Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
File:                     AS213460.roa (raw, json)
Hash identifier:          dQJm/yqCQgOKrZvGewO7ARxb9qH00tkDi0QfFjt0Vz8=
Subject key identifier:   E2:40:E5:5F:1A:0F:54:6B:94:54:4D:C2:DD:42:91:9E:50:11:7F:B3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6BA033E5826BAEE41EF3CB5640B3F7E5D3AA41AD
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
Signing time:             Wed 21 May 2025 13:24:45 +0000
ROA not before:           Wed 21 May 2025 13:19:45 +0000
ROA not after:            Wed 20 May 2026 13:24:45 +0000
asID:                     213460
IP address blocks:        91.124.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:a0:33:e5:82:6b:ae:e4:1e:f3:cb:56:40:b3:f7:e5:d3:aa:41:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 21 13:19:45 2025 GMT
            Not After : May 20 13:24:45 2026 GMT
        Subject: CN=E240E55F1A0F546B94544DC2DD42919E50117FB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:43:20:6d:95:5a:58:65:10:06:b1:3c:65:85:
                    f6:74:7e:fc:66:12:b1:b8:28:f6:c7:04:25:c4:6e:
                    8d:71:e4:ae:36:4b:4c:05:87:1f:a2:7d:24:7b:29:
                    43:d6:3f:7d:de:44:75:39:c6:e2:32:43:a9:93:75:
                    db:84:0a:25:05:44:a6:5f:63:51:31:79:30:76:3b:
                    f3:ed:5a:df:11:72:7f:07:37:b8:cb:da:29:44:9c:
                    31:81:40:c3:7c:27:95:4f:62:9b:04:49:1a:e2:9c:
                    0e:90:3d:df:ad:c6:e9:8f:05:09:a7:1e:be:aa:8a:
                    31:f5:ce:19:9c:50:9b:1e:b3:35:47:a7:e7:4e:e8:
                    28:c1:f1:35:bb:23:98:85:33:c5:0b:99:40:4e:7d:
                    9f:b6:3e:ce:de:8d:ec:19:34:ca:96:7f:a9:c9:a2:
                    62:68:55:f8:79:50:d6:72:34:4e:b5:e1:7f:78:73:
                    97:56:2b:96:d4:f1:00:e7:8e:a4:6a:41:98:09:eb:
                    a3:ac:9a:6e:d8:27:0c:d5:86:73:8b:11:e9:d7:b9:
                    70:70:2c:0e:59:42:92:19:a8:2c:88:9f:a4:68:9a:
                    f8:4e:ca:dc:4b:fe:1d:a9:a1:d4:af:cd:a3:53:63:
                    06:08:25:80:11:f6:98:e7:7d:ff:62:df:a3:82:c0:
                    ad:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:40:E5:5F:1A:0F:54:6B:94:54:4D:C2:DD:42:91:9E:50:11:7F:B3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:67:b3:57:d0:77:34:78:4a:86:d6:20:d6:61:a4:89:d4:48:
         9a:4b:7c:2c:63:19:19:1f:d6:39:1e:77:79:af:b1:44:2b:4e:
         50:48:96:1e:62:d9:b9:e1:47:a4:b3:4b:85:db:a2:22:7b:5c:
         0b:25:37:3a:74:b2:9b:27:5b:8d:67:30:77:05:bc:6a:b9:0d:
         58:b2:27:f4:38:c9:0e:e0:bf:c3:29:97:1d:43:18:92:5d:01:
         f8:bc:42:1c:6f:bb:99:55:58:ad:56:c9:36:40:64:bc:c4:34:
         cd:2a:ff:b1:45:fc:77:8c:1d:bc:4b:1c:69:ad:9b:3d:64:c4:
         24:51:fa:3b:46:f7:04:e6:51:a9:5e:34:2e:49:90:0a:e2:7d:
         2d:57:49:35:ef:0f:42:54:15:3e:c5:37:f5:7a:9e:10:f5:d0:
         b8:55:85:2d:ad:07:53:de:92:d7:79:8b:d8:92:c6:fc:7a:8b:
         e6:b7:eb:d0:75:e1:62:77:48:79:be:31:99:0d:42:c0:ca:88:
         a6:8b:71:7b:4e:1b:41:9b:9b:4e:fc:ad:2a:c3:61:4b:ad:73:
         72:10:38:24:3f:93:ae:71:5d:52:91:65:6d:74:ec:1d:14:93:
         d1:0e:d1:b4:6c:a2:b2:ab:f6:08:bc:b5:2c:4e:bb:15:11:cd:
         7e:31:e2:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa6Az5YJrruQe88tWQLP35dOqQa0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA1MjExMzE5NDVaFw0yNjA1MjAxMzI0NDVaMDMxMTAvBgNV
BAMTKEUyNDBFNTVGMUEwRjU0NkI5NDU0NERDMkRENDI5MTlFNTAxMTdGQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFQyBtlVpYZRAGsTxlhfZ0fvxm
ErG4KPbHBCXEbo1x5K42S0wFhx+ifSR7KUPWP33eRHU5xuIyQ6mTdduECiUFRKZf
Y1ExeTB2O/PtWt8Rcn8HN7jL2ilEnDGBQMN8J5VPYpsESRrinA6QPd+txumPBQmn
Hr6qijH1zhmcUJseszVHp+dO6CjB8TW7I5iFM8ULmUBOfZ+2Ps7ejewZNMqWf6nJ
omJoVfh5UNZyNE614X94c5dWK5bU8QDnjqRqQZgJ66Osmm7YJwzVhnOLEenXuXBw
LA5ZQpIZqCyIn6RomvhOytxL/h2podSvzaNTYwYIJYAR9pjnff9i36OCwK1LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4kDlXxoPVGuUVE3C3UKRnlARf7MwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3x7
MA0GCSqGSIb3DQEBCwUAA4IBAQCMZ7NX0Hc0eEqG1iDWYaSJ1EiaS3wsYxkZH9Y5
Hnd5r7FEK05QSJYeYtm54Ueks0uF26Iie1wLJTc6dLKbJ1uNZzB3BbxquQ1Ysif0
OMkO4L/DKZcdQxiSXQH4vEIcb7uZVVitVsk2QGS8xDTNKv+xRfx3jB28SxxprZs9
ZMQkUfo7RvcE5lGpXjQuSZAK4n0tV0k17w9CVBU+xTf1ep4Q9dC4VYUtrQdT3pLX
eYvYksb8eovmt+vQdeFid0h5vjGZDULAyoimi3F7ThtBm5tO/K0qw2FLrXNyEDgk
P5OucV1SkWVtdOwdFJPRDtG0bKKyq/YIvLUsTrsVEc1+MeIL
-----END CERTIFICATE-----