Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6594.roa
File:                     AS6594.roa (raw, json)
Hash identifier:          0XEMHOpaGZPjHrXluxi3xGSGVML/TVF0o0T8KShCTak=
Subject key identifier:   98:19:7D:28:90:B2:0F:21:23:B3:7A:D2:F5:96:DE:23:72:B0:41:38
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       29EA45C5752AEDFD5F7A21BFBA02A118BD69FC8D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6594.roa
Signing time:             Thu 10 Apr 2025 16:01:14 +0000
ROA not before:           Thu 10 Apr 2025 15:56:14 +0000
ROA not after:            Thu 09 Apr 2026 16:01:14 +0000
asID:                     6594
IP address blocks:        45.158.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:ea:45:c5:75:2a:ed:fd:5f:7a:21:bf:ba:02:a1:18:bd:69:fc:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 10 15:56:14 2025 GMT
            Not After : Apr  9 16:01:14 2026 GMT
        Subject: CN=98197D2890B20F2123B37AD2F596DE2372B04138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:02:56:91:0c:bd:9f:ec:7a:0e:63:ab:6d:1f:
                    ec:a3:bd:d1:d3:44:ab:39:a4:67:16:4c:4a:af:9f:
                    3b:a1:c6:4c:ed:f9:e9:2c:18:4d:2b:f9:7b:e3:d5:
                    2a:35:75:3a:f3:4d:a2:68:e0:29:63:69:1f:41:47:
                    f4:fc:3f:a5:11:dd:47:69:bd:35:b2:0c:f4:d8:57:
                    e7:2d:e2:8f:47:c9:8e:36:50:9c:16:75:f1:7c:3c:
                    38:7b:69:5b:38:b0:89:75:1a:c6:42:e1:3b:cb:a6:
                    f2:b4:ea:e2:0d:a6:74:3f:7b:d0:5d:e4:83:70:20:
                    09:c7:2e:f7:1b:d5:e7:22:f5:27:9f:a1:25:cf:05:
                    b8:2e:8f:dc:d9:c9:f7:c4:c8:c1:1e:a4:4d:fa:8c:
                    0f:d5:53:d1:10:b7:a8:41:a8:8d:e9:18:82:06:e6:
                    e5:54:f2:82:60:23:bf:e3:60:5c:a2:ea:28:55:55:
                    22:fe:c1:b7:77:21:b1:03:bc:64:db:23:12:20:de:
                    07:47:85:e1:9e:c5:06:86:18:cc:b8:25:c9:ff:f9:
                    bb:b4:b3:b7:a2:75:14:6f:b7:a1:a5:4e:46:40:2e:
                    cd:0f:cd:e2:67:88:05:9f:77:68:dc:2b:3c:81:17:
                    bd:c4:47:c6:cb:fb:bc:32:ee:58:10:6f:e1:3f:20:
                    53:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:19:7D:28:90:B2:0F:21:23:B3:7A:D2:F5:96:DE:23:72:B0:41:38
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6594.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:59:e5:7d:bc:24:5e:39:aa:b5:75:58:51:82:cd:f9:f5:f8:
         bf:71:b5:86:04:c3:56:5e:bc:01:ea:1f:05:f6:95:1b:ec:d7:
         3b:0a:f9:e6:9d:93:73:95:a7:dd:86:8a:05:20:d3:c0:c6:c4:
         4b:07:9d:fe:fb:0a:44:6d:3a:d6:db:12:a1:24:c0:ed:db:b9:
         3c:9a:7b:76:f5:a9:f8:b5:9d:5f:8f:73:98:6d:cd:6b:2c:0e:
         65:95:07:b6:ac:e6:b5:ce:42:66:f7:fa:e8:7a:52:6a:69:9a:
         a3:83:21:b7:f8:98:64:19:20:44:2b:dc:07:78:68:7f:a2:1e:
         b0:55:77:6e:80:95:0f:e4:8e:e2:d9:0c:dd:00:f2:6b:6a:91:
         11:b4:ca:0a:35:05:04:84:53:5a:20:2c:e2:0a:5f:69:4b:4a:
         e5:8b:a6:a8:40:7e:b1:9f:22:08:bc:64:77:2d:69:f8:af:43:
         7d:71:14:9a:8c:b4:eb:7c:53:74:4c:48:17:44:24:32:41:cc:
         ec:1c:0e:0b:31:2e:8d:b3:27:fb:83:24:0d:ef:53:94:5e:e2:
         b0:d2:92:3f:30:4b:c6:41:10:3e:1f:41:7e:6e:18:e6:d2:4d:
         f0:45:f0:d7:63:b0:3a:3a:5b:6a:9e:82:fd:de:e3:ce:6f:39:
         b6:8b:a7:40
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUKepFxXUq7f1feiG/ugKhGL1p/I0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MTAxNTU2MTRaFw0yNjA0MDkxNjAxMTRaMDMxMTAvBgNV
BAMTKDk4MTk3RDI4OTBCMjBGMjEyM0IzN0FEMkY1OTZERTIzNzJCMDQxMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWAlaRDL2f7HoOY6ttH+yjvdHT
RKs5pGcWTEqvnzuhxkzt+eksGE0r+Xvj1So1dTrzTaJo4CljaR9BR/T8P6UR3Udp
vTWyDPTYV+ct4o9HyY42UJwWdfF8PDh7aVs4sIl1GsZC4TvLpvK06uINpnQ/e9Bd
5INwIAnHLvcb1eci9SefoSXPBbguj9zZyffEyMEepE36jA/VU9EQt6hBqI3pGIIG
5uVU8oJgI7/jYFyi6ihVVSL+wbd3IbEDvGTbIxIg3gdHheGexQaGGMy4Jcn/+bu0
s7eidRRvt6GlTkZALs0PzeJniAWfd2jcKzyBF73ER8bL+7wy7lgQb+E/IFNzAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUmBl9KJCyDyEjs3rS9ZbeI3KwQTgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjU5NC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2eqTAN
BgkqhkiG9w0BAQsFAAOCAQEAH1nlfbwkXjmqtXVYUYLN+fX4v3G1hgTDVl68Aeof
BfaVG+zXOwr55p2Tc5Wn3YaKBSDTwMbESwed/vsKRG061tsSoSTA7du5PJp7dvWp
+LWdX49zmG3NaywOZZUHtqzmtc5CZvf66HpSammao4Mht/iYZBkgRCvcB3hof6Ie
sFV3boCVD+SO4tkM3QDya2qREbTKCjUFBIRTWiAs4gpfaUtK5YumqEB+sZ8iCLxk
dy1p+K9DfXEUmoy063xTdExIF0QkMkHM7BwOCzEujbMn+4MkDe9TlF7isNKSPzBL
xkEQPh9Bfm4Y5tJN8EXw12OwOjpbap6C/d7jzm85tounQA==
-----END CERTIFICATE-----