Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199959.roa
File:                     AS199959.roa (raw, json)
Hash identifier:          FVlxlAiXA3TrOIgT+GVb1bo1lUkKAvfAjA2jofi+3OA=
Subject key identifier:   0B:5F:AA:15:FA:E1:90:47:25:5E:0B:3E:EE:C4:F6:C2:43:91:D3:0F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       136B7D5D130BD80F6D68A289423FD6A009F28E17
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199959.roa
Signing time:             Sat 28 Jun 2025 00:02:35 +0000
ROA not before:           Fri 27 Jun 2025 23:57:35 +0000
ROA not after:            Sat 27 Jun 2026 00:02:35 +0000
asID:                     199959
IP address blocks:        91.124.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:6b:7d:5d:13:0b:d8:0f:6d:68:a2:89:42:3f:d6:a0:09:f2:8e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 23:57:35 2025 GMT
            Not After : Jun 27 00:02:35 2026 GMT
        Subject: CN=0B5FAA15FAE19047255E0B3EEEC4F6C24391D30F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:df:a7:f3:90:41:26:54:cf:9e:a5:ce:d6:eb:
                    77:fe:a8:b4:64:c7:ef:7f:a9:91:a8:a5:72:87:89:
                    44:dd:e5:cd:0b:2e:db:fe:77:66:51:68:16:5e:13:
                    62:6f:96:4e:cd:c3:99:7a:4a:33:9c:10:cb:9e:0b:
                    27:8d:e2:18:b4:13:58:9d:e0:02:33:eb:67:57:a9:
                    32:97:79:04:d8:7b:ca:e6:42:67:f0:fb:9e:4e:e1:
                    d9:f0:48:e8:65:ba:b6:e9:42:95:3f:66:12:19:a1:
                    67:57:a3:4e:1b:57:d0:88:05:e4:8f:4e:95:01:03:
                    6d:cb:df:65:24:9a:3b:36:3d:65:11:91:7e:ea:56:
                    19:cc:9f:f5:30:66:80:5d:00:95:02:a3:41:ff:0f:
                    9b:73:c5:b3:0d:1d:b5:75:d0:2c:23:38:3a:6c:cd:
                    5d:af:86:1f:2b:25:80:09:b2:88:c4:0f:7f:07:c7:
                    13:2a:bb:3d:06:07:3a:21:5f:56:23:b5:bb:cf:07:
                    a2:9a:cb:6c:61:aa:47:12:12:8f:98:e6:72:42:bb:
                    d5:0e:04:5b:cf:45:ad:ec:22:a9:a6:8e:49:d9:0a:
                    fc:de:ec:c5:b1:29:88:9b:b9:86:a4:45:ab:9e:b4:
                    84:bd:f0:23:ec:25:08:c7:2b:ae:e1:65:5d:b0:ca:
                    2c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:5F:AA:15:FA:E1:90:47:25:5E:0B:3E:EE:C4:F6:C2:43:91:D3:0F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS199959.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:3f:4b:b0:a9:6c:2f:23:e5:43:70:5d:1c:0c:6a:d0:43:b0:
         5c:96:50:50:4d:4b:95:92:ef:e5:77:2d:44:f9:11:e0:d2:74:
         ff:c4:97:a0:ad:f4:98:2c:4e:7b:59:9b:d9:e9:3a:e4:23:cd:
         f2:8f:43:f4:c6:2d:29:0d:79:bd:32:99:91:79:04:69:9c:86:
         99:69:6c:78:20:7d:91:41:21:0e:14:a8:fc:d9:81:0a:0f:1d:
         e3:a4:ee:fc:53:6d:d4:20:3b:fb:d1:cd:ed:00:26:9d:5d:01:
         8c:13:4b:2e:9b:4f:a9:94:13:f6:68:f0:5b:bf:13:df:64:62:
         13:2a:a5:cf:c7:67:6c:7b:48:fe:68:8b:fb:d6:fe:e1:b3:45:
         1f:99:d6:1a:cc:20:d8:a8:85:68:bc:ad:03:bc:e5:25:07:79:
         ed:15:6d:0c:54:9a:ec:6f:d0:62:c8:86:59:f6:fa:1c:a4:49:
         88:a4:f6:ef:8a:d7:74:f1:a6:37:b3:cb:75:a2:4b:ab:9c:27:
         42:c6:31:56:2f:4a:5a:e7:f8:9b:d0:bc:ae:c9:26:25:ab:22:
         81:ce:f0:5e:81:fb:eb:c3:61:90:a3:f2:32:43:0a:d6:2e:c3:
         19:ec:b3:77:ef:b0:3b:f1:21:d3:c0:2e:36:a6:4b:ac:02:98:
         27:f7:9b:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUE2t9XRML2A9taKKJQj/WoAnyjhcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcyMzU3MzVaFw0yNjA2MjcwMDAyMzVaMDMxMTAvBgNV
BAMTKDBCNUZBQTE1RkFFMTkwNDcyNTVFMEIzRUVFQzRGNkMyNDM5MUQzMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP36fzkEEmVM+epc7W63f+qLRk
x+9/qZGopXKHiUTd5c0LLtv+d2ZRaBZeE2Jvlk7Nw5l6SjOcEMueCyeN4hi0E1id
4AIz62dXqTKXeQTYe8rmQmfw+55O4dnwSOhlurbpQpU/ZhIZoWdXo04bV9CIBeSP
TpUBA23L32Ukmjs2PWURkX7qVhnMn/UwZoBdAJUCo0H/D5tzxbMNHbV10CwjODps
zV2vhh8rJYAJsojED38HxxMquz0GBzohX1YjtbvPB6Kay2xhqkcSEo+Y5nJCu9UO
BFvPRa3sIqmmjknZCvze7MWxKYibuYakRauetIS98CPsJQjHK67hZV2wyiztAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUC1+qFfrhkEclXgs+7sT2wkOR0w8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk5OTU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3yy
MA0GCSqGSIb3DQEBCwUAA4IBAQAaP0uwqWwvI+VDcF0cDGrQQ7BcllBQTUuVku/l
dy1E+RHg0nT/xJegrfSYLE57WZvZ6TrkI83yj0P0xi0pDXm9MpmReQRpnIaZaWx4
IH2RQSEOFKj82YEKDx3jpO78U23UIDv70c3tACadXQGME0sum0+plBP2aPBbvxPf
ZGITKqXPx2dse0j+aIv71v7hs0UfmdYazCDYqIVovK0DvOUlB3ntFW0MVJrsb9Bi
yIZZ9vocpEmIpPbvitd08aY3s8t1okurnCdCxjFWL0pa5/ib0LyuySYlqyKBzvBe
gfvrw2GQo/IyQwrWLsMZ7LN377A78SHTwC42pkusApgn95sz
-----END CERTIFICATE-----