Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa
File:                     AS203758.roa (raw, json)
Hash identifier:          20Nfd7UsNSIG5Ymx38OfO/5l/6sA5aJFKEfMa9iQu4A=
Subject key identifier:   EF:C3:5A:CC:3B:2A:61:CE:79:46:2D:1E:4C:7C:0A:0A:E2:C8:BC:9D
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6C18BDFDF486711DB6FD192C7B5ADD10CFD4907F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa
Signing time:             Tue 26 Sep 2023 13:47:30 +0000
ROA not before:           Tue 26 Sep 2023 13:42:30 +0000
ROA not after:            Tue 24 Sep 2024 13:47:30 +0000
asID:                     203758
IP address blocks:        141.98.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:18:bd:fd:f4:86:71:1d:b6:fd:19:2c:7b:5a:dd:10:cf:d4:90:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 26 13:42:30 2023 GMT
            Not After : Sep 24 13:47:30 2024 GMT
        Subject: CN=EFC35ACC3B2A61CE79462D1E4C7C0A0AE2C8BC9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1e:52:4d:93:f5:5a:05:2a:bf:a4:17:99:be:
                    f8:54:9f:d8:8c:e7:89:80:0c:66:a6:c8:1b:ed:16:
                    e1:d6:9d:fc:55:8b:87:d8:ef:d5:ee:9a:a4:8a:3f:
                    3f:a9:de:be:99:55:ac:3c:ab:5b:bc:2f:97:c6:56:
                    2d:92:e5:30:bb:e3:3b:78:6c:0e:d9:3c:4c:98:0d:
                    07:ba:8d:d9:2d:36:51:8e:c3:da:aa:50:de:3e:1b:
                    9b:6e:8a:ba:7f:51:41:e0:36:bb:a4:26:06:05:32:
                    6e:83:03:c7:c0:81:47:a4:2e:bf:e6:33:ab:14:85:
                    e7:91:55:a0:cb:fc:38:05:69:04:90:5f:48:c8:b1:
                    c3:24:59:4a:6b:a1:0d:42:c8:7c:6f:ee:ea:d4:a7:
                    70:e8:d1:41:be:3d:4d:0f:b3:6d:f2:ed:44:1d:40:
                    76:ed:09:d7:ba:4c:b6:f0:6e:7d:85:64:4f:72:bb:
                    9f:b4:98:3c:57:fc:1f:d8:24:0c:c6:f9:6a:4b:ef:
                    0f:21:2e:29:e7:20:a5:6c:ac:f1:bb:8e:d4:ac:8a:
                    27:48:c2:2a:ae:a4:6e:e2:c2:a4:75:00:8c:24:fb:
                    0f:fe:96:4e:4f:05:87:c6:26:50:9b:29:27:bc:cc:
                    2d:b5:40:bc:e3:3e:86:2f:0d:77:85:17:ea:d3:3c:
                    1d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C3:5A:CC:3B:2A:61:CE:79:46:2D:1E:4C:7C:0A:0A:E2:C8:BC:9D
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:16:0b:b3:8b:95:bf:45:3c:cc:8e:10:75:b9:c7:ca:97:b0:
         03:58:6e:fc:29:77:91:1b:3d:44:7e:db:ad:e7:a1:4c:82:f4:
         37:c9:2e:21:7b:2a:18:80:22:9e:c3:73:ff:09:24:2a:91:28:
         da:d5:22:8d:cf:5c:6c:bf:86:a8:3d:01:aa:39:44:45:35:f2:
         7c:42:a2:dc:94:98:c6:c2:40:cd:c4:49:b9:0d:13:cb:4e:21:
         7e:bb:e2:74:8e:56:b5:d8:e7:c2:21:fe:a3:53:17:d9:54:1e:
         35:ba:79:fb:9d:b6:88:1f:01:53:ef:3a:78:85:65:78:0a:8d:
         3a:22:ca:0f:ff:f9:7d:99:49:b0:4e:b2:d6:28:d2:8c:d8:7e:
         65:33:d6:3f:b3:e3:eb:5d:c8:1d:66:9b:95:90:83:46:54:30:
         60:0b:de:db:8a:a1:e4:48:16:b0:f9:b3:83:8b:be:35:64:b9:
         80:d2:2f:f6:83:d5:cc:b2:eb:b5:97:91:7b:ba:f9:96:9c:dc:
         24:4d:fa:e7:ca:0f:6f:3f:25:00:58:3b:45:7f:cc:4a:48:ff:
         39:ca:fb:4e:dd:e2:33:d3:15:db:8e:f2:d4:36:86:aa:85:23:
         49:d2:ea:d9:ee:df:70:35:c3:07:60:f3:60:c2:f2:ff:6f:9b:
         ab:6b:03:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbBi9/fSGcR22/Rkse1rdEM/UkH8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA5MjYxMzQyMzBaFw0yNDA5MjQxMzQ3MzBaMDMxMTAvBgNV
BAMTKEVGQzM1QUNDM0IyQTYxQ0U3OTQ2MkQxRTRDN0MwQTBBRTJDOEJDOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEHlJNk/VaBSq/pBeZvvhUn9iM
54mADGamyBvtFuHWnfxVi4fY79XumqSKPz+p3r6ZVaw8q1u8L5fGVi2S5TC74zt4
bA7ZPEyYDQe6jdktNlGOw9qqUN4+G5tuirp/UUHgNrukJgYFMm6DA8fAgUekLr/m
M6sUheeRVaDL/DgFaQSQX0jIscMkWUproQ1CyHxv7urUp3Do0UG+PU0Ps23y7UQd
QHbtCde6TLbwbn2FZE9yu5+0mDxX/B/YJAzG+WpL7w8hLinnIKVsrPG7jtSsiidI
wiqupG7iwqR1AIwk+w/+lk5PBYfGJlCbKSe8zC21QLzjPoYvDXeFF+rTPB0NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU78NazDsqYc55Ri0eTHwKCuLIvJ0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAzNzU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKd
MA0GCSqGSIb3DQEBCwUAA4IBAQBVFguzi5W/RTzMjhB1ucfKl7ADWG78KXeRGz1E
ftut56FMgvQ3yS4heyoYgCKew3P/CSQqkSja1SKNz1xsv4aoPQGqOURFNfJ8QqLc
lJjGwkDNxEm5DRPLTiF+u+J0jla12OfCIf6jUxfZVB41unn7nbaIHwFT7zp4hWV4
Co06IsoP//l9mUmwTrLWKNKM2H5lM9Y/s+PrXcgdZpuVkINGVDBgC97biqHkSBaw
+bODi741ZLmA0i/2g9XMsuu1l5F7uvmWnNwkTfrnyg9vPyUAWDtFf8xKSP85yvtO
3eIz0xXbjvLUNoaqhSNJ0urZ7t9wNcMHYPNgwvL/b5urawNq
-----END CERTIFICATE-----