Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS996.roa
File:                     AS996.roa (raw, json)
Hash identifier:          9Q/lnuCGtICcabQUoiBW3JowOVcNPkF8uo8mSy6u3Rw=
Subject key identifier:   53:A3:24:1C:67:75:73:45:65:7E:27:B0:CD:AF:4E:CE:D0:68:96:D8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       16AA2FE9DDE74D11E40899C23492FCEB6209019F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS996.roa
Signing time:             Thu 22 Aug 2024 02:39:48 +0000
ROA not before:           Thu 22 Aug 2024 02:34:48 +0000
ROA not after:            Thu 21 Aug 2025 02:39:48 +0000
asID:                     996
IP address blocks:        92.112.55.0/24 maxlen: 24
                          92.113.15.0/24 maxlen: 24
                          92.113.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:aa:2f:e9:dd:e7:4d:11:e4:08:99:c2:34:92:fc:eb:62:09:01:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 22 02:34:48 2024 GMT
            Not After : Aug 21 02:39:48 2025 GMT
        Subject: CN=53A3241C67757345657E27B0CDAF4ECED06896D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:76:4d:65:c6:71:f7:8b:a5:70:75:64:0f:3d:
                    66:46:a9:90:c2:c9:83:35:96:7b:27:2f:d8:f4:2f:
                    88:66:47:79:e3:d2:fd:f2:b7:e4:25:da:48:51:62:
                    4f:dd:15:61:c1:5f:37:c0:4b:57:90:3d:50:96:2d:
                    f2:ee:66:96:79:f4:28:72:80:9f:c4:8c:68:d4:be:
                    b2:6f:17:e2:ee:44:90:e9:91:5a:89:de:0e:0d:bd:
                    35:aa:47:d8:bc:1f:d3:88:4a:69:8b:78:66:a4:84:
                    fa:12:26:e7:41:23:e0:19:71:64:14:9d:4e:37:d2:
                    fb:96:ee:15:5a:27:0c:7c:b6:ea:c5:72:a4:a9:70:
                    d5:74:50:2c:ff:90:70:3f:2b:8d:33:dc:40:db:97:
                    13:2c:a6:dc:33:09:1a:4a:fb:62:22:28:7f:a1:62:
                    dd:cb:c5:43:3e:3b:a3:e6:e3:74:d3:8f:d9:07:19:
                    42:07:6b:36:24:fb:4c:24:0c:c1:04:ba:13:38:4b:
                    a9:0b:3b:20:1a:5a:c3:f3:81:ee:cb:00:5d:a9:92:
                    80:41:49:ca:67:88:28:4b:2a:fe:9e:47:97:b8:d2:
                    6a:ed:85:fb:df:c4:f7:86:cc:7c:8c:b6:35:df:1a:
                    fe:f0:33:d6:be:27:3e:bd:a0:81:a7:b6:c8:7b:b0:
                    0e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A3:24:1C:67:75:73:45:65:7E:27:B0:CD:AF:4E:CE:D0:68:96:D8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.55.0/24
                  92.113.15.0/24
                  92.113.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:50:db:6d:b3:54:1b:33:b9:90:0e:a7:aa:d2:bc:bd:86:59:
         c2:bb:78:1a:38:e5:fd:2d:a4:96:10:ab:e4:46:52:ad:b1:cb:
         0e:65:cb:45:bf:ea:9c:c9:e8:e5:4f:dd:fe:73:25:63:ca:62:
         b0:c8:24:5e:42:aa:98:95:68:90:50:b9:a6:fc:62:10:1b:fd:
         5e:02:98:9b:06:28:07:c3:31:de:63:61:b6:f0:6f:cd:23:be:
         69:17:fd:df:5f:b8:74:37:95:90:6a:af:6a:a4:1c:2f:f7:e9:
         94:b9:e1:be:5b:ef:ba:b4:f2:6b:66:8a:65:34:5d:23:d8:0c:
         0f:39:7d:4e:8d:a3:d9:c8:74:33:df:b3:98:77:a9:4b:47:65:
         4f:2d:19:05:e7:4f:bc:b6:6b:62:5f:43:d2:e9:dc:3f:06:f7:
         9f:d5:28:be:0b:75:38:62:c2:cb:2d:b7:6f:36:a4:41:1b:56:
         90:d5:6a:df:bf:5d:e2:de:19:2c:26:fc:ec:6c:0d:59:b3:d0:
         36:dc:f4:a8:01:07:f7:44:ee:3c:77:cf:0e:9f:f8:4c:24:46:
         05:39:c2:0c:46:ff:42:a2:f2:fc:85:c0:a2:94:d2:8c:eb:80:
         2e:c6:73:c9:3c:04:30:50:a6:0f:98:cc:e3:68:96:51:5c:4c:
         26:0f:2b:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIUFqov6d3nTRHkCJnCNJL862IJAZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNDA4MjIwMjM0NDhaFw0yNTA4MjEwMjM5NDhaMDMxMTAvBgNV
BAMTKDUzQTMyNDFDNjc3NTczNDU2NTdFMjdCMENEQUY0RUNFRDA2ODk2RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEdk1lxnH3i6VwdWQPPWZGqZDC
yYM1lnsnL9j0L4hmR3nj0v3yt+Ql2khRYk/dFWHBXzfAS1eQPVCWLfLuZpZ59Chy
gJ/EjGjUvrJvF+LuRJDpkVqJ3g4NvTWqR9i8H9OISmmLeGakhPoSJudBI+AZcWQU
nU430vuW7hVaJwx8turFcqSpcNV0UCz/kHA/K40z3EDblxMsptwzCRpK+2IiKH+h
Yt3LxUM+O6Pm43TTj9kHGUIHazYk+0wkDMEEuhM4S6kLOyAaWsPzge7LAF2pkoBB
ScpniChLKv6eR5e40mrthfvfxPeGzHyMtjXfGv7wM9a+Jz69oIGntsh7sA4NAgMB
AAGjggITMIICDzAdBgNVHQ4EFgQUU6MkHGd1c0Vlfiewza9OztBoltgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTOTk2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXHA3AwQA
XHEPAwQAXHEoMA0GCSqGSIb3DQEBCwUAA4IBAQCQUNtts1QbM7mQDqeq0ry9hlnC
u3gaOOX9LaSWEKvkRlKtscsOZctFv+qcyejlT93+cyVjymKwyCReQqqYlWiQULmm
/GIQG/1eApibBigHwzHeY2G28G/NI75pF/3fX7h0N5WQaq9qpBwv9+mUueG+W++6
tPJrZoplNF0j2AwPOX1OjaPZyHQz37OYd6lLR2VPLRkF50+8tmtiX0PS6dw/Bvef
1Si+C3U4YsLLLbdvNqRBG1aQ1Wrfv13i3hksJvzsbA1Zs9A23PSoAQf3RO48d88O
n/hMJEYFOcIMRv9CovL8hcCilNKM64AuxnPJPAQwUKYPmMzjaJZRXEwmDytl
-----END CERTIFICATE-----