Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa
File:                     AS10111.roa (raw, json)
Hash identifier:          aVe39njsvkijUSSttsnuXnpyTb7aM7xz0+fWA4lihS4=
Subject key identifier:   31:09:CB:4C:5B:42:2A:37:5D:DB:53:1B:C6:E1:9B:C7:A1:DF:BE:2F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       010BD2AFF3E500D6D57E1D1CBB194EB676D9C519
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa
Signing time:             Thu 31 Aug 2023 16:17:19 +0000
ROA not before:           Thu 31 Aug 2023 16:12:19 +0000
ROA not after:            Thu 29 Aug 2024 16:17:19 +0000
asID:                     10111
IP address blocks:        45.151.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0b:d2:af:f3:e5:00:d6:d5:7e:1d:1c:bb:19:4e:b6:76:d9:c5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 31 16:12:19 2023 GMT
            Not After : Aug 29 16:17:19 2024 GMT
        Subject: CN=3109CB4C5B422A375DDB531BC6E19BC7A1DFBE2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3c:32:a1:c0:d7:a1:ff:cf:0e:7e:7e:cc:99:
                    72:92:93:f3:88:3d:82:d9:25:6b:7c:64:6a:16:73:
                    76:84:7c:78:f6:3c:66:d8:f5:51:75:e4:18:ee:cb:
                    7e:c9:19:03:42:39:cc:a6:f6:59:b1:15:2b:9a:4a:
                    f1:46:52:6a:8f:46:73:63:2d:02:43:b4:3a:87:10:
                    97:4c:c1:47:8b:26:5c:05:ac:8e:78:57:b5:fd:fc:
                    0e:37:38:e7:cd:48:3a:6c:9a:32:e0:f3:e8:5d:1a:
                    82:c6:0c:f9:47:fc:f5:37:70:f0:e7:fb:59:ed:09:
                    83:aa:06:a3:9f:fb:a7:28:05:29:94:25:68:0c:79:
                    b4:6a:2c:26:65:68:74:b4:79:8f:f1:31:fa:34:c3:
                    04:97:e8:14:3f:d9:d2:51:66:61:fd:86:e9:0a:c8:
                    ce:b9:6f:bc:17:a9:7b:d1:f9:44:46:0a:3f:a6:86:
                    cb:04:87:80:ba:3f:db:ad:1b:8c:20:2b:16:10:b1:
                    5a:57:7d:e8:75:f9:59:d7:9e:71:5a:c6:c0:ac:05:
                    06:e5:cf:e6:35:48:5b:24:91:c0:2a:00:df:da:6b:
                    99:59:86:c9:2a:70:d0:44:e4:4d:da:c1:1a:e4:55:
                    72:96:35:f5:76:f1:6a:92:7f:63:6a:05:b7:da:a3:
                    88:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:09:CB:4C:5B:42:2A:37:5D:DB:53:1B:C6:E1:9B:C7:A1:DF:BE:2F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS10111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:ec:b3:a0:a5:c0:e4:14:5d:de:b0:c9:89:2b:a3:8f:7a:ab:
         66:b0:e4:c9:55:8a:60:9c:54:9a:b3:92:45:68:a8:af:65:74:
         4e:9f:f1:9d:bb:46:88:c0:7a:7c:de:8a:2e:2b:01:ee:13:87:
         14:3b:fc:78:90:0a:5a:34:e9:6c:2b:66:16:6c:b9:72:6d:d8:
         83:1e:3a:9a:12:43:7f:5b:0a:ee:6a:98:02:df:51:09:3d:ba:
         c3:1d:d9:70:91:43:46:10:38:7c:70:75:7a:08:42:d4:48:e8:
         f0:73:99:63:09:4b:0f:9d:57:7b:9e:2e:ee:a1:ff:e0:19:d8:
         5a:6b:38:91:15:dc:1c:b6:78:29:20:f1:25:12:ca:ec:c3:d7:
         66:b1:76:c2:e7:50:69:fd:0d:7d:18:81:c1:bf:ef:8a:0a:4c:
         a1:cd:b2:f3:ef:9d:70:50:b5:38:c2:0b:98:ec:ca:46:0f:27:
         f7:38:11:e5:fb:5e:ea:e3:cd:f1:ff:13:42:f3:21:89:6d:3c:
         1c:52:07:36:76:20:ef:fb:27:da:f4:f7:a2:e1:05:fd:7b:db:
         2b:5f:0b:75:62:54:14:02:ba:b5:c9:95:52:47:e8:62:d3:8b:
         e0:92:2e:01:3d:f5:a5:bb:0d:eb:bd:4e:66:00:64:fd:bc:5d:
         16:9d:01:11
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAQvSr/PlANbVfh0cuxlOtnbZxRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA4MzExNjEyMTlaFw0yNDA4MjkxNjE3MTlaMDMxMTAvBgNV
BAMTKDMxMDlDQjRDNUI0MjJBMzc1RERCNTMxQkM2RTE5QkM3QTFERkJFMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJPDKhwNeh/88Ofn7MmXKSk/OI
PYLZJWt8ZGoWc3aEfHj2PGbY9VF15Bjuy37JGQNCOcym9lmxFSuaSvFGUmqPRnNj
LQJDtDqHEJdMwUeLJlwFrI54V7X9/A43OOfNSDpsmjLg8+hdGoLGDPlH/PU3cPDn
+1ntCYOqBqOf+6coBSmUJWgMebRqLCZlaHS0eY/xMfo0wwSX6BQ/2dJRZmH9hukK
yM65b7wXqXvR+URGCj+mhssEh4C6P9utG4wgKxYQsVpXfeh1+VnXnnFaxsCsBQbl
z+Y1SFskkcAqAN/aa5lZhskqcNBE5E3awRrkVXKWNfV28WqSf2NqBbfao4hBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMQnLTFtCKjdd21MbxuGbx6Hfvi8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTAxMTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtly8w
DQYJKoZIhvcNAQELBQADggEBADvss6ClwOQUXd6wyYkro496q2aw5MlVimCcVJqz
kkVoqK9ldE6f8Z27RojAenzeii4rAe4ThxQ7/HiQClo06WwrZhZsuXJt2IMeOpoS
Q39bCu5qmALfUQk9usMd2XCRQ0YQOHxwdXoIQtRI6PBzmWMJSw+dV3ueLu6h/+AZ
2FprOJEV3By2eCkg8SUSyuzD12axdsLnUGn9DX0YgcG/74oKTKHNsvPvnXBQtTjC
C5jsykYPJ/c4EeX7XurjzfH/E0LzIYltPBxSBzZ2IO/7J9r096LhBf172ytfC3Vi
VBQCurXJlVJH6GLTi+CSLgE99aW7Deu9TmYAZP28XRadARE=
-----END CERTIFICATE-----