Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
File:                     AS209768.roa (raw, json)
Hash identifier:          8+AntYwStrVfmXRjA7V8aseD3l/KTF7OifgXBIguSRA=
Subject key identifier:   A2:A1:AC:B1:A4:E2:F4:9F:AD:DF:0D:E3:8F:CB:16:54:E3:E6:FB:36
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4FA23A4C9C28F86C59456C8FCCC723176B3B786E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
Signing time:             Sun 01 Sep 2024 09:45:46 +0000
ROA not before:           Sun 01 Sep 2024 09:40:46 +0000
ROA not after:            Sun 31 Aug 2025 09:45:46 +0000
asID:                     209768
IP address blocks:        191.96.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:a2:3a:4c:9c:28:f8:6c:59:45:6c:8f:cc:c7:23:17:6b:3b:78:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  1 09:40:46 2024 GMT
            Not After : Aug 31 09:45:46 2025 GMT
        Subject: CN=A2A1ACB1A4E2F49FADDF0DE38FCB1654E3E6FB36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:55:14:a3:29:c4:b5:f5:7b:80:01:f4:0e:c0:
                    58:3d:4e:00:13:0a:4f:6a:42:ba:c7:17:a0:85:3b:
                    fc:22:bb:1b:b7:a5:af:1b:ca:b1:79:ed:b4:fe:5f:
                    48:0a:81:e7:6c:4a:e4:0b:71:49:01:8c:ed:53:5e:
                    6c:06:9e:d6:55:07:ec:d0:4c:ba:44:a7:ff:11:75:
                    2f:3a:8f:1f:31:07:12:4c:4a:1b:43:51:65:be:9d:
                    63:4f:61:f9:49:fa:2d:ff:6c:89:69:c0:7e:cc:31:
                    c2:16:de:0e:a9:fc:e6:fa:4a:2b:9b:01:41:8c:b2:
                    f5:11:b6:fd:ca:a1:ab:b1:8f:88:68:35:ce:87:6a:
                    1b:1c:76:3d:eb:74:77:55:b0:57:6a:0d:c8:ea:75:
                    19:ea:8b:48:2d:12:3e:a3:29:7f:c1:4c:6a:e7:7a:
                    4b:45:70:9d:09:f8:a5:65:73:88:d6:d7:fd:15:0c:
                    20:cb:20:6e:ed:ce:1c:de:19:cc:38:c2:64:a6:1b:
                    63:a1:a4:ea:c4:a0:31:6d:ed:eb:5f:0d:b4:d3:7a:
                    a4:83:de:f8:d5:6b:0b:f1:91:75:94:35:76:ca:e8:
                    ed:a3:04:e2:75:20:0e:1a:25:2c:6c:0a:85:20:1d:
                    c5:af:ae:8e:7b:96:3f:1c:79:99:c1:d3:3b:54:05:
                    71:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A1:AC:B1:A4:E2:F4:9F:AD:DF:0D:E3:8F:CB:16:54:E3:E6:FB:36
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:68:d3:7e:04:81:72:0d:7c:e7:d4:06:22:ea:c7:5f:a2:d4:
         1d:10:43:7e:02:af:f6:50:ad:0c:01:20:58:85:a3:a8:9a:f4:
         58:55:d1:f7:74:f2:af:52:1b:9d:35:eb:81:e4:9a:c2:d6:68:
         3d:2f:9c:95:52:de:45:1b:23:33:68:50:8b:76:e6:e8:2b:e8:
         75:48:5f:01:7f:7a:1a:f6:48:1b:c3:ee:ec:0f:37:f1:0e:fb:
         7b:b6:25:a9:d2:0d:fe:c9:d5:72:63:f2:b8:63:71:0a:13:03:
         11:f9:d1:0b:ba:12:75:06:ba:7e:0d:bc:dc:7c:9e:16:3c:05:
         5e:5a:a9:d0:79:37:ae:44:a0:7f:17:07:a1:50:d0:ed:67:c8:
         a1:65:1d:2e:0c:52:fd:49:c7:b8:ed:3c:40:d2:9a:49:0c:3d:
         c4:cf:b1:7d:83:d8:65:c0:89:6d:bc:25:97:5c:71:9a:0d:8d:
         2f:0b:03:ec:35:50:bc:2b:f3:d0:94:83:4c:c3:aa:25:5a:9d:
         bd:ad:14:ab:1b:99:5e:9b:c2:3a:0b:96:b1:5e:0a:b1:80:19:
         09:a9:86:f1:b2:33:ca:21:11:37:c4:3b:0e:19:1c:f2:be:a6:
         d1:e4:57:11:d9:37:eb:2a:97:b6:29:e5:32:12:26:d4:af:91:
         c4:f9:b7:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUT6I6TJwo+GxZRWyPzMcjF2s7eG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MDEwOTQwNDZaFw0yNTA4MzEwOTQ1NDZaMDMxMTAvBgNV
BAMTKEEyQTFBQ0IxQTRFMkY0OUZBRERGMERFMzhGQ0IxNjU0RTNFNkZCMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfVRSjKcS19XuAAfQOwFg9TgAT
Ck9qQrrHF6CFO/wiuxu3pa8byrF57bT+X0gKgedsSuQLcUkBjO1TXmwGntZVB+zQ
TLpEp/8RdS86jx8xBxJMShtDUWW+nWNPYflJ+i3/bIlpwH7MMcIW3g6p/Ob6Siub
AUGMsvURtv3Koauxj4hoNc6Hahscdj3rdHdVsFdqDcjqdRnqi0gtEj6jKX/BTGrn
ektFcJ0J+KVlc4jW1/0VDCDLIG7tzhzeGcw4wmSmG2OhpOrEoDFt7etfDbTTeqSD
3vjVawvxkXWUNXbK6O2jBOJ1IA4aJSxsCoUgHcWvro57lj8ceZnB0ztUBXGrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoqGssaTi9J+t3w3jj8sWVOPm+zYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Cw
MA0GCSqGSIb3DQEBCwUAA4IBAQBuaNN+BIFyDXzn1AYi6sdfotQdEEN+Aq/2UK0M
ASBYhaOomvRYVdH3dPKvUhudNeuB5JrC1mg9L5yVUt5FGyMzaFCLduboK+h1SF8B
f3oa9kgbw+7sDzfxDvt7tiWp0g3+ydVyY/K4Y3EKEwMR+dELuhJ1Brp+DbzcfJ4W
PAVeWqnQeTeuRKB/FwehUNDtZ8ihZR0uDFL9Sce47TxA0ppJDD3Ez7F9g9hlwIlt
vCWXXHGaDY0vCwPsNVC8K/PQlINMw6olWp29rRSrG5lem8I6C5axXgqxgBkJqYbx
sjPKIRE3xDsOGRzyvqbR5FcR2TfrKpe2KeUyEibUr5HE+bcp
-----END CERTIFICATE-----