Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          ndszMQVkFaTU8bsvw3R2gSuk5DKN4l8GiiPHxqipWgw=
Subject key identifier:   F4:36:E0:AE:BA:E4:D7:E4:A1:A7:2E:61:95:D4:EB:68:6F:91:29:4F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       743A440C3AA4C51E7B7E1A216553C6DCF1F95335
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
Signing time:             Tue 13 Aug 2024 14:48:07 +0000
ROA not before:           Tue 13 Aug 2024 14:43:07 +0000
ROA not after:            Tue 12 Aug 2025 14:48:07 +0000
asID:                     147003
IP address blocks:        191.96.29.0/24 maxlen: 24
                          191.96.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:3a:44:0c:3a:a4:c5:1e:7b:7e:1a:21:65:53:c6:dc:f1:f9:53:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 13 14:43:07 2024 GMT
            Not After : Aug 12 14:48:07 2025 GMT
        Subject: CN=F436E0AEBAE4D7E4A1A72E6195D4EB686F91294F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:49:1b:c7:d3:d0:7f:72:ee:26:c8:2d:b9:dc:
                    d0:01:03:60:25:f3:0e:c5:c8:fa:9f:1a:02:0f:85:
                    2d:cb:85:4d:0d:e8:8a:81:d6:8d:c9:17:5a:cc:b2:
                    9e:9e:a6:42:38:7e:76:ac:e8:3c:41:86:c6:aa:31:
                    78:72:6b:58:fa:db:df:0b:ed:62:51:59:de:39:d5:
                    60:25:58:a6:26:5b:47:0c:51:2c:6d:53:9e:26:8e:
                    82:01:44:e1:7d:65:80:64:aa:5c:d3:db:5d:d6:f5:
                    b7:ab:7b:7b:f0:26:fc:76:16:47:44:7c:fd:e4:49:
                    3f:0b:f5:90:47:5a:55:19:9a:39:ab:1d:93:d8:d4:
                    d9:fb:59:35:7d:a7:39:2c:2c:67:df:0b:5a:10:dc:
                    28:b0:a9:73:51:7c:ba:2d:01:dc:14:ee:42:cf:20:
                    49:e8:28:2b:b2:48:25:46:b9:a8:64:a8:28:ae:f0:
                    ef:40:9c:5a:ac:26:ec:4a:5d:74:a5:3a:d8:89:1a:
                    2b:64:75:4d:41:51:56:97:7f:92:87:bf:57:0f:0a:
                    5f:8f:2c:16:8f:ce:47:92:b8:93:a4:8d:36:ec:1b:
                    bc:a1:bf:68:c4:f2:b0:ce:9b:70:c6:d6:61:21:40:
                    e4:f7:77:cb:50:c5:c1:31:38:60:0f:2e:59:8c:70:
                    63:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:36:E0:AE:BA:E4:D7:E4:A1:A7:2E:61:95:D4:EB:68:6F:91:29:4F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24
                  191.96.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d8:8c:9a:6b:a0:e1:bf:ad:2c:50:de:cb:14:24:e1:ce:05:
         8d:16:bb:81:e6:01:53:c4:a5:c2:f5:a5:3f:14:a2:1f:60:49:
         da:61:6c:15:e5:29:b7:ff:67:36:1a:6a:b4:3a:10:5b:34:65:
         34:48:b7:92:53:d1:24:93:e2:4d:62:60:35:48:82:6d:51:e6:
         f8:72:88:f1:e1:f8:99:5d:14:27:de:f6:f8:41:a9:00:21:35:
         81:64:11:9f:38:02:6b:92:e7:65:7c:85:66:06:80:35:4d:b1:
         d4:9e:47:5d:8e:0b:e7:12:b5:d1:65:45:1f:bd:0b:f2:15:e0:
         7a:8b:cd:e6:81:20:fe:f1:1d:05:1d:0a:3c:38:6f:bc:a3:07:
         93:5f:57:1c:21:9a:1d:64:ee:bf:29:a1:d0:db:a4:58:f0:dd:
         38:76:76:76:03:24:42:0e:94:4c:c7:4f:cd:7e:bf:26:99:c6:
         e3:10:51:63:ec:52:7e:af:8b:e3:5f:c0:99:f7:1c:d1:ca:e6:
         d9:62:d8:4f:26:4b:32:f2:f2:f5:8f:43:32:8e:96:49:b8:d9:
         c4:e4:4b:7e:12:e8:08:cd:3b:ff:34:e5:26:cf:2d:38:ca:b3:
         e4:fe:86:f5:16:7c:4d:64:2d:83:55:47:e2:69:13:fe:a5:e6:
         f1:7c:e6:02
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdDpEDDqkxR57fhohZVPG3PH5UzUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTMxNDQzMDdaFw0yNTA4MTIxNDQ4MDdaMDMxMTAvBgNV
BAMTKEY0MzZFMEFFQkFFNEQ3RTRBMUE3MkU2MTk1RDRFQjY4NkY5MTI5NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeSRvH09B/cu4myC253NABA2Al
8w7FyPqfGgIPhS3LhU0N6IqB1o3JF1rMsp6epkI4fnas6DxBhsaqMXhya1j6298L
7WJRWd451WAlWKYmW0cMUSxtU54mjoIBROF9ZYBkqlzT213W9bere3vwJvx2FkdE
fP3kST8L9ZBHWlUZmjmrHZPY1Nn7WTV9pzksLGffC1oQ3CiwqXNRfLotAdwU7kLP
IEnoKCuySCVGuahkqCiu8O9AnFqsJuxKXXSlOtiJGitkdU1BUVaXf5KHv1cPCl+P
LBaPzkeSuJOkjTbsG7yhv2jE8rDOm3DG1mEhQOT3d8tQxcExOGAPLlmMcGMfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU9Dbgrrrk1+Shpy5hldTraG+RKU8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2Ad
AwQAv2C2MA0GCSqGSIb3DQEBCwUAA4IBAQBo2Iyaa6Dhv60sUN7LFCThzgWNFruB
5gFTxKXC9aU/FKIfYEnaYWwV5Sm3/2c2Gmq0OhBbNGU0SLeSU9Ekk+JNYmA1SIJt
Ueb4cojx4fiZXRQn3vb4QakAITWBZBGfOAJrkudlfIVmBoA1TbHUnkddjgvnErXR
ZUUfvQvyFeB6i83mgSD+8R0FHQo8OG+8oweTX1ccIZodZO6/KaHQ26RY8N04dnZ2
AyRCDpRMx0/Nfr8mmcbjEFFj7FJ+r4vjX8CZ9xzRyubZYthPJksy8vL1j0MyjpZJ
uNnE5Et+EugIzTv/NOUmzy04yrPk/ob1FnxNZC2DVUfiaRP+pebxfOYC
-----END CERTIFICATE-----