Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
File:                     AS201320.roa (raw, json)
Hash identifier:          nMkHYMHxCmHvL5w0N78p0yMu9H/vQ+6chLVQpMfCC8U=
Subject key identifier:   B9:D4:D6:AD:BD:B9:85:5A:7E:FA:F8:84:40:E0:2E:B1:B7:30:C9:40
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2CF53CB73C34AE094A60D8F7F328F1CEFAAE19C7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
Signing time:             Fri 14 Jun 2024 13:05:18 +0000
ROA not before:           Fri 14 Jun 2024 13:00:18 +0000
ROA not after:            Fri 13 Jun 2025 13:05:18 +0000
asID:                     201320
IP address blocks:        191.101.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:f5:3c:b7:3c:34:ae:09:4a:60:d8:f7:f3:28:f1:ce:fa:ae:19:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 14 13:00:18 2024 GMT
            Not After : Jun 13 13:05:18 2025 GMT
        Subject: CN=B9D4D6ADBDB9855A7EFAF88440E02EB1B730C940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5c:7f:ba:41:74:10:07:06:36:40:17:40:84:
                    9f:18:93:06:e6:06:7f:d4:68:7b:f9:a4:3b:41:f8:
                    06:4b:9b:5b:6a:99:d0:e6:12:c3:a4:ba:25:a7:6b:
                    61:a1:09:b4:97:2e:45:a5:a9:88:3d:82:63:74:35:
                    29:42:49:df:10:2c:67:b4:84:e6:99:96:5f:d1:e3:
                    9f:5c:94:6d:01:45:c0:40:26:0e:5a:6e:70:a7:c6:
                    21:3c:10:3d:29:38:78:55:5e:df:eb:31:04:de:0b:
                    df:52:31:60:b2:05:7d:da:e6:d7:92:f5:37:7f:73:
                    5c:b4:2b:1f:43:22:c4:dd:5d:17:f9:87:35:b4:d0:
                    fa:8f:0c:d9:65:14:77:a9:4d:53:d4:b6:76:8a:9e:
                    dc:61:19:c8:52:4b:10:b5:fb:b1:04:5a:7a:1f:69:
                    0f:5b:1e:74:27:d4:c2:9d:a2:3e:ab:c8:16:0b:7c:
                    37:d7:04:30:d2:7d:e5:55:00:fe:b5:cc:63:ba:97:
                    b6:54:a3:e0:0b:09:54:12:0b:af:c9:51:66:aa:77:
                    23:53:17:62:df:19:e2:e0:04:86:30:d1:0d:1f:20:
                    80:d6:fd:95:01:bf:69:7b:3a:0f:8d:b6:82:4e:26:
                    78:4e:66:a3:8a:ca:8a:2c:2d:5f:6b:c7:2f:13:d1:
                    31:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D4:D6:AD:BD:B9:85:5A:7E:FA:F8:84:40:E0:2E:B1:B7:30:C9:40
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a8:70:53:53:8a:27:39:54:06:b3:fe:9f:c3:e6:77:f5:70:
         a3:68:26:b4:16:da:3f:a2:81:b8:7f:73:80:4e:0a:09:c1:dc:
         d7:9a:37:fd:67:58:0b:59:57:50:52:d6:1d:3e:7c:88:46:17:
         37:c9:33:d7:6a:f0:16:99:d5:1e:fc:76:55:31:6a:cb:9a:85:
         66:fa:ef:08:4f:47:9f:f0:9e:ee:4e:8a:fd:1a:06:8d:6d:a7:
         be:2a:b9:fa:cb:78:b4:02:06:dc:b0:8c:2d:2a:9c:6e:51:36:
         f7:32:e8:ea:11:db:09:cd:7f:a5:fd:90:dc:84:46:61:2b:90:
         44:18:7b:0c:d7:70:9f:9b:d2:97:05:8e:1f:ec:cb:2d:4e:96:
         df:6e:ff:01:52:d2:b7:6c:e3:99:b6:30:79:71:48:6b:ad:5c:
         9f:b4:0a:8c:99:70:b3:01:73:5b:e1:72:27:ad:a8:56:2e:a6:
         7e:55:d5:3e:3f:01:24:8b:38:d7:19:76:8d:cd:51:3b:ce:e9:
         df:34:4f:4a:4f:a8:aa:4c:e3:f0:f0:3f:3b:62:14:3d:c6:3f:
         b3:a9:3d:cc:e8:ed:0b:30:5d:a5:22:78:1b:c8:02:1b:6d:0c:
         54:05:76:55:c4:cc:74:49:37:52:73:7f:49:1d:4f:17:48:7a:
         3b:12:70:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULPU8tzw0rglKYNj38yjxzvquGccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MTQxMzAwMThaFw0yNTA2MTMxMzA1MThaMDMxMTAvBgNV
BAMTKEI5RDRENkFEQkRCOTg1NUE3RUZBRjg4NDQwRTAyRUIxQjczMEM5NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRXH+6QXQQBwY2QBdAhJ8Ykwbm
Bn/UaHv5pDtB+AZLm1tqmdDmEsOkuiWna2GhCbSXLkWlqYg9gmN0NSlCSd8QLGe0
hOaZll/R459clG0BRcBAJg5abnCnxiE8ED0pOHhVXt/rMQTeC99SMWCyBX3a5teS
9Td/c1y0Kx9DIsTdXRf5hzW00PqPDNllFHepTVPUtnaKntxhGchSSxC1+7EEWnof
aQ9bHnQn1MKdoj6ryBYLfDfXBDDSfeVVAP61zGO6l7ZUo+ALCVQSC6/JUWaqdyNT
F2LfGeLgBIYw0Q0fIIDW/ZUBv2l7Og+NtoJOJnhOZqOKyoosLV9rxy8T0TFFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUudTWrb25hVp++viEQOAusbcwyUAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2VW
MA0GCSqGSIb3DQEBCwUAA4IBAQBzqHBTU4onOVQGs/6fw+Z39XCjaCa0Fto/ooG4
f3OATgoJwdzXmjf9Z1gLWVdQUtYdPnyIRhc3yTPXavAWmdUe/HZVMWrLmoVm+u8I
T0ef8J7uTor9GgaNbae+Krn6y3i0AgbcsIwtKpxuUTb3MujqEdsJzX+l/ZDchEZh
K5BEGHsM13Cfm9KXBY4f7MstTpbfbv8BUtK3bOOZtjB5cUhrrVyftAqMmXCzAXNb
4XInrahWLqZ+VdU+PwEkizjXGXaNzVE7zunfNE9KT6iqTOPw8D87YhQ9xj+zqT3M
6O0LMF2lIngbyAIbbQxUBXZVxMx0STdSc39JHU8XSHo7EnAB
-----END CERTIFICATE-----