDU4RTYwM0E0MDM5MTlFQjQ5NkJGNEQ0OTUwNjM5MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNpTaHpQDRvE3YNj+mfwuQl8uq
S1g7lQGeO7tWLZe/zuBvnFW4PhiFLjODjlZo8PkiqzZtdsWYs55joWGCHf1Z3t4b
UU77nq/KbtodsvyteRnWAQTHnAh3fakyZf9QcdwqFROh3l+aBBmeJGaczxWofC3+
5r2iTM+FK2pf13PLVxm/reecM0Kf7XlAI2rAQAsuHcRKmTZjCztRj0YkoD88gUzV
KWiksg8n6QUDhASxEQRI5R8Pjvogphq/KUvwd77bWwJNHgtYfY8McvOkaO7G40tS
AOdZyAO0JRtrcfwu4nKW8dML/H9DWwoFk0+A0zWsEbtV/JqwJV0Pv0i7MRmtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUV9eXfdWOYDpAORnrSWv01JUGORwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzI5MDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3x2
MA0GCSqGSIb3DQEBCwUAA4IBAQCKg4wmhSwhjCa+4WXNcrq+27Y8tWPgYXNv8Edv
aEyTNmAJIGP62nctYQoHj7KddRwERCt3qHsOi1n9hlxoAZWlRGIxgz30C1k/gEsX
ZjJhPlg3uq2Fk4jY8cESqjxcJz3wnmI1QfZCCgSQWHqKTXR7iVbcFuHGgda95ozB
D6r/Q6GK5F/LGqgxLdKQTt4x4jA9Tk0vxL8tbOupwEEMWSZiM/IgZv+GyfXBOLL3
KwFYSrkq34Wb62NQsrUUFh8uJDp0HD8et6wqPoaIRnj3oPqnWz1/tmx3pDPa1jFa
5cXTnyPlZ3LR12U33fDhQGYTnySrCHv06cfohm1OhqE+Xdr/
-----END CERTIFICATE-----