Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa
File:                     AS53616.roa (raw, json)
Hash identifier:          U5Mw/3EyHwHlniB5CJle6pfPYy83vZOeu5JTyrmzZvg=
Subject key identifier:   C6:DC:4D:13:4F:59:78:C1:D5:45:A7:F5:91:07:E0:A8:04:11:1A:05
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1629E68578B77BAE2DCA23380E67A8BE7696F1A1
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa
Signing time:             Tue 11 Feb 2025 22:53:55 +0000
ROA not before:           Tue 11 Feb 2025 22:48:55 +0000
ROA not after:            Tue 10 Feb 2026 22:53:55 +0000
asID:                     53616
IP address blocks:        91.124.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:24:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:29:e6:85:78:b7:7b:ae:2d:ca:23:38:0e:67:a8:be:76:96:f1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Feb 11 22:48:55 2025 GMT
            Not After : Feb 10 22:53:55 2026 GMT
        Subject: CN=C6DC4D134F5978C1D545A7F59107E0A804111A05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:aa:22:93:c5:d0:90:17:46:ae:e8:47:c9:96:
                    64:04:13:ad:f3:30:46:7d:5f:bd:d8:44:9d:4d:4e:
                    f5:73:8b:32:ec:cf:a4:b3:9d:0f:0f:87:05:67:02:
                    f2:2a:c9:87:f0:d7:39:0e:3e:12:e3:16:15:f1:64:
                    2f:a4:3a:4f:9e:b6:6d:71:c7:6d:e6:3c:f1:78:dd:
                    52:9e:fc:86:b2:58:2a:ed:0d:05:74:9b:ca:27:c4:
                    86:46:d5:5e:2e:b2:04:09:f6:8c:13:ed:af:74:ce:
                    d6:4c:45:7a:64:89:9e:f5:43:6b:f3:b1:86:09:90:
                    fb:68:44:d4:11:56:ff:31:5f:0b:e1:b4:b1:ad:a4:
                    d0:4f:75:91:fe:9a:28:c8:24:da:7d:4b:71:62:3d:
                    9b:03:14:cc:b7:9e:60:99:ae:61:a8:5e:aa:b3:95:
                    c6:b6:ea:7f:4a:ae:07:c1:18:5e:39:91:a6:17:30:
                    76:a7:2a:50:69:36:57:e5:0e:f4:ce:8f:96:b5:fc:
                    88:0a:84:1c:2a:3e:a4:76:3b:63:51:b3:e4:6a:c2:
                    8b:aa:26:88:29:0f:22:12:dd:be:d3:62:db:75:b6:
                    11:aa:0b:ab:9c:ee:af:74:0b:24:22:8b:59:60:47:
                    fc:72:3a:15:40:8d:2c:02:c5:5f:85:33:ea:4e:b0:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DC:4D:13:4F:59:78:C1:D5:45:A7:F5:91:07:E0:A8:04:11:1A:05
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS53616.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:b7:f4:aa:f7:8e:36:92:19:35:d7:16:c3:66:1d:ac:60:27:
         cf:55:32:e4:ab:bc:2d:07:43:26:0c:11:e5:5c:f1:37:6e:04:
         b2:2c:83:c9:b7:11:30:37:2f:b1:78:d6:36:64:27:a4:19:63:
         11:13:c7:9a:3b:de:8e:83:c3:b5:1a:1c:3b:45:f9:6e:4e:a6:
         2f:75:e5:6d:01:37:af:d5:cc:3b:ca:88:0f:77:d4:5b:e2:80:
         34:a1:75:ce:0f:45:66:e0:45:f8:f3:8a:da:00:6a:7d:87:27:
         63:09:6a:64:92:0c:82:08:de:b7:ed:5c:6f:6c:ef:fd:06:84:
         a6:14:36:25:82:4b:7b:0b:78:ba:e4:4a:05:14:b2:7e:f1:23:
         10:ff:9a:bb:92:75:8d:02:a3:7d:61:03:a1:ca:78:41:99:64:
         7c:f1:7d:e1:a2:b3:0f:b3:ef:54:ab:ea:a8:83:a1:4a:c2:25:
         b7:63:fd:57:56:83:81:d4:2f:96:10:3f:b9:76:03:29:4f:74:
         1a:f4:e5:52:ef:35:81:16:80:68:66:df:b5:5c:b4:7d:56:0a:
         10:52:bc:18:92:15:07:fd:01:19:57:bd:c5:42:f8:d6:46:0a:
         08:d2:0f:ea:c8:1d:46:78:5f:ec:d2:a7:7a:07:fb:af:e7:47:
         67:1e:18:f8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFinmhXi3e64tyiM4DmeovnaW8aEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAyMTEyMjQ4NTVaFw0yNjAyMTAyMjUzNTVaMDMxMTAvBgNV
BAMTKEM2REM0RDEzNEY1OTc4QzFENTQ1QTdGNTkxMDdFMEE4MDQxMTFBMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2qiKTxdCQF0au6EfJlmQEE63z
MEZ9X73YRJ1NTvVzizLsz6SznQ8PhwVnAvIqyYfw1zkOPhLjFhXxZC+kOk+etm1x
x23mPPF43VKe/IayWCrtDQV0m8onxIZG1V4usgQJ9owT7a90ztZMRXpkiZ71Q2vz
sYYJkPtoRNQRVv8xXwvhtLGtpNBPdZH+mijIJNp9S3FiPZsDFMy3nmCZrmGoXqqz
lca26n9KrgfBGF45kaYXMHanKlBpNlflDvTOj5a1/IgKhBwqPqR2O2NRs+Rqwouq
JogpDyIS3b7TYtt1thGqC6uc7q90CyQii1lgR/xyOhVAjSwCxV+FM+pOsAlHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxtxNE09ZeMHVRaf1kQfgqAQRGgUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTM2MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbfB4w
DQYJKoZIhvcNAQELBQADggEBAFu39Kr3jjaSGTXXFsNmHaxgJ89VMuSrvC0HQyYM
EeVc8TduBLIsg8m3ETA3L7F41jZkJ6QZYxETx5o73o6Dw7UaHDtF+W5Opi915W0B
N6/VzDvKiA931FvigDShdc4PRWbgRfjzitoAan2HJ2MJamSSDIII3rftXG9s7/0G
hKYUNiWCS3sLeLrkSgUUsn7xIxD/mruSdY0Co31hA6HKeEGZZHzxfeGisw+z71Sr
6qiDoUrCJbdj/VdWg4HUL5YQP7l2AylPdBr05VLvNYEWgGhm37VctH1WChBSvBiS
FQf9ARlXvcVC+NZGCgjSD+rIHUZ4X+zSp3oH+6/nR2ceGPg=
-----END CERTIFICATE-----