Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa
File:                     AS53616.roa (raw, json)
Hash identifier:          ke9Cm1lMId27aNxO4HyR15KCsZFD5kogunV6wefLPOw=
Subject key identifier:   A7:6D:F2:B6:AA:EB:95:84:B0:F9:82:70:CE:BF:A9:46:EE:99:1E:37
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       42A31B7B2A3393954D0BEC9782A8883AED9098D5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa
Signing time:             Tue 12 Mar 2024 22:07:18 +0000
ROA not before:           Tue 12 Mar 2024 22:02:18 +0000
ROA not after:            Tue 11 Mar 2025 22:07:18 +0000
asID:                     53616
IP address blocks:        91.124.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:a3:1b:7b:2a:33:93:95:4d:0b:ec:97:82:a8:88:3a:ed:90:98:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 12 22:02:18 2024 GMT
            Not After : Mar 11 22:07:18 2025 GMT
        Subject: CN=A76DF2B6AAEB9584B0F98270CEBFA946EE991E37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:94:c2:96:5c:0b:7d:3b:ff:3f:14:fb:07:35:
                    50:3f:72:a5:d3:ce:a0:e2:ba:a0:38:47:bd:76:d6:
                    2d:ce:94:73:4d:f6:0d:82:76:5e:4a:9a:70:51:06:
                    a4:e3:be:cd:82:cc:fa:61:62:5f:6a:eb:89:7b:16:
                    bf:cb:eb:b7:83:b0:65:08:19:10:f8:ce:dc:da:dc:
                    4b:ea:ba:f2:4f:24:f1:6c:5b:e9:6e:7b:c6:70:33:
                    9d:37:73:44:35:98:7b:f7:4c:21:51:34:1a:89:dc:
                    36:dd:d8:c4:1b:c8:9e:ba:7c:a9:13:1f:4e:5a:cf:
                    fa:54:d6:38:74:09:dd:a8:f9:a1:99:27:c6:04:68:
                    31:26:40:8b:36:24:f7:bd:6b:91:86:e7:f4:62:02:
                    5d:88:7d:cc:b9:18:88:38:fd:e9:a0:cc:b0:03:4d:
                    d7:b3:3f:44:1c:3f:70:cb:21:99:3d:78:6d:78:eb:
                    06:8f:c9:bf:88:cb:60:28:e0:0c:e1:e4:f2:ab:e2:
                    57:58:3f:a0:ef:d4:f4:2c:0d:06:a6:5a:99:c3:de:
                    0b:88:72:46:df:96:88:a9:f8:57:d5:2c:e1:b3:0c:
                    47:22:46:dc:57:b0:9b:bc:2b:8e:bc:e2:5c:ca:b5:
                    55:d2:18:27:dc:bf:ab:52:e1:ce:ec:e3:51:f2:c9:
                    42:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6D:F2:B6:AA:EB:95:84:B0:F9:82:70:CE:BF:A9:46:EE:99:1E:37
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:7d:05:be:68:c2:65:72:02:93:53:6b:67:69:eb:95:af:fe:
         b4:e9:bf:f0:15:35:51:f8:71:2d:71:78:f9:6d:27:e6:08:f9:
         61:6f:04:6d:a5:65:c1:09:b6:cd:d3:bb:6b:9e:76:c1:2b:12:
         2d:2f:71:b8:e2:68:0f:2e:a8:1a:73:e3:f2:da:7b:bc:96:f8:
         93:a2:b6:95:89:97:33:a2:eb:a7:6b:2b:e9:a8:05:a3:90:8b:
         33:b6:ed:27:0e:eb:ae:3d:3e:87:52:41:42:28:56:f9:75:12:
         4b:73:a1:69:ea:b2:90:0d:c8:46:ce:76:d8:96:2a:83:df:3a:
         4e:45:d9:18:2f:b5:15:d0:b7:0f:a1:dc:50:db:00:6d:4c:f7:
         94:dd:3d:70:45:a9:45:04:a2:04:4d:a7:26:ac:b8:dd:8d:ae:
         86:d3:03:64:d5:2a:3d:b0:fe:b2:da:9c:61:8f:1a:eb:eb:27:
         04:b4:2d:f7:08:28:c3:40:cd:ae:ae:3e:f1:45:ab:1d:d1:3f:
         a6:95:f9:d3:88:4e:37:33:65:a1:aa:cc:7c:00:7c:90:e0:f4:
         8c:3b:fb:70:e1:74:14:a4:1f:a3:ca:5f:a9:dd:ed:a5:45:25:
         4c:bc:99:18:71:bc:5a:8e:dc:ca:7f:53:7c:64:60:43:17:31:
         33:fb:b7:d8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUQqMbeyozk5VNC+yXgqiIOu2QmNUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDAzMTIyMjAyMThaFw0yNTAzMTEyMjA3MThaMDMxMTAvBgNV
BAMTKEE3NkRGMkI2QUFFQjk1ODRCMEY5ODI3MENFQkZBOTQ2RUU5OTFFMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmlMKWXAt9O/8/FPsHNVA/cqXT
zqDiuqA4R7121i3OlHNN9g2Cdl5KmnBRBqTjvs2CzPphYl9q64l7Fr/L67eDsGUI
GRD4ztza3EvquvJPJPFsW+lue8ZwM503c0Q1mHv3TCFRNBqJ3Dbd2MQbyJ66fKkT
H05az/pU1jh0Cd2o+aGZJ8YEaDEmQIs2JPe9a5GG5/RiAl2Ifcy5GIg4/emgzLAD
TdezP0QcP3DLIZk9eG146waPyb+Iy2Ao4Azh5PKr4ldYP6Dv1PQsDQamWpnD3guI
ckbfloip+FfVLOGzDEciRtxXsJu8K4684lzKtVXSGCfcv6tS4c7s41HyyUJRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUp23ytqrrlYSw+YJwzr+pRu6ZHjcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTM2MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfB4w
DQYJKoZIhvcNAQELBQADggEBAIJ9Bb5owmVyApNTa2dp65Wv/rTpv/AVNVH4cS1x
ePltJ+YI+WFvBG2lZcEJts3Tu2uedsErEi0vcbjiaA8uqBpz4/Lae7yW+JOitpWJ
lzOi66drK+moBaOQizO27ScO6649PodSQUIoVvl1EktzoWnqspANyEbOdtiWKoPf
Ok5F2RgvtRXQtw+h3FDbAG1M95TdPXBFqUUEogRNpyasuN2NrobTA2TVKj2w/rLa
nGGPGuvrJwS0LfcIKMNAza6uPvFFqx3RP6aV+dOITjczZaGqzHwAfJDg9Iw7+3Dh
dBSkH6PKX6nd7aVFJUy8mRhxvFqO3Mp/U3xkYEMXMTP7t9g=
-----END CERTIFICATE-----