Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208685.roa
File:                     AS208685.roa (raw, json)
Hash identifier:          oM6MX3HLKCtbsK11LjBLtapej/OF/h7LXI3sTkbd94c=
Subject key identifier:   7D:2E:E0:80:29:F0:AD:F8:EB:92:19:1A:E6:7E:DA:68:22:CC:0A:54
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4D5444FA64FA1E2EDE7F12FECF92459D54E807AB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208685.roa
Signing time:             Thu 30 Nov 2023 13:05:07 +0000
ROA not before:           Thu 30 Nov 2023 13:00:07 +0000
ROA not after:            Thu 28 Nov 2024 13:05:07 +0000
asID:                     208685
IP address blocks:        45.148.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:54:44:fa:64:fa:1e:2e:de:7f:12:fe:cf:92:45:9d:54:e8:07:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:07 2023 GMT
            Not After : Nov 28 13:05:07 2024 GMT
        Subject: CN=7D2EE08029F0ADF8EB92191AE67EDA6822CC0A54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:16:0e:e7:5b:79:7f:0d:c0:24:e3:79:3e:7f:
                    eb:4e:57:81:60:bc:31:6a:73:47:f2:c8:30:4e:5e:
                    3e:ba:db:8d:c5:76:85:0f:a3:69:4c:71:db:c0:66:
                    47:88:f7:86:82:1e:9b:de:8b:52:70:98:dd:ff:e0:
                    cf:b1:3c:2e:b0:f7:62:d1:22:e2:48:53:f8:88:d4:
                    dd:19:d3:49:d8:4b:d0:ff:0d:86:c9:60:1a:3c:ce:
                    1e:8d:10:88:69:a0:d5:e0:64:84:cf:87:bd:3c:ef:
                    25:84:93:ae:50:60:47:57:df:46:ba:b9:55:5f:34:
                    55:5a:7c:6c:b1:c2:1c:0a:e6:2a:cf:a4:25:fc:34:
                    71:03:9f:18:00:85:b3:d2:15:dc:de:16:37:47:eb:
                    76:74:a0:bf:af:a3:b8:7a:2a:c4:0b:bc:ca:a3:f2:
                    62:44:d4:7b:37:12:1c:c9:51:8f:ad:cc:cb:48:37:
                    df:8b:eb:9f:05:9b:f6:6c:67:3f:be:0d:ab:aa:3b:
                    dd:60:04:4b:83:79:dd:03:28:92:cc:d8:3d:c6:48:
                    8a:f6:7b:f5:ae:94:54:9b:c0:59:39:28:ab:1a:75:
                    e9:2f:98:70:14:b1:82:8f:4d:18:9d:46:39:75:50:
                    24:9a:5f:44:ec:96:1d:d2:16:0e:0b:71:7f:54:40:
                    1d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2E:E0:80:29:F0:AD:F8:EB:92:19:1A:E6:7E:DA:68:22:CC:0A:54
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208685.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:7e:56:c3:e4:09:ae:27:22:a7:83:fb:52:80:e8:6a:c5:09:
         80:96:87:92:08:56:d9:1b:78:47:ab:e9:42:86:2c:8a:e3:71:
         b4:e1:8a:8c:48:73:22:67:68:38:20:89:8c:ce:a7:fa:64:aa:
         45:78:b0:c4:15:e3:b8:a7:82:19:a4:99:84:71:61:d0:91:12:
         97:8d:76:82:09:00:9f:16:d0:a0:4a:cb:da:18:2a:9d:fd:93:
         21:78:e3:df:91:1c:21:cf:06:32:73:44:6c:1c:94:cd:c5:b7:
         cf:d5:27:29:f7:f4:aa:d9:ec:52:54:5a:45:54:fd:80:71:12:
         f1:b9:b8:2c:77:85:8b:1b:8d:bc:7f:5b:a1:78:2f:fd:49:a2:
         35:ef:78:4d:b2:e9:ba:80:62:fb:88:fe:4d:57:d2:b4:0e:df:
         d9:4b:ac:a2:1c:a9:dd:dd:87:65:82:5f:c9:ed:7d:12:3a:8d:
         7d:ce:e5:11:84:0c:78:ed:8b:5b:b5:20:df:42:23:0e:a7:13:
         d1:df:2e:b2:0a:94:3e:ef:2f:00:3d:5a:77:a1:f6:dc:1e:ef:
         fc:ec:73:ce:cb:8f:86:62:df:bd:88:40:cb:74:e2:8b:1b:83:
         4e:a8:ed:b1:6e:83:a2:f2:d6:a7:fa:1b:12:46:3c:65:f5:82:
         bc:e9:1b:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTVRE+mT6Hi7efxL+z5JFnVToB6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDdaFw0yNDExMjgxMzA1MDdaMDMxMTAvBgNV
BAMTKDdEMkVFMDgwMjlGMEFERjhFQjkyMTkxQUU2N0VEQTY4MjJDQzBBNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEFg7nW3l/DcAk43k+f+tOV4Fg
vDFqc0fyyDBOXj66243FdoUPo2lMcdvAZkeI94aCHpvei1JwmN3/4M+xPC6w92LR
IuJIU/iI1N0Z00nYS9D/DYbJYBo8zh6NEIhpoNXgZITPh7087yWEk65QYEdX30a6
uVVfNFVafGyxwhwK5irPpCX8NHEDnxgAhbPSFdzeFjdH63Z0oL+vo7h6KsQLvMqj
8mJE1Hs3EhzJUY+tzMtIN9+L658Fm/ZsZz++DauqO91gBEuDed0DKJLM2D3GSIr2
e/WulFSbwFk5KKsadekvmHAUsYKPTRidRjl1UCSaX0Tslh3SFg4LcX9UQB1jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfS7ggCnwrfjrkhka5n7aaCLMClQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4Njg1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZQk
MA0GCSqGSIb3DQEBCwUAA4IBAQBGflbD5AmuJyKng/tSgOhqxQmAloeSCFbZG3hH
q+lChiyK43G04YqMSHMiZ2g4IImMzqf6ZKpFeLDEFeO4p4IZpJmEcWHQkRKXjXaC
CQCfFtCgSsvaGCqd/ZMheOPfkRwhzwYyc0RsHJTNxbfP1Scp9/Sq2exSVFpFVP2A
cRLxubgsd4WLG428f1uheC/9SaI173hNsum6gGL7iP5NV9K0Dt/ZS6yiHKnd3Ydl
gl/J7X0SOo19zuURhAx47YtbtSDfQiMOpxPR3y6yCpQ+7y8APVp3ofbcHu/87HPO
y4+GYt+9iEDLdOKLG4NOqO2xboOi8tan+hsSRjxl9YK86Rs6
-----END CERTIFICATE-----