Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208949.roa
File:                     AS208949.roa (raw, json)
Hash identifier:          eF16SOxfqgN3ev9YmUGWNe9XtEhxn3HlAzZbpfe1s4A=
Subject key identifier:   23:DD:CC:25:90:3D:73:03:76:94:5B:85:2A:BE:24:CE:4E:A4:81:2A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       53130C56FDA375A181961071EEBA5AB689BF62BB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208949.roa
Signing time:             Wed 24 Jan 2024 02:02:54 +0000
ROA not before:           Wed 24 Jan 2024 01:57:54 +0000
ROA not after:            Wed 22 Jan 2025 02:02:54 +0000
asID:                     208949
IP address blocks:        185.155.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:13:0c:56:fd:a3:75:a1:81:96:10:71:ee:ba:5a:b6:89:bf:62:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 24 01:57:54 2024 GMT
            Not After : Jan 22 02:02:54 2025 GMT
        Subject: CN=23DDCC25903D730376945B852ABE24CE4EA4812A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:33:2b:23:10:f2:4f:35:77:ce:db:98:bc:8b:
                    1b:ec:8a:85:3a:2a:e0:73:eb:63:4d:84:62:b7:3d:
                    67:6d:98:94:99:37:a7:85:7e:4e:b7:11:26:df:a6:
                    4d:ed:36:4a:65:c8:45:1c:f4:32:38:c0:5d:ca:34:
                    2c:50:49:43:3a:f0:11:74:4b:53:ee:8c:11:de:9b:
                    5c:cd:a8:a4:6f:17:46:4d:a7:2f:6b:86:ff:e1:90:
                    10:72:a3:84:30:ee:1b:7d:fc:a2:cf:ae:ae:91:c3:
                    d4:6b:8b:b5:38:8b:3e:29:34:06:06:80:94:f4:c6:
                    d7:34:94:09:46:ae:c3:09:7b:7b:7e:4d:fe:ea:d2:
                    b4:1c:9d:f9:ff:00:2a:ed:55:55:51:88:71:f0:81:
                    10:2e:00:ae:19:91:70:d6:50:47:5c:f3:6c:61:de:
                    48:ed:cb:06:af:27:55:55:f6:21:25:de:0d:71:d4:
                    63:ed:d8:7a:4a:f6:b7:ad:81:6b:fc:fc:5b:38:41:
                    69:ea:79:67:af:14:15:a4:81:3e:96:14:68:71:d3:
                    7b:95:39:50:70:b3:e5:6a:43:93:a2:da:82:d7:3e:
                    61:72:58:7b:53:77:fd:b6:65:af:0a:3e:6c:32:37:
                    0f:ed:27:cc:7a:93:3e:be:1e:84:cf:d2:2a:8a:74:
                    34:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DD:CC:25:90:3D:73:03:76:94:5B:85:2A:BE:24:CE:4E:A4:81:2A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:a2:2f:30:5d:21:6d:8a:3a:17:e2:8c:82:17:f7:b4:63:58:
         f0:44:58:7e:15:62:e1:49:fd:91:34:2f:e8:02:c2:e7:73:d4:
         78:0f:0d:97:79:18:7d:f0:60:d5:03:69:b4:e5:b8:25:c7:d2:
         33:b2:c5:23:97:e8:d8:45:7a:da:e2:46:ea:48:dd:90:d3:c4:
         01:e9:75:49:2f:b5:02:7a:48:aa:39:af:77:db:14:b0:59:a6:
         9b:f5:c5:f4:e9:b5:5c:e3:4a:db:7d:3c:9e:03:00:ab:bf:a7:
         d9:0e:9e:a0:b6:fb:64:15:9c:8d:eb:90:82:0a:26:ac:3e:31:
         60:61:44:39:ae:b3:d5:4b:26:3d:1f:9b:2b:77:78:ad:cf:12:
         cf:3e:94:40:e1:aa:4d:68:a5:9f:54:33:64:6a:58:58:d7:45:
         83:48:4e:47:52:72:bd:c0:4e:ce:72:dd:a8:97:bb:7e:c6:45:
         72:f1:7e:75:46:e8:c5:e4:36:23:83:bb:4c:38:65:c0:ad:71:
         c7:60:4d:c3:8e:4b:14:be:18:a4:bb:54:70:dc:ce:97:29:af:
         e4:76:f4:c2:17:01:d2:bf:3f:d4:b5:3c:cb:07:8c:e0:2d:28:
         c3:1b:63:68:55:c1:a5:7b:28:e2:20:c5:41:8e:37:55:c4:0a:
         50:7a:93:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUxMMVv2jdaGBlhBx7rpatom/YrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjQwMTU3NTRaFw0yNTAxMjIwMjAyNTRaMDMxMTAvBgNV
BAMTKDIzRERDQzI1OTAzRDczMDM3Njk0NUI4NTJBQkUyNENFNEVBNDgxMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcMysjEPJPNXfO25i8ixvsioU6
KuBz62NNhGK3PWdtmJSZN6eFfk63ESbfpk3tNkplyEUc9DI4wF3KNCxQSUM68BF0
S1PujBHem1zNqKRvF0ZNpy9rhv/hkBByo4Qw7ht9/KLPrq6Rw9Rri7U4iz4pNAYG
gJT0xtc0lAlGrsMJe3t+Tf7q0rQcnfn/ACrtVVVRiHHwgRAuAK4ZkXDWUEdc82xh
3kjtywavJ1VV9iEl3g1x1GPt2HpK9retgWv8/Fs4QWnqeWevFBWkgT6WFGhx03uV
OVBws+VqQ5Oi2oLXPmFyWHtTd/22Za8KPmwyNw/tJ8x6kz6+HoTP0iqKdDTpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUI93MJZA9cwN2lFuFKr4kzk6kgSowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4OTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZve
MA0GCSqGSIb3DQEBCwUAA4IBAQCToi8wXSFtijoX4oyCF/e0Y1jwRFh+FWLhSf2R
NC/oAsLnc9R4Dw2XeRh98GDVA2m05bglx9IzssUjl+jYRXra4kbqSN2Q08QB6XVJ
L7UCekiqOa932xSwWaab9cX06bVc40rbfTyeAwCrv6fZDp6gtvtkFZyN65CCCias
PjFgYUQ5rrPVSyY9H5srd3itzxLPPpRA4apNaKWfVDNkalhY10WDSE5HUnK9wE7O
ct2ol7t+xkVy8X51RujF5DYjg7tMOGXArXHHYE3DjksUvhiku1Rw3M6XKa/kdvTC
FwHSvz/UtTzLB4zgLSjDG2NoVcGleyjiIMVBjjdVxApQepNh
-----END CERTIFICATE-----