Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          3em6rvHWkwp5u2GnqlVsqDc348TIbJKte9aeMZu4DRc=
Subject key identifier:   BD:EE:3B:06:C6:2E:02:55:2E:F1:92:4F:CF:F1:C3:F7:BE:C9:FA:B8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0D916B17210DC1624436E1B00C9BB99BF5D2F8B8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa
Signing time:             Mon 02 Dec 2024 16:57:00 +0000
ROA not before:           Mon 02 Dec 2024 16:52:00 +0000
ROA not after:            Mon 01 Dec 2025 16:57:00 +0000
asID:                     51847
IP address blocks:        46.203.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:91:6b:17:21:0d:c1:62:44:36:e1:b0:0c:9b:b9:9b:f5:d2:f8:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Dec  2 16:52:00 2024 GMT
            Not After : Dec  1 16:57:00 2025 GMT
        Subject: CN=BDEE3B06C62E02552EF1924FCFF1C3F7BEC9FAB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c7:c3:9a:15:f4:30:0f:0c:67:32:bf:e2:89:
                    95:60:05:74:49:b0:b8:f8:09:e3:c9:bd:48:34:9c:
                    8d:76:35:15:79:b0:5e:10:1f:51:2c:db:75:05:5c:
                    f7:b2:62:3a:0c:20:de:cc:80:df:e8:72:2b:b1:86:
                    e1:ec:ee:c7:96:b7:3d:72:32:6e:40:2e:0c:77:e0:
                    9f:b5:a1:23:e2:41:b4:c0:c6:f4:db:c0:d3:cf:e4:
                    7a:a5:60:5d:0c:9d:b2:e0:23:bf:56:f6:85:d8:02:
                    7e:6f:e8:68:cf:60:5a:7d:d1:d1:bf:c3:f1:d4:f9:
                    f2:68:52:ef:5f:a0:6a:3b:73:6d:fb:40:28:eb:63:
                    d5:54:0f:40:a2:68:dd:17:32:3d:25:56:56:a8:a2:
                    9f:18:cd:b7:aa:29:5d:46:87:f4:e3:21:51:95:e4:
                    78:d2:f5:90:10:52:a9:d3:57:aa:19:ea:f3:de:b2:
                    ca:93:f8:72:eb:90:64:88:61:ea:68:3a:6e:f3:dd:
                    00:cb:2c:6e:6e:4d:b4:5a:1b:e2:12:27:c5:07:b5:
                    7e:e8:8c:7c:4a:ed:e4:5c:e0:6d:b5:9c:17:f7:ca:
                    38:91:ee:a4:27:53:24:fc:07:a8:12:3d:aa:a6:80:
                    49:0a:a4:2c:7f:92:d2:ca:85:28:b2:46:79:1c:7c:
                    a0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EE:3B:06:C6:2E:02:55:2E:F1:92:4F:CF:F1:C3:F7:BE:C9:FA:B8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:55:d4:d3:7b:d1:1c:51:f1:18:32:4c:ca:58:9a:86:1e:26:
         c7:88:a6:6b:a7:22:ff:37:40:c6:0b:fa:b4:ac:57:0c:a1:b5:
         2b:e4:06:8a:7d:fb:4d:c4:07:db:9d:b9:38:09:88:a3:4b:89:
         e4:38:e5:3e:5a:36:20:f8:a1:fe:d7:20:92:b4:ba:77:6f:b8:
         b6:a1:b2:7e:df:62:e9:b4:89:24:72:1d:e6:bf:b0:e3:13:e3:
         47:f9:de:eb:fc:76:c1:be:2f:7c:f7:81:b3:89:dc:03:3e:3f:
         9e:28:a3:b9:17:e7:f7:ba:75:61:2a:ed:07:36:ed:be:a8:5b:
         ff:5f:45:4c:ac:85:e3:0a:04:08:60:6f:c1:99:4e:c1:f0:4f:
         35:e8:7c:b0:72:c2:1a:2f:bc:04:2b:94:af:bc:38:8d:e7:9c:
         65:cb:d9:f4:83:0d:db:9c:94:ac:23:99:1e:ca:1d:ac:82:50:
         a2:ed:ba:55:c3:b6:2f:09:32:d3:ed:7d:17:57:6c:6b:21:ca:
         2a:ec:ec:fb:cd:f0:32:dd:34:63:f3:80:c7:80:c8:9a:fc:cd:
         d4:b8:40:49:d5:d3:14:84:4f:bd:64:05:0f:af:67:79:51:d8:
         49:d6:e0:af:d1:14:11:cf:e4:56:f2:ad:e8:e2:95:14:e0:5e:
         dd:7f:c9:fc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDZFrFyENwWJENuGwDJu5m/XS+LgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDEyMDIxNjUyMDBaFw0yNTEyMDExNjU3MDBaMDMxMTAvBgNV
BAMTKEJERUUzQjA2QzYyRTAyNTUyRUYxOTI0RkNGRjFDM0Y3QkVDOUZBQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMx8OaFfQwDwxnMr/iiZVgBXRJ
sLj4CePJvUg0nI12NRV5sF4QH1Es23UFXPeyYjoMIN7MgN/ociuxhuHs7seWtz1y
Mm5ALgx34J+1oSPiQbTAxvTbwNPP5HqlYF0MnbLgI79W9oXYAn5v6GjPYFp90dG/
w/HU+fJoUu9foGo7c237QCjrY9VUD0CiaN0XMj0lVlaoop8YzbeqKV1Gh/TjIVGV
5HjS9ZAQUqnTV6oZ6vPessqT+HLrkGSIYepoOm7z3QDLLG5uTbRaG+ISJ8UHtX7o
jHxK7eRc4G21nBf3yjiR7qQnUyT8B6gSPaqmgEkKpCx/ktLKhSiyRnkcfKAlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUve47BsYuAlUu8ZJPz/HD977J+rgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEuy3ww
DQYJKoZIhvcNAQELBQADggEBAJBV1NN70RxR8RgyTMpYmoYeJseIpmunIv83QMYL
+rSsVwyhtSvkBop9+03EB9uduTgJiKNLieQ45T5aNiD4of7XIJK0undvuLahsn7f
Yum0iSRyHea/sOMT40f53uv8dsG+L3z3gbOJ3AM+P54oo7kX5/e6dWEq7Qc27b6o
W/9fRUysheMKBAhgb8GZTsHwTzXofLBywhovvAQrlK+8OI3nnGXL2fSDDduclKwj
mR7KHayCUKLtulXDti8JMtPtfRdXbGshyirs7PvN8DLdNGPzgMeAyJr8zdS4QEnV
0xSET71kBQ+vZ3lR2EnW4K/RFBHP5FbyrejilRTgXt1/yfw=
-----END CERTIFICATE-----