Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210529.roa
File:                     AS210529.roa (raw, json)
Hash identifier:          u9GGAxuT87XASZ2WOgBw+PMeGzA8rX3/W8ERR2aff04=
Subject key identifier:   A1:92:32:92:2E:B3:50:01:1F:30:CD:1A:11:C8:FD:37:E4:8F:5F:A1
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       0933550F0A44E4AC9C3D5A43204D002D00B4F546
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210529.roa
Signing time:             Mon 12 May 2025 16:57:12 +0000
ROA not before:           Mon 12 May 2025 16:52:12 +0000
ROA not after:            Mon 11 May 2026 16:57:12 +0000
asID:                     210529
IP address blocks:        5.133.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:33:55:0f:0a:44:e4:ac:9c:3d:5a:43:20:4d:00:2d:00:b4:f5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May 12 16:52:12 2025 GMT
            Not After : May 11 16:57:12 2026 GMT
        Subject: CN=A19232922EB350011F30CD1A11C8FD37E48F5FA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:c1:6c:c2:31:f0:a9:8f:09:78:47:fe:ae:
                    39:fc:96:38:93:72:c8:71:2b:2c:c8:4e:2e:ed:3a:
                    ff:0b:73:9b:3d:53:96:df:8e:58:fb:f5:e8:64:06:
                    b3:9f:ce:bb:15:c5:b7:9b:db:f1:20:d3:b0:6c:3d:
                    96:2a:8f:40:a8:f0:dd:94:0f:16:25:e2:d9:53:10:
                    32:ab:90:b8:9f:71:c1:4f:5e:53:23:3b:43:f0:ed:
                    8b:0c:06:e7:76:40:65:e4:d3:6f:af:cb:32:76:08:
                    af:f8:34:fc:af:ba:b2:84:c8:3f:76:c9:3c:59:6f:
                    7c:f8:3f:9a:9c:fd:2c:5f:a3:4c:c0:77:5f:d7:8b:
                    a9:f1:1e:9e:68:d8:74:9b:cc:c0:92:e6:83:62:53:
                    76:77:f1:b5:c7:95:0a:a2:76:e0:db:7b:45:9f:99:
                    b4:c3:e0:61:5c:1b:b5:22:f9:2f:4f:b5:fb:52:d1:
                    01:49:c6:a6:20:b3:30:cd:86:2e:c1:c4:11:94:c1:
                    8f:c6:5e:fe:29:43:2e:a9:e6:b4:8a:9a:08:8e:c8:
                    3e:cc:f2:32:87:59:4f:d5:07:1c:8f:21:51:3c:19:
                    ce:8c:13:25:26:e4:fa:a8:af:48:ac:97:ed:b8:03:
                    86:0e:a1:fa:21:0b:cf:a9:20:9a:e3:66:61:e5:a9:
                    96:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:92:32:92:2E:B3:50:01:1F:30:CD:1A:11:C8:FD:37:E4:8F:5F:A1
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS210529.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e2:2c:0d:c7:d9:4d:e2:aa:d2:cd:59:b5:55:31:0c:ba:3f:
         9e:87:8a:9f:bd:89:be:ab:1b:95:75:f8:60:6c:68:1f:b9:9d:
         89:6a:23:7f:de:ca:92:ea:78:1c:d0:71:7d:6c:b0:7b:5d:f3:
         f9:e1:10:d3:c8:55:18:ed:c5:b6:b9:12:22:62:93:67:4a:b2:
         0c:9d:81:9a:d1:7c:31:9d:8f:4f:b4:72:f4:21:c8:52:f4:e0:
         f5:15:77:3f:9a:ef:8d:fc:4d:21:e0:c8:42:d4:5a:8b:f5:5d:
         c6:b3:76:de:d2:ee:d0:e7:08:e9:ca:f5:20:f4:c0:99:86:3f:
         be:e4:f1:9e:49:07:dc:39:f8:3b:07:f3:f3:d0:50:5e:69:5f:
         9b:06:0a:f5:fb:3a:51:25:2a:d0:b4:df:71:33:ec:fe:53:5b:
         c7:8b:ce:b4:9d:04:ba:62:ea:10:42:69:41:1d:1a:aa:4e:3c:
         82:f7:42:c3:e9:2d:98:d5:eb:9b:ce:e1:75:6c:66:26:4a:fb:
         8e:f5:0c:1e:b6:39:65:68:7e:26:ad:05:7d:61:9c:ce:6a:50:
         8b:20:a4:eb:c2:81:64:74:72:b1:d0:dd:25:a8:99:31:7a:f8:
         4e:f1:f4:c8:3b:89:36:6e:fb:d4:c0:c1:0b:e7:00:4e:fa:61:
         e3:9b:b6:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCTNVDwpE5KycPVpDIE0ALQC09UYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MTIxNjUyMTJaFw0yNjA1MTExNjU3MTJaMDMxMTAvBgNV
BAMTKEExOTIzMjkyMkVCMzUwMDExRjMwQ0QxQTExQzhGRDM3RTQ4RjVGQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUbMFswjHwqY8JeEf+rjn8ljiT
cshxKyzITi7tOv8Lc5s9U5bfjlj79ehkBrOfzrsVxbeb2/Eg07BsPZYqj0Co8N2U
DxYl4tlTEDKrkLifccFPXlMjO0Pw7YsMBud2QGXk02+vyzJ2CK/4NPyvurKEyD92
yTxZb3z4P5qc/Sxfo0zAd1/Xi6nxHp5o2HSbzMCS5oNiU3Z38bXHlQqiduDbe0Wf
mbTD4GFcG7Ui+S9PtftS0QFJxqYgszDNhi7BxBGUwY/GXv4pQy6p5rSKmgiOyD7M
8jKHWU/VBxyPIVE8Gc6MEyUm5Pqor0isl+24A4YOofohC8+pIJrjZmHlqZYzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoZIyki6zUAEfMM0aEcj9N+SPX6EwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEwNTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVn
MA0GCSqGSIb3DQEBCwUAA4IBAQCb4iwNx9lN4qrSzVm1VTEMuj+eh4qfvYm+qxuV
dfhgbGgfuZ2JaiN/3sqS6ngc0HF9bLB7XfP54RDTyFUY7cW2uRIiYpNnSrIMnYGa
0XwxnY9PtHL0IchS9OD1FXc/mu+N/E0h4MhC1FqL9V3Gs3be0u7Q5wjpyvUg9MCZ
hj++5PGeSQfcOfg7B/Pz0FBeaV+bBgr1+zpRJSrQtN9xM+z+U1vHi860nQS6YuoQ
QmlBHRqqTjyC90LD6S2Y1eubzuF1bGYmSvuO9QwetjllaH4mrQV9YZzOalCLIKTr
woFkdHKx0N0lqJkxevhO8fTIO4k2bvvUwMEL5wBO+mHjm7az
-----END CERTIFICATE-----