Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
File:                     AS205771.roa (raw, json)
Hash identifier:          3qNUMVC7JnD7uTCM1I5Ic5VHy2YscwJvdMReSN2BCf4=
Subject key identifier:   3A:74:A8:F8:F4:F9:16:DC:DD:33:33:EC:77:F4:EB:EB:C7:27:AA:33
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7CE8F11D8AC0DB7B56114399675551BCBE9BD292
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
Signing time:             Thu 01 Aug 2024 14:01:38 +0000
ROA not before:           Thu 01 Aug 2024 13:56:38 +0000
ROA not after:            Thu 31 Jul 2025 14:01:38 +0000
asID:                     205771
IP address blocks:        191.101.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:e8:f1:1d:8a:c0:db:7b:56:11:43:99:67:55:51:bc:be:9b:d2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  1 13:56:38 2024 GMT
            Not After : Jul 31 14:01:38 2025 GMT
        Subject: CN=3A74A8F8F4F916DCDD3333EC77F4EBEBC727AA33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:31:ef:ba:69:67:73:25:65:49:da:f8:a9:63:
                    d6:5e:31:09:6b:38:bc:77:bb:d8:9e:41:ce:4e:05:
                    99:a8:e1:1c:64:7f:81:fe:b2:c9:a6:36:7f:86:77:
                    75:44:1d:3f:a7:ed:f2:af:d6:4b:11:10:64:6c:c1:
                    29:85:9f:17:b2:a5:c7:0c:e7:25:d8:ff:8e:f1:05:
                    ed:ef:53:74:3b:ee:b6:85:70:df:05:ad:f6:9f:cf:
                    99:d1:4a:f7:b6:c0:01:7e:6f:63:ac:5b:9b:2b:19:
                    db:ca:b7:28:5c:d4:c9:19:e3:48:97:ad:6e:fb:58:
                    90:a3:00:a4:d3:aa:28:08:9b:10:05:9c:99:66:31:
                    c7:49:47:f8:dd:89:28:31:f2:4f:eb:35:38:23:86:
                    13:39:b4:f4:46:f7:69:c4:bd:9f:f0:9e:7e:2c:39:
                    22:c4:ef:13:cd:03:7f:fe:e2:36:2d:22:a2:40:87:
                    c1:22:19:41:8a:a0:24:50:c0:09:ff:94:e4:60:38:
                    54:71:96:55:43:e9:fb:e7:0a:98:27:18:40:9a:f8:
                    36:08:e2:eb:4c:1e:5b:01:e8:cf:07:95:05:94:8f:
                    43:d5:3f:f4:c0:f7:ce:74:9a:56:d0:29:ad:68:66:
                    5e:15:7f:ed:4b:b6:8d:78:7e:05:4c:7c:81:5d:2f:
                    ef:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:74:A8:F8:F4:F9:16:DC:DD:33:33:EC:77:F4:EB:EB:C7:27:AA:33
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5a:d9:47:0e:d0:a3:11:fe:44:77:a3:85:07:31:7e:f7:7e:
         1c:9e:d8:2c:35:c5:08:4e:5c:15:56:65:a6:f7:31:4e:be:20:
         b4:18:1a:f3:d1:90:1f:ec:ea:2f:da:9e:2b:66:33:7f:d3:00:
         52:1f:94:da:7b:d1:ae:42:73:4d:dc:67:c2:05:31:da:67:4f:
         ec:f0:49:bc:18:da:34:c1:af:ee:87:ec:84:cc:6d:a9:a8:88:
         81:7d:b4:6d:14:39:be:85:37:fe:ed:bf:93:48:05:ca:fb:4a:
         b3:1d:9c:06:bd:cb:0b:34:90:b2:51:6a:dc:55:20:a2:9e:92:
         f5:ed:74:52:4e:ac:1c:f7:d5:93:a7:d2:c1:f6:de:f2:0c:1b:
         67:86:c5:c1:32:ac:80:c6:b8:54:f7:1c:0c:06:44:51:8f:d4:
         50:d9:d3:86:20:4a:ac:05:ce:b1:4a:c4:d5:22:71:9e:67:f5:
         97:bb:ac:58:36:a2:67:69:9b:2e:b9:bc:54:0f:79:6b:75:8e:
         55:8b:21:c1:26:1d:8e:7c:09:b8:8a:19:d6:73:c8:a4:e5:50:
         9c:6a:e7:ae:c5:32:ee:b1:f5:ce:51:95:5b:6a:8c:32:72:81:
         6e:c0:37:a7:14:55:f0:93:0a:9b:36:93:47:fb:5a:a9:e3:0a:
         46:e6:a3:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfOjxHYrA23tWEUOZZ1VRvL6b0pIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDExMzU2MzhaFw0yNTA3MzExNDAxMzhaMDMxMTAvBgNV
BAMTKDNBNzRBOEY4RjRGOTE2RENERDMzMzNFQzc3RjRFQkVCQzcyN0FBMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMe+6aWdzJWVJ2vipY9ZeMQlr
OLx3u9ieQc5OBZmo4Rxkf4H+ssmmNn+Gd3VEHT+n7fKv1ksREGRswSmFnxeypccM
5yXY/47xBe3vU3Q77raFcN8Frfafz5nRSve2wAF+b2OsW5srGdvKtyhc1MkZ40iX
rW77WJCjAKTTqigImxAFnJlmMcdJR/jdiSgx8k/rNTgjhhM5tPRG92nEvZ/wnn4s
OSLE7xPNA3/+4jYtIqJAh8EiGUGKoCRQwAn/lORgOFRxllVD6fvnCpgnGECa+DYI
4utMHlsB6M8HlQWUj0PVP/TA9850mlbQKa1oZl4Vf+1Lto14fgVMfIFdL++vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOnSo+PT5FtzdMzPsd/Tr68cnqjMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UY
MA0GCSqGSIb3DQEBCwUAA4IBAQB1WtlHDtCjEf5Ed6OFBzF+934cntgsNcUITlwV
VmWm9zFOviC0GBrz0ZAf7Oov2p4rZjN/0wBSH5Tae9GuQnNN3GfCBTHaZ0/s8Em8
GNo0wa/uh+yEzG2pqIiBfbRtFDm+hTf+7b+TSAXK+0qzHZwGvcsLNJCyUWrcVSCi
npL17XRSTqwc99WTp9LB9t7yDBtnhsXBMqyAxrhU9xwMBkRRj9RQ2dOGIEqsBc6x
SsTVInGeZ/WXu6xYNqJnaZsuubxUD3lrdY5ViyHBJh2OfAm4ihnWc8ik5VCcaueu
xTLusfXOUZVbaowycoFuwDenFFXwkwqbNpNH+1qp4wpG5qOQ
-----END CERTIFICATE-----