Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
File:                     AS213460.roa (raw, json)
Hash identifier:          onWGCptRqqCCdhMjWuNm3YC0+mxrR19gnLAeNs+kEOQ=
Subject key identifier:   CB:15:FE:64:52:CC:10:57:24:A0:7A:82:EA:8B:D4:D6:88:E4:79:43
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1BE367FB33157C3AEF88166E71AA5258E413B2A8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa
Signing time:             Sun 22 Jun 2025 14:31:45 +0000
ROA not before:           Sun 22 Jun 2025 14:26:45 +0000
ROA not after:            Sun 21 Jun 2026 14:31:45 +0000
asID:                     213460
IP address blocks:        91.124.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:e3:67:fb:33:15:7c:3a:ef:88:16:6e:71:aa:52:58:e4:13:b2:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 22 14:26:45 2025 GMT
            Not After : Jun 21 14:31:45 2026 GMT
        Subject: CN=CB15FE6452CC105724A07A82EA8BD4D688E47943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:50:fd:fd:4c:eb:28:f5:4d:05:25:8a:08:
                    51:64:04:c1:c2:42:b7:ec:3f:de:e8:d8:09:f0:11:
                    5b:f1:62:5c:6b:7f:54:ed:88:c7:c4:92:d7:04:53:
                    c5:6b:15:28:8f:e5:b0:03:bd:1c:8d:de:71:8c:ce:
                    93:6e:94:bf:9e:f0:14:d5:57:b8:52:ac:6b:83:fa:
                    0d:16:30:89:d7:bb:a4:92:b9:b6:37:df:92:ea:6f:
                    2d:88:c9:af:a8:83:71:6d:7e:03:76:38:50:5f:1e:
                    f2:ed:74:b4:22:76:c1:20:6b:29:e1:17:f9:63:a1:
                    95:3f:65:da:1e:47:14:7a:74:30:d6:3b:b5:8c:44:
                    05:48:51:87:fa:0f:fa:4d:59:ce:6c:48:02:7d:fb:
                    3f:bb:85:95:65:bd:7a:57:03:47:03:a2:97:b2:13:
                    e1:02:1c:f1:88:b3:77:37:57:6b:21:3e:37:54:65:
                    6e:29:9c:dc:af:79:1c:b1:41:39:ba:36:f0:f1:7c:
                    92:7c:5c:17:02:d5:ee:b7:73:e0:12:2c:01:99:05:
                    e8:56:47:8f:f0:91:eb:bd:44:2d:fa:fe:04:38:99:
                    a0:c6:30:7f:5a:f8:ef:a7:79:59:62:82:ae:21:91:
                    94:69:df:87:1b:c7:28:34:8f:5f:ff:36:e7:42:fe:
                    a0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:15:FE:64:52:CC:10:57:24:A0:7A:82:EA:8B:D4:D6:88:E4:79:43
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213460.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:29:c0:f4:36:52:c9:77:9d:4b:50:2d:d8:1f:af:2c:4c:05:
         55:a4:85:8f:d7:60:5e:47:1e:4f:47:2d:4d:62:1b:da:50:97:
         66:23:22:1f:86:bb:09:ef:e3:5f:05:fb:8d:c1:88:44:12:eb:
         e0:04:da:ac:97:9c:c5:6b:78:05:ba:d1:3f:7b:4d:cc:62:4d:
         f0:f5:ea:1f:6f:05:28:aa:83:b5:5e:a5:95:ff:52:52:f4:3d:
         23:a9:bf:06:f4:44:0a:34:0f:89:6e:02:4d:71:7b:e7:1a:60:
         11:32:8c:b7:ce:3d:14:63:ea:e4:d4:b6:7e:1c:6e:53:65:1f:
         fb:e0:de:ed:7f:22:c6:d8:17:44:79:a0:16:40:10:05:b6:a8:
         c9:23:af:ec:ed:e3:e3:32:99:13:35:ac:c5:b2:de:67:89:03:
         3f:a8:3f:6b:d7:ac:c3:a0:db:45:43:39:4f:72:aa:0d:16:fd:
         01:47:bf:f0:63:0d:24:33:f4:23:63:06:fd:10:7e:5c:4c:38:
         fb:ec:fb:68:c3:f0:ed:ff:bc:99:d3:28:48:17:81:c1:24:14:
         eb:5d:67:2b:ef:dd:43:93:39:4c:f1:c2:65:dd:fd:f8:aa:ac:
         66:3f:e8:ac:98:66:b9:fe:3b:53:f4:31:c6:4f:fa:c7:34:e7:
         e7:39:8b:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUG+Nn+zMVfDrviBZucapSWOQTsqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjIxNDI2NDVaFw0yNjA2MjExNDMxNDVaMDMxMTAvBgNV
BAMTKENCMTVGRTY0NTJDQzEwNTcyNEEwN0E4MkVBOEJENEQ2ODhFNDc5NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WVD9/UzrKPVNBSWKCFFkBMHC
QrfsP97o2AnwEVvxYlxrf1TtiMfEktcEU8VrFSiP5bADvRyN3nGMzpNulL+e8BTV
V7hSrGuD+g0WMInXu6SSubY335Lqby2Iya+og3FtfgN2OFBfHvLtdLQidsEgaynh
F/ljoZU/ZdoeRxR6dDDWO7WMRAVIUYf6D/pNWc5sSAJ9+z+7hZVlvXpXA0cDopey
E+ECHPGIs3c3V2shPjdUZW4pnNyveRyxQTm6NvDxfJJ8XBcC1e63c+ASLAGZBehW
R4/wkeu9RC36/gQ4maDGMH9a+O+neVligq4hkZRp34cbxyg0j1//NudC/qDlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyxX+ZFLMEFckoHqC6ovU1ojkeUMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNDYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3x7
MA0GCSqGSIb3DQEBCwUAA4IBAQBWKcD0NlLJd51LUC3YH68sTAVVpIWP12BeRx5P
Ry1NYhvaUJdmIyIfhrsJ7+NfBfuNwYhEEuvgBNqsl5zFa3gFutE/e03MYk3w9eof
bwUoqoO1XqWV/1JS9D0jqb8G9EQKNA+JbgJNcXvnGmARMoy3zj0UY+rk1LZ+HG5T
ZR/74N7tfyLG2BdEeaAWQBAFtqjJI6/s7ePjMpkTNazFst5niQM/qD9r16zDoNtF
QzlPcqoNFv0BR7/wYw0kM/QjYwb9EH5cTDj77Ptow/Dt/7yZ0yhIF4HBJBTrXWcr
791DkzlM8cJl3f34qqxmP+ismGa5/jtT9DHGT/rHNOfnOYtZ
-----END CERTIFICATE-----