Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
File:                     AS213460.roa (raw, json)
Hash identifier:          Lees0yqMSvZYInM7jCYyptM5It0n8axzMTau4AjLIDo=
Subject key identifier:   5D:9C:C8:76:01:A9:CD:01:55:1D:40:0B:81:EC:72:4E:4B:D7:33:95
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       553BE787D2313B925902DBB33FD145870189B0D4
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
Signing time:             Sun 24 May 2026 14:47:16 +0000
ROA not before:           Sun 24 May 2026 14:42:16 +0000
ROA not after:            Sun 23 May 2027 14:47:16 +0000
asID:                     213460
IP address blocks:        91.124.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:3b:e7:87:d2:31:3b:92:59:02:db:b3:3f:d1:45:87:01:89:b0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 24 14:42:16 2026 GMT
            Not After : May 23 14:47:16 2027 GMT
        Subject: CN=5D9CC87601A9CD01551D400B81EC724E4BD73395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f3:80:21:23:07:10:22:27:24:de:fb:c5:89:
                    ea:43:4c:ff:8d:24:2b:ee:86:f7:df:d0:3e:5a:29:
                    f7:a5:a9:9e:25:11:b2:b3:8a:b7:22:db:77:b8:7f:
                    bd:0e:40:e3:83:32:59:30:bb:19:83:1a:63:b0:62:
                    af:d9:60:50:61:b9:56:5c:f9:68:91:2b:eb:ed:97:
                    19:46:2c:4f:dd:01:3d:6b:d7:3f:64:9f:e5:8b:68:
                    44:31:72:fe:35:f5:5f:b7:70:d3:69:b6:5c:12:a2:
                    f8:e7:82:14:84:b0:a3:7f:dc:48:3e:03:7b:76:51:
                    fd:48:8f:29:fc:e4:e1:c4:26:62:aa:78:74:06:ca:
                    51:f2:00:48:5c:fc:4f:3a:bf:bc:8c:f3:11:be:ba:
                    f5:a6:a1:0b:de:ea:6f:89:5e:43:e4:10:91:e8:02:
                    43:c5:81:78:cd:c3:ad:8f:24:ed:f1:8a:7c:cf:19:
                    db:fd:07:3f:b8:23:b5:1d:c2:ed:0f:18:b2:78:ce:
                    da:1d:f7:50:2f:63:c4:b6:48:89:6d:72:70:f7:f5:
                    c1:35:d8:a9:8e:cc:48:00:65:cf:3f:95:88:6a:2b:
                    4d:96:ce:79:f4:42:39:15:46:9f:f3:ba:4e:ad:3a:
                    d9:14:ab:71:20:7a:74:dd:95:4a:fa:44:29:65:d1:
                    8f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:9C:C8:76:01:A9:CD:01:55:1D:40:0B:81:EC:72:4E:4B:D7:33:95
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6e:da:dd:8a:9b:9e:a8:0e:09:60:d7:fc:c9:e5:e5:9a:cc:
         41:aa:9a:d1:af:58:38:1a:33:ee:d5:75:42:22:e8:5f:66:05:
         7f:cc:7d:c4:dd:38:1c:ef:e5:64:dc:83:57:99:3b:ff:bb:d0:
         3b:ba:06:14:ec:4a:27:e5:40:69:8f:09:25:d4:9e:66:66:0c:
         11:aa:fb:da:36:b8:d2:80:80:84:91:ce:f7:90:33:c5:69:94:
         d1:98:dc:18:3b:1b:2f:d5:4a:66:e5:de:aa:80:c6:cb:be:17:
         57:e5:c9:ee:59:a7:7c:c8:d9:53:f6:74:43:d5:08:49:69:cd:
         fd:71:16:eb:1b:d4:02:7f:af:e8:4f:2f:00:a7:e1:8b:6a:a4:
         38:df:79:99:4c:8a:60:d7:25:8a:fe:8c:8f:4b:73:4a:00:b4:
         c3:0c:2a:80:78:b2:99:f6:fe:56:35:6a:62:d7:0e:73:30:f2:
         c6:33:9a:e4:d7:e9:ea:d1:1c:23:5a:fa:45:1a:66:d0:0b:fc:
         47:7f:57:8f:18:6f:67:78:e8:74:61:3c:8d:ea:fd:a9:3b:36:
         8c:a1:6f:16:3a:81:e1:91:52:1b:6a:ce:50:8a:f6:d9:a7:f9:
         bb:f2:24:ba:fe:46:f6:7f:4a:3e:8e:11:31:1b:4d:df:f6:6d:
         9c:82:75:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVTvnh9IxO5JZAtuzP9FFhwGJsNQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjQxNDQyMTZaFw0yNzA1MjMxNDQ3MTZaMDMxMTAvBgNV
BAMTKDVEOUNDODc2MDFBOUNEMDE1NTFENDAwQjgxRUM3MjRFNEJENzMzOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ84AhIwcQIick3vvFiepDTP+N
JCvuhvff0D5aKfelqZ4lEbKzirci23e4f70OQOODMlkwuxmDGmOwYq/ZYFBhuVZc
+WiRK+vtlxlGLE/dAT1r1z9kn+WLaEQxcv419V+3cNNptlwSovjnghSEsKN/3Eg+
A3t2Uf1Ijyn85OHEJmKqeHQGylHyAEhc/E86v7yM8xG+uvWmoQve6m+JXkPkEJHo
AkPFgXjNw62PJO3xinzPGdv9Bz+4I7Udwu0PGLJ4ztod91AvY8S2SIltcnD39cE1
2KmOzEgAZc8/lYhqK02Wznn0QjkVRp/zuk6tOtkUq3EgenTdlUr6RCll0Y9HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXZzIdgGpzQFVHUALgexyTkvXM5UwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3x7
MA0GCSqGSIb3DQEBCwUAA4IBAQCIbtrdipueqA4JYNf8yeXlmsxBqprRr1g4GjPu
1XVCIuhfZgV/zH3E3Tgc7+Vk3INXmTv/u9A7ugYU7Eon5UBpjwkl1J5mZgwRqvva
NrjSgICEkc73kDPFaZTRmNwYOxsv1Upm5d6qgMbLvhdX5cnuWad8yNlT9nRD1QhJ
ac39cRbrG9QCf6/oTy8Ap+GLaqQ433mZTIpg1yWK/oyPS3NKALTDDCqAeLKZ9v5W
NWpi1w5zMPLGM5rk1+nq0RwjWvpFGmbQC/xHf1ePGG9neOh0YTyN6v2pOzaMoW8W
OoHhkVIbas5QivbZp/m78iS6/kb2f0o+jhExG03f9m2cgnU9
-----END CERTIFICATE-----