Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          jSEwVxIaPRKPDgvGA92O2bo7MwZTzwlM1kEnerLSeqg=
Subject key identifier:   07:DC:2E:62:83:E3:39:22:7D:6C:93:C0:33:16:4B:64:B0:F3:36:51
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       676B117636F4C66FD219B601C2889699848F081E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
Signing time:             Tue 14 May 2024 17:05:16 +0000
ROA not before:           Tue 14 May 2024 17:00:16 +0000
ROA not after:            Tue 13 May 2025 17:05:16 +0000
asID:                     20141
IP address blocks:        191.96.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:6b:11:76:36:f4:c6:6f:d2:19:b6:01:c2:88:96:99:84:8f:08:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 14 17:00:16 2024 GMT
            Not After : May 13 17:05:16 2025 GMT
        Subject: CN=07DC2E6283E339227D6C93C033164B64B0F33651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:4a:6d:38:8b:a9:3b:ba:87:78:1f:48:b2:
                    d4:a2:02:c2:84:89:49:a6:c1:01:17:64:1b:05:a9:
                    fa:30:5a:74:03:d2:1d:53:30:93:5d:60:8e:bc:ed:
                    9f:e6:0d:fa:85:50:0c:30:57:43:3b:b4:bc:3f:5a:
                    1a:b0:f4:32:36:01:61:15:53:12:ef:f1:bb:94:be:
                    ea:ae:a0:1a:bc:59:e8:f2:88:6c:bd:27:b9:3b:ad:
                    e8:21:f9:29:39:93:6f:fe:8f:b4:27:1e:7c:7c:11:
                    f3:16:57:84:52:bb:7e:d7:0d:2c:38:f2:d8:18:fe:
                    85:ad:85:2e:aa:09:11:03:77:70:fb:54:f4:51:4f:
                    46:6f:00:25:45:f5:c0:4e:24:20:75:32:8d:f9:ef:
                    1e:bf:02:d8:14:cf:01:bf:83:75:ea:df:c2:57:99:
                    d9:b6:fb:13:cf:8a:40:40:de:31:4d:94:e2:30:b5:
                    3b:94:6f:38:bd:ea:91:bf:9d:1c:3d:a1:ab:11:17:
                    d5:40:a0:63:6d:36:00:a8:f9:81:14:b8:be:51:0b:
                    42:93:b6:24:9e:c2:0c:1f:5d:4f:a0:6b:ea:84:c1:
                    be:49:a6:87:c7:01:04:5e:f5:ee:b4:dd:d6:61:42:
                    c2:ba:7d:2b:79:16:a1:4c:16:8b:1d:b5:03:98:bc:
                    b8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DC:2E:62:83:E3:39:22:7D:6C:93:C0:33:16:4B:64:B0:F3:36:51
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f0:7f:43:35:3f:1c:e7:57:da:c1:4e:ff:ff:ab:0c:ff:82:
         99:c7:75:a3:da:ce:12:a5:d6:0e:e2:3b:9d:1b:fd:b0:ae:26:
         95:4b:0f:80:1d:b8:77:c2:0d:32:b3:48:14:17:d0:a9:67:77:
         5f:d5:90:f4:50:55:e2:59:45:f1:db:de:de:03:64:07:0c:09:
         15:b6:cd:8c:26:55:6c:de:3b:e9:c5:2d:4d:09:fa:fc:8b:65:
         eb:b3:be:8f:5f:a0:5d:ca:ab:63:6a:85:20:45:eb:1f:71:35:
         ad:fb:7f:fb:a7:15:9a:88:b5:cf:6d:22:27:92:f0:74:bc:4e:
         7a:1f:77:88:ad:ab:dd:20:5d:2e:ea:2a:f3:02:66:c6:74:4c:
         3f:b2:71:8d:2f:0e:fe:d3:25:53:ca:be:07:4b:02:8e:eb:fe:
         65:c9:07:fb:d6:6f:f1:8d:62:9a:44:7f:7e:de:f1:e7:e1:97:
         22:86:bf:14:ce:51:5a:ad:86:64:e6:46:c4:fa:d0:11:4d:44:
         c3:d8:b2:aa:dc:35:aa:4d:bb:b1:f9:24:6c:54:b3:00:28:a0:
         26:42:40:c3:ff:69:07:d1:24:68:31:31:b1:0c:dd:2a:61:dd:
         13:0c:11:07:ca:6c:9e:2b:7e:7c:1e:35:9a:9f:9a:8b:7c:f4:
         57:96:cf:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ2sRdjb0xm/SGbYBwoiWmYSPCB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTQxNzAwMTZaFw0yNTA1MTMxNzA1MTZaMDMxMTAvBgNV
BAMTKDA3REMyRTYyODNFMzM5MjI3RDZDOTNDMDMzMTY0QjY0QjBGMzM2NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHfUptOIupO7qHeB9IstSiAsKE
iUmmwQEXZBsFqfowWnQD0h1TMJNdYI687Z/mDfqFUAwwV0M7tLw/Whqw9DI2AWEV
UxLv8buUvuquoBq8WejyiGy9J7k7regh+Sk5k2/+j7QnHnx8EfMWV4RSu37XDSw4
8tgY/oWthS6qCREDd3D7VPRRT0ZvACVF9cBOJCB1Mo357x6/AtgUzwG/g3Xq38JX
mdm2+xPPikBA3jFNlOIwtTuUbzi96pG/nRw9oasRF9VAoGNtNgCo+YEUuL5RC0KT
tiSewgwfXU+ga+qEwb5JpofHAQRe9e603dZhQsK6fSt5FqFMFosdtQOYvLirAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUB9wuYoPjOSJ9bJPAMxZLZLDzNlEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YFow
DQYJKoZIhvcNAQELBQADggEBAD3wf0M1PxznV9rBTv//qwz/gpnHdaPazhKl1g7i
O50b/bCuJpVLD4AduHfCDTKzSBQX0Klnd1/VkPRQVeJZRfHb3t4DZAcMCRW2zYwm
VWzeO+nFLU0J+vyLZeuzvo9foF3Kq2NqhSBF6x9xNa37f/unFZqItc9tIieS8HS8
Tnofd4itq90gXS7qKvMCZsZ0TD+ycY0vDv7TJVPKvgdLAo7r/mXJB/vWb/GNYppE
f37e8efhlyKGvxTOUVqthmTmRsT60BFNRMPYsqrcNapNu7H5JGxUswAooCZCQMP/
aQfRJGgxMbEM3Sph3RMMEQfKbJ4rfnweNZqfmot89FeWz7A=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:44:01 2024 by rpki-client on console-fra.rpki-client.org