Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa
File:                     AS5511.roa (raw, json)
Hash identifier:          l17kzfhJ7e3IHSobTRrTkxeduDJZ6UcL6EUiSzGBgoY=
Subject key identifier:   FE:FD:31:33:8A:78:6C:4F:DA:12:85:BD:70:30:A1:B7:88:91:1A:F1
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       79DE7CDB280D788856013B48FFDCDA3468061E7C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa
Signing time:             Fri 04 Jul 2025 16:54:13 +0000
ROA not before:           Fri 04 Jul 2025 16:49:13 +0000
ROA not after:            Fri 03 Jul 2026 16:54:13 +0000
asID:                     5511
IP address blocks:        45.154.104.0/24 maxlen: 24
                          193.29.97.0/24 maxlen: 24
                          193.151.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:de:7c:db:28:0d:78:88:56:01:3b:48:ff:dc:da:34:68:06:1e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul  4 16:49:13 2025 GMT
            Not After : Jul  3 16:54:13 2026 GMT
        Subject: CN=FEFD31338A786C4FDA1285BD7030A1B788911AF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:78:34:5c:85:8e:1c:3c:9c:a8:ef:27:85:31:
                    3b:fd:d7:22:d7:7f:e7:f7:3d:80:28:2d:b0:f1:13:
                    32:75:f5:0c:a2:56:3c:6a:01:f6:ed:d2:ba:71:5a:
                    e4:97:f4:5b:a7:bf:18:8c:97:41:f5:80:08:8a:4e:
                    c2:9f:b6:c7:1e:0f:f0:71:30:e7:9c:99:25:30:17:
                    bc:31:e8:26:59:6a:ad:69:2d:17:40:36:cf:24:7c:
                    52:6e:42:a8:7d:36:ec:46:71:52:9b:6b:9d:e6:48:
                    d5:81:bb:fe:a2:40:07:2c:23:55:4f:65:92:d4:cd:
                    3c:dd:dd:39:ca:87:96:da:86:aa:aa:f1:5c:40:55:
                    55:55:c7:75:8c:5a:ef:1d:b4:12:07:36:63:a2:9f:
                    40:23:fb:5c:a6:3a:2c:e8:70:03:19:e6:42:7a:77:
                    6e:21:91:b7:2f:7a:3a:9a:cc:09:ff:46:28:5e:cc:
                    f6:02:f1:d4:b3:c6:2c:f2:2e:ed:a3:f1:99:16:97:
                    f8:9c:52:ab:c7:8a:f2:93:d6:0a:8c:41:6c:3f:95:
                    0a:b6:b3:35:48:b9:0d:82:06:e2:48:08:93:4f:ae:
                    9e:dc:a3:d5:28:30:dd:a0:c0:04:1a:fc:aa:2c:e0:
                    ee:9d:fd:ad:b2:d7:34:10:02:d9:55:52:4b:56:a1:
                    28:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:FD:31:33:8A:78:6C:4F:DA:12:85:BD:70:30:A1:B7:88:91:1A:F1
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS5511.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.104.0/24
                  193.29.97.0/24
                  193.151.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:a4:b4:e8:7a:1c:1c:d0:51:90:40:ef:8a:98:a8:d6:17:7d:
         76:d5:23:d2:5f:e1:24:8e:d6:89:55:67:bc:7f:f8:48:df:82:
         cd:13:fa:e7:05:2e:9f:80:40:c8:90:bd:76:59:f7:6d:ba:28:
         90:bb:52:a4:39:17:e9:13:45:5f:31:de:d7:c6:4e:dc:a6:44:
         07:c8:24:39:e3:77:b1:52:ae:2a:71:46:30:70:ab:72:f2:6e:
         84:fc:f3:ce:eb:b9:48:64:ea:00:ad:a7:7b:de:40:89:61:ea:
         98:0f:4c:18:ea:5e:0f:c7:c5:d8:c0:d4:98:1b:d8:95:de:c6:
         aa:de:64:05:2b:d8:b6:de:97:18:5e:92:4b:32:23:79:df:95:
         f6:6b:8a:3f:8d:50:f0:be:ca:5a:31:1d:c0:59:e4:b0:4a:da:
         97:93:4b:eb:dc:bf:cb:ed:64:7a:3c:1a:d3:42:9f:37:d3:b0:
         a6:7e:d9:4b:a2:ca:f7:fe:99:fd:e2:2c:85:6b:4e:4b:99:7e:
         3b:93:7a:e5:3d:dd:ab:f6:1b:91:77:ea:3c:17:ab:6a:00:f1:
         52:ac:ab:d2:f7:36:64:ce:df:e2:52:cb:0a:5e:a3:7f:7c:f9:
         8a:ac:45:ce:09:06:eb:f9:14:8e:c2:16:ef:1e:fe:67:3e:eb:
         89:20:b5:a1
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUed582ygNeIhWATtI/9zaNGgGHnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MDQxNjQ5MTNaFw0yNjA3MDMxNjU0MTNaMDMxMTAvBgNV
BAMTKEZFRkQzMTMzOEE3ODZDNEZEQTEyODVCRDcwMzBBMUI3ODg5MTFBRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfeDRchY4cPJyo7yeFMTv91yLX
f+f3PYAoLbDxEzJ19QyiVjxqAfbt0rpxWuSX9FunvxiMl0H1gAiKTsKftsceD/Bx
MOecmSUwF7wx6CZZaq1pLRdANs8kfFJuQqh9NuxGcVKba53mSNWBu/6iQAcsI1VP
ZZLUzTzd3TnKh5bahqqq8VxAVVVVx3WMWu8dtBIHNmOin0Aj+1ymOizocAMZ5kJ6
d24hkbcvejqazAn/RihezPYC8dSzxizyLu2j8ZkWl/icUqvHivKT1gqMQWw/lQq2
szVIuQ2CBuJICJNPrp7co9UoMN2gwAQa/Kos4O6d/a2y1zQQAtlVUktWoShzAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQU/v0xM4p4bE/aEoW9cDCht4iRGvEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTUxMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC2aaAME
AMEdYQMEAMGXtzANBgkqhkiG9w0BAQsFAAOCAQEAb6S06HocHNBRkEDvipio1hd9
dtUj0l/hJI7WiVVnvH/4SN+CzRP65wUun4BAyJC9dln3bbookLtSpDkX6RNFXzHe
18ZO3KZEB8gkOeN3sVKuKnFGMHCrcvJuhPzzzuu5SGTqAK2ne95AiWHqmA9MGOpe
D8fF2MDUmBvYld7Gqt5kBSvYtt6XGF6SSzIjed+V9muKP41Q8L7KWjEdwFnksEra
l5NL69y/y+1kejwa00KfN9Owpn7ZS6LK9/6Z/eIshWtOS5l+O5N65T3dq/YbkXfq
PBeragDxUqyr0vc2ZM7f4lLLCl6jf3z5iqxFzgkG6/kUjsIW7x7+Zz7riSC1oQ==
-----END CERTIFICATE-----