Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210538.roa
File:                     AS210538.roa (raw, json)
Hash identifier:          BGTHfmdtePxocu+HqrmeBoon0SJ1+/pZUcEl7nyeUOU=
Subject key identifier:   87:83:5D:82:1C:E6:67:9F:05:05:5E:48:2F:42:56:78:63:0F:00:0C
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       22442AB4D25578FF8FCFE12DDE015D87CF8856AE
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210538.roa
Signing time:             Thu 15 Feb 2024 13:17:51 +0000
ROA not before:           Thu 15 Feb 2024 13:12:51 +0000
ROA not after:            Thu 13 Feb 2025 13:17:51 +0000
asID:                     210538
IP address blocks:        194.105.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:44:2a:b4:d2:55:78:ff:8f:cf:e1:2d:de:01:5d:87:cf:88:56:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 15 13:12:51 2024 GMT
            Not After : Feb 13 13:17:51 2025 GMT
        Subject: CN=87835D821CE6679F05055E482F425678630F000C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a0:33:a2:82:81:c0:59:8b:e3:69:83:a4:be:
                    55:78:1a:41:87:a1:3d:98:6d:98:e4:e6:64:cb:23:
                    05:5b:e6:a6:81:af:43:b3:49:f6:2b:1e:b8:66:30:
                    30:91:8b:81:01:08:eb:c6:e8:37:2a:c3:10:3e:28:
                    7d:bc:5f:6a:c3:44:f5:d0:43:93:f9:d5:bd:81:b3:
                    60:2a:07:19:ac:11:6c:5f:7c:fc:42:7f:c2:76:19:
                    7e:60:c4:89:a7:4c:f4:55:31:7f:44:b0:19:7d:0a:
                    ed:c1:1c:21:9a:be:b0:7b:b7:97:7e:e1:85:4b:69:
                    15:98:ff:4f:63:25:5b:0c:a5:33:51:d1:5d:45:39:
                    8c:1c:5c:8c:72:55:5e:55:19:bd:0b:cd:60:98:7d:
                    3f:c3:b0:77:01:eb:9a:22:89:a5:d2:25:dd:63:10:
                    0f:9a:a1:1d:62:38:97:38:88:39:f4:e4:24:3d:ea:
                    50:0c:f5:91:79:36:da:04:39:11:27:25:da:84:41:
                    94:e6:49:fa:de:25:c3:d0:c7:0a:f9:01:3b:7f:f2:
                    4f:55:97:db:6d:67:cb:b6:39:5a:88:c0:00:47:6c:
                    8a:82:a1:3f:a9:40:41:fd:c5:47:9c:61:6e:c1:21:
                    79:57:e1:11:04:5b:a6:d4:b9:c8:49:a2:2d:95:75:
                    65:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:83:5D:82:1C:E6:67:9F:05:05:5E:48:2F:42:56:78:63:0F:00:0C
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS210538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:89:ac:77:4e:44:35:00:a2:bb:fa:f5:76:00:7b:3f:21:1f:
         d3:23:ca:f0:90:e8:ab:be:51:e0:78:a5:65:a6:c2:42:42:d0:
         6b:df:d9:67:9e:fb:91:0d:bd:06:d4:cb:66:1a:65:33:57:2d:
         3b:87:3b:99:86:d3:e9:a8:79:ab:d7:73:b0:a7:01:a4:1f:89:
         06:f4:11:b9:77:cd:07:2e:df:d8:d5:7c:85:9e:9b:63:64:9b:
         a7:dd:17:a7:d9:f1:05:91:38:47:7d:9d:e2:7b:24:e6:81:9b:
         ab:b9:8b:61:fc:b0:c0:44:96:6f:c2:8f:73:74:2a:e2:af:86:
         f2:3f:cb:8e:0a:1f:a1:42:37:84:48:1e:d2:d5:fb:28:67:84:
         0e:fb:ee:ec:23:08:dc:69:1f:e4:d9:db:66:a5:d5:b3:de:03:
         ff:f5:ed:31:bc:c3:b6:8f:20:0e:ec:8d:f8:2b:e8:1f:e3:95:
         2c:99:5a:12:8b:6f:0a:9b:a8:85:a7:73:ae:ba:9d:15:57:d2:
         8e:0a:a0:ca:25:bb:c9:c3:1d:62:aa:7b:6d:1d:20:e4:75:1b:
         d4:11:6c:7f:db:b9:cf:f2:2e:6c:a1:83:80:69:8d:80:1e:e8:
         01:a6:c1:ac:52:66:66:6c:f1:a5:da:3e:32:3a:48:cb:0f:8f:
         11:b6:03:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIkQqtNJVeP+Pz+Et3gFdh8+IVq4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMTUxMzEyNTFaFw0yNTAyMTMxMzE3NTFaMDMxMTAvBgNV
BAMTKDg3ODM1RDgyMUNFNjY3OUYwNTA1NUU0ODJGNDI1Njc4NjMwRjAwMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+oDOigoHAWYvjaYOkvlV4GkGH
oT2YbZjk5mTLIwVb5qaBr0OzSfYrHrhmMDCRi4EBCOvG6DcqwxA+KH28X2rDRPXQ
Q5P51b2Bs2AqBxmsEWxffPxCf8J2GX5gxImnTPRVMX9EsBl9Cu3BHCGavrB7t5d+
4YVLaRWY/09jJVsMpTNR0V1FOYwcXIxyVV5VGb0LzWCYfT/DsHcB65oiiaXSJd1j
EA+aoR1iOJc4iDn05CQ96lAM9ZF5NtoEOREnJdqEQZTmSfreJcPQxwr5ATt/8k9V
l9ttZ8u2OVqIwABHbIqCoT+pQEH9xUecYW7BIXlX4REEW6bUuchJoi2VdWWlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUh4NdghzmZ58FBV5IL0JWeGMPAAwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEwNTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmkF
MA0GCSqGSIb3DQEBCwUAA4IBAQCMiax3TkQ1AKK7+vV2AHs/IR/TI8rwkOirvlHg
eKVlpsJCQtBr39lnnvuRDb0G1MtmGmUzVy07hzuZhtPpqHmr13OwpwGkH4kG9BG5
d80HLt/Y1XyFnptjZJun3Ren2fEFkThHfZ3ieyTmgZuruYth/LDARJZvwo9zdCri
r4byP8uOCh+hQjeESB7S1fsoZ4QO++7sIwjcaR/k2dtmpdWz3gP/9e0xvMO2jyAO
7I34K+gf45UsmVoSi28Km6iFp3Ouup0VV9KOCqDKJbvJwx1iqnttHSDkdRvUEWx/
27nP8i5soYOAaY2AHugBpsGsUmZmbPGl2j4yOkjLD48RtgP6
-----END CERTIFICATE-----