Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS35179.roa
File:                     AS35179.roa (raw, json)
Hash identifier:          JsdSH0bCfZvmBLLeYmXXcV0as9sqcA7IaNbBdD2m3Q8=
Subject key identifier:   14:3F:18:EB:79:F2:98:AD:BD:0D:27:4C:2D:55:EC:EC:EF:2B:77:D1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0536FDF0D3FD3741FF9D2316FF6654C2E88942EC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS35179.roa
Signing time:             Mon 23 Sep 2024 09:17:40 +0000
ROA not before:           Mon 23 Sep 2024 09:12:40 +0000
ROA not after:            Mon 22 Sep 2025 09:17:40 +0000
asID:                     35179
IP address blocks:        92.112.10.0/24 maxlen: 24
                          92.112.11.0/24 maxlen: 24
                          92.112.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 10:55:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:36:fd:f0:d3:fd:37:41:ff:9d:23:16:ff:66:54:c2:e8:89:42:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 23 09:12:40 2024 GMT
            Not After : Sep 22 09:17:40 2025 GMT
        Subject: CN=143F18EB79F298ADBD0D274C2D55ECECEF2B77D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:90:a0:ac:a9:ca:6a:47:4b:15:aa:b9:13:f9:
                    7c:94:9a:79:a8:13:d0:ad:c2:a2:69:06:a6:42:8a:
                    1f:42:42:95:d4:87:92:6f:a7:12:bb:d4:f2:20:a9:
                    ee:b6:2a:d7:41:bb:31:cd:13:71:e2:17:32:f9:2f:
                    7e:17:19:0e:c3:de:90:91:0a:4a:1a:a9:37:57:5e:
                    f7:81:55:d0:11:f5:65:0f:d0:c6:fb:71:dc:58:84:
                    ca:5c:97:73:27:0b:bd:04:c3:23:8b:18:8c:4d:35:
                    e7:e1:ce:f3:75:33:6f:59:13:88:ea:70:d4:f6:72:
                    ce:7b:af:56:0e:8f:c0:13:a0:31:45:0b:90:25:07:
                    76:1d:cb:a1:22:ab:34:e3:1f:8d:9c:1c:d4:02:6a:
                    34:b7:a5:b1:9c:9a:cd:4e:e5:cb:cb:2c:54:e7:9b:
                    38:1b:dd:30:d4:ef:5c:8f:9f:41:e9:a1:ed:12:b3:
                    fb:2c:d2:5c:d2:7f:49:a4:6f:51:3a:1e:67:a4:d3:
                    7e:00:c9:03:c0:08:4b:45:69:5f:ea:d3:d1:b9:c7:
                    99:41:ae:af:d5:44:c2:99:49:f0:95:35:39:c3:af:
                    42:e8:bf:73:a0:e8:54:d2:19:37:75:ac:44:d3:c3:
                    7d:1e:ac:11:72:f4:6b:0d:91:68:88:b5:3b:0b:6e:
                    c7:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:3F:18:EB:79:F2:98:AD:BD:0D:27:4C:2D:55:EC:EC:EF:2B:77:D1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS35179.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.10.0/23
                  92.112.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:61:57:60:9a:17:d4:7d:b8:a3:3a:e6:0e:b2:aa:bd:cf:ae:
         10:44:9d:af:7d:e7:96:45:7d:24:33:f9:cc:82:23:50:55:44:
         f3:87:36:51:06:1c:6d:23:ae:b5:d3:35:16:d0:73:a6:15:ae:
         62:ff:3c:ee:8b:13:71:8d:e3:09:fd:92:48:fb:61:9e:83:77:
         5d:7f:bb:2c:d0:2e:92:62:18:a9:8f:11:4e:b3:ea:3d:1a:13:
         20:e1:ee:a7:76:8f:71:e0:d1:22:71:6d:3c:d6:04:25:5f:90:
         7f:5a:c7:43:84:6f:68:3f:33:7b:be:88:7c:80:8f:53:c6:20:
         44:a5:02:e3:9e:8b:9f:36:f6:77:bd:0a:47:96:22:01:b1:8c:
         c9:f0:13:4f:c2:ca:4d:21:d6:dd:3e:bc:9c:5b:0e:4f:62:a2:
         ff:f5:1e:5b:b9:7a:da:4d:90:fd:b1:1d:71:d6:cc:99:f9:20:
         3b:b7:b0:a0:3a:8e:97:19:ab:04:62:24:87:86:53:51:27:85:
         1d:78:25:e5:f7:a2:77:05:c2:3f:52:01:dd:91:1f:d5:d4:68:
         f5:6f:c6:df:14:65:27:07:bd:6d:88:73:a4:94:d0:1d:3f:d3:
         7a:02:ee:32:92:83:6a:93:29:37:ba:ff:82:63:b0:c1:c9:0b:
         db:1b:4f:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUBTb98NP9N0H/nSMW/2ZUwuiJQuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA5MjMwOTEyNDBaFw0yNTA5MjIwOTE3NDBaMDMxMTAvBgNV
BAMTKDE0M0YxOEVCNzlGMjk4QURCRDBEMjc0QzJENTVFQ0VDRUYyQjc3RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7kKCsqcpqR0sVqrkT+XyUmnmo
E9CtwqJpBqZCih9CQpXUh5JvpxK71PIgqe62KtdBuzHNE3HiFzL5L34XGQ7D3pCR
CkoaqTdXXveBVdAR9WUP0Mb7cdxYhMpcl3MnC70EwyOLGIxNNefhzvN1M29ZE4jq
cNT2cs57r1YOj8AToDFFC5AlB3Ydy6EiqzTjH42cHNQCajS3pbGcms1O5cvLLFTn
mzgb3TDU71yPn0Hpoe0Ss/ss0lzSf0mkb1E6Hmek034AyQPACEtFaV/q09G5x5lB
rq/VRMKZSfCVNTnDr0Lov3Og6FTSGTd1rETTw30erBFy9GsNkWiItTsLbscpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUFD8Y63nymK29DSdMLVXs7O8rd9EwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzUxNzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAFccAoD
BABccEYwDQYJKoZIhvcNAQELBQADggEBAHJhV2CaF9R9uKM65g6yqr3PrhBEna99
55ZFfSQz+cyCI1BVRPOHNlEGHG0jrrXTNRbQc6YVrmL/PO6LE3GN4wn9kkj7YZ6D
d11/uyzQLpJiGKmPEU6z6j0aEyDh7qd2j3Hg0SJxbTzWBCVfkH9ax0OEb2g/M3u+
iHyAj1PGIESlAuOei5829ne9CkeWIgGxjMnwE0/Cyk0h1t0+vJxbDk9iov/1Hlu5
etpNkP2xHXHWzJn5IDu3sKA6jpcZqwRiJIeGU1EnhR14JeX3oncFwj9SAd2RH9XU
aPVvxt8UZScHvW2Ic6SU0B0/03oC7jKSg2qTKTe6/4JjsMHJC9sbT+4=
-----END CERTIFICATE-----