Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
File:                     AS216338.roa (raw, json)
Hash identifier:          qAsluJliu0vr25flZstDCgnKOCEdqQxwl8urRB8hD74=
Subject key identifier:   C6:CE:54:68:61:30:55:AF:C9:EB:06:C6:E2:76:6F:49:68:7E:55:F0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3AAE4D870FA98727B3F70767A357A469F540D9E7
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
Signing time:             Sun 25 Aug 2024 16:05:19 +0000
ROA not before:           Sun 25 Aug 2024 16:00:19 +0000
ROA not after:            Sun 24 Aug 2025 16:05:19 +0000
asID:                     216338
IP address blocks:        191.101.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ae:4d:87:0f:a9:87:27:b3:f7:07:67:a3:57:a4:69:f5:40:d9:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 25 16:00:19 2024 GMT
            Not After : Aug 24 16:05:19 2025 GMT
        Subject: CN=C6CE5468613055AFC9EB06C6E2766F49687E55F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ee:c3:8a:54:5d:5b:b3:c5:9c:26:e5:98:dc:
                    59:b2:f7:dc:1a:2d:d0:ed:b6:61:f5:7d:c9:8a:67:
                    9a:13:34:93:c3:49:6f:d3:6d:87:86:75:d2:15:83:
                    74:00:d1:5a:f9:0d:40:ec:80:13:57:1f:18:0e:c3:
                    1b:3f:f8:b0:9f:8c:26:bf:e6:e2:cf:b0:8d:e8:3f:
                    40:70:b2:23:ea:0e:97:06:d6:9a:ea:9e:57:22:88:
                    ea:3b:fa:71:c5:3d:0c:d0:60:b5:1a:85:c0:61:11:
                    85:68:cf:0f:fe:5a:da:ea:3d:7b:02:02:d2:49:be:
                    b7:85:c1:6f:76:92:cb:d8:ca:78:a4:b2:60:fc:4c:
                    41:33:39:7b:ea:c6:cf:11:4c:6f:38:20:9f:3b:66:
                    f6:c8:8d:5e:a7:68:b7:e9:2c:b0:c2:36:29:39:07:
                    31:6e:e2:63:7f:a3:89:77:55:06:cb:73:cd:a9:b1:
                    1f:e8:3f:7f:43:30:2b:23:b3:e6:ab:08:3c:9b:6b:
                    36:46:26:e1:ed:02:05:0f:04:87:24:94:6f:cd:4a:
                    28:40:0d:5b:4b:ed:65:0d:54:ac:4b:22:93:e1:31:
                    06:85:ac:4c:be:c5:43:d1:06:26:50:bf:9d:50:98:
                    2e:79:ce:3c:12:be:bf:6b:7b:a2:1d:cc:47:6e:99:
                    04:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CE:54:68:61:30:55:AF:C9:EB:06:C6:E2:76:6F:49:68:7E:55:F0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:7e:f9:4e:eb:3a:44:19:52:77:41:8d:98:ba:f9:c4:0e:fd:
         ce:5e:a7:d9:e8:ec:0c:4c:52:4d:37:b0:19:68:82:eb:34:ed:
         66:6b:ae:3b:19:99:1a:89:40:5c:ec:9b:11:83:08:44:0b:f9:
         fc:ca:a1:d7:10:a1:12:07:61:4b:0b:32:4c:c1:31:20:1a:80:
         76:d5:e4:21:1a:98:95:16:cc:44:30:da:28:e5:b2:d3:63:4e:
         cd:d1:88:e7:91:68:c0:de:2a:77:31:34:72:4c:f8:43:d8:96:
         72:5f:1e:87:54:c4:77:1d:51:b7:87:78:bc:0f:4e:56:d0:c7:
         7c:c3:6f:9e:53:65:ed:64:ec:85:67:c8:52:38:a0:05:a8:c5:
         25:b3:4a:5e:88:26:f3:5d:d4:54:55:61:ae:74:bc:87:37:86:
         71:af:71:f6:fa:18:74:2d:71:3e:25:45:32:37:13:aa:29:03:
         78:5a:26:fe:a1:cd:fd:08:05:ee:d9:6f:54:23:79:1a:cf:11:
         2a:82:e3:fa:ef:a6:bc:54:09:ac:fa:2a:f5:c9:43:59:be:e6:
         f1:e4:03:72:43:4b:bd:10:5f:0b:ef:f9:05:22:bf:76:6b:64:
         10:c7:94:20:a1:01:08:b7:a1:ad:13:e2:31:b0:05:3f:2e:d0:
         8e:6c:88:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOq5Nhw+phyez9wdno1ekafVA2ecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MjUxNjAwMTlaFw0yNTA4MjQxNjA1MTlaMDMxMTAvBgNV
BAMTKEM2Q0U1NDY4NjEzMDU1QUZDOUVCMDZDNkUyNzY2RjQ5Njg3RTU1RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh7sOKVF1bs8WcJuWY3Fmy99wa
LdDttmH1fcmKZ5oTNJPDSW/TbYeGddIVg3QA0Vr5DUDsgBNXHxgOwxs/+LCfjCa/
5uLPsI3oP0BwsiPqDpcG1prqnlciiOo7+nHFPQzQYLUahcBhEYVozw/+WtrqPXsC
AtJJvreFwW92ksvYyniksmD8TEEzOXvqxs8RTG84IJ87ZvbIjV6naLfpLLDCNik5
BzFu4mN/o4l3VQbLc82psR/oP39DMCsjs+arCDybazZGJuHtAgUPBIcklG/NSihA
DVtL7WUNVKxLIpPhMQaFrEy+xUPRBiZQv51QmC55zjwSvr9re6IdzEdumQS3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxs5UaGEwVa/J6wbG4nZvSWh+VfAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Vl
MA0GCSqGSIb3DQEBCwUAA4IBAQA0fvlO6zpEGVJ3QY2YuvnEDv3OXqfZ6OwMTFJN
N7AZaILrNO1ma647GZkaiUBc7JsRgwhEC/n8yqHXEKESB2FLCzJMwTEgGoB21eQh
GpiVFsxEMNoo5bLTY07N0YjnkWjA3ip3MTRyTPhD2JZyXx6HVMR3HVG3h3i8D05W
0Md8w2+eU2XtZOyFZ8hSOKAFqMUls0peiCbzXdRUVWGudLyHN4Zxr3H2+hh0LXE+
JUUyNxOqKQN4Wib+oc39CAXu2W9UI3kazxEqguP676a8VAms+ir1yUNZvubx5ANy
Q0u9EF8L7/kFIr92a2QQx5QgoQEIt6GtE+IxsAU/LtCObIho
-----END CERTIFICATE-----