Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213250.roa
File:                     AS213250.roa (raw, json)
Hash identifier:          XDEXFcxE5sVplUaNxY56FlLspaiwo06zovuXzzv6PSo=
Subject key identifier:   FC:04:B7:CB:53:6B:BD:D4:DE:0B:3E:FC:DA:24:07:1D:E3:4B:EF:94
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       53992ABE41C37BBB6597C147105BD36CE1268272
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213250.roa
Signing time:             Wed 24 Jan 2024 16:18:05 +0000
ROA not before:           Wed 24 Jan 2024 16:13:05 +0000
ROA not after:            Wed 22 Jan 2025 16:18:05 +0000
asID:                     213250
IP address blocks:        45.153.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:99:2a:be:41:c3:7b:bb:65:97:c1:47:10:5b:d3:6c:e1:26:82:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jan 24 16:13:05 2024 GMT
            Not After : Jan 22 16:18:05 2025 GMT
        Subject: CN=FC04B7CB536BBDD4DE0B3EFCDA24071DE34BEF94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c9:e1:a3:5d:3a:d3:f7:75:0a:25:ca:69:79:
                    f6:93:b8:e4:f9:06:7c:f6:f5:57:aa:63:84:cb:86:
                    95:68:68:4e:1c:66:8b:d3:79:94:38:af:04:75:cb:
                    24:20:64:68:98:aa:04:43:48:13:e1:48:1f:c3:7d:
                    58:f7:09:93:a5:ce:c2:ff:fc:90:e1:24:e6:2e:6c:
                    ea:41:56:5d:b2:6e:2a:f8:a3:e8:51:b4:9b:db:4a:
                    91:a5:b3:da:b6:e2:dc:70:87:7a:ad:60:9c:9c:17:
                    4d:e2:28:ee:8f:93:27:c5:66:9c:c1:13:3e:63:45:
                    bb:e4:cf:ab:c2:b5:78:af:f1:d6:be:92:60:6d:92:
                    b2:53:90:f6:d7:45:e7:98:81:ae:46:cc:10:f5:06:
                    33:3f:43:33:bd:f9:2f:f2:57:03:97:0b:20:c6:b9:
                    62:77:6f:90:9f:10:41:60:bb:71:fa:23:6d:35:7f:
                    e5:99:de:4c:60:d4:99:c1:2d:b1:4a:27:b5:b7:d7:
                    7f:67:6c:c1:f4:dd:e6:a9:ae:87:5b:5b:4b:a9:0d:
                    2a:4c:a6:5c:fd:1e:12:4b:61:ad:e8:db:eb:40:a3:
                    81:48:b5:28:a4:63:22:9c:24:32:33:a2:6c:d1:92:
                    31:80:54:fe:df:fe:0f:bc:6c:f2:ee:89:c1:1b:82:
                    89:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:04:B7:CB:53:6B:BD:D4:DE:0B:3E:FC:DA:24:07:1D:E3:4B:EF:94
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS213250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:7d:72:6a:e0:70:2e:f9:4e:ef:f8:d2:59:a6:01:d1:67:cf:
         46:e1:6d:fa:c7:97:64:ec:81:f8:a3:85:78:9f:de:92:14:21:
         0e:d5:d9:41:1d:5b:4e:b6:1b:25:ee:80:0a:d0:71:6c:d4:eb:
         61:47:d3:14:24:3c:9f:b6:3b:3d:8b:3a:d6:14:b8:8a:3c:ea:
         d0:8b:85:f2:e3:0b:82:f2:b2:0b:8b:d0:d3:c8:a1:03:d3:5b:
         a5:b0:82:39:69:27:88:1c:e0:cf:4f:50:7d:71:42:be:88:d9:
         ce:9a:23:c6:ee:ad:ff:5d:eb:fb:59:e1:8c:35:39:1d:08:75:
         16:d6:53:22:10:53:7d:86:2a:04:a6:b8:c8:03:2c:92:6a:4e:
         8d:b7:38:48:3f:73:af:d7:48:e0:e7:20:6b:d6:43:8a:e2:fd:
         24:16:34:82:e3:a8:ae:22:ac:e8:e6:63:e2:d7:1c:dc:31:62:
         d7:f6:67:54:0c:70:4b:4e:68:38:95:a1:c5:53:1a:c3:86:6d:
         21:cf:15:a9:6c:df:94:8d:38:6b:72:df:86:e8:28:7d:1e:30:
         17:f2:e8:78:91:db:95:d2:18:03:c2:ec:49:f2:de:29:aa:c4:
         22:eb:87:fc:6e:7f:06:fc:f1:2e:53:ed:08:b8:48:fe:3c:33:
         72:a7:75:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU5kqvkHDe7tll8FHEFvTbOEmgnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAxMjQxNjEzMDVaFw0yNTAxMjIxNjE4MDVaMDMxMTAvBgNV
BAMTKEZDMDRCN0NCNTM2QkJERDRERTBCM0VGQ0RBMjQwNzFERTM0QkVGOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqyeGjXTrT93UKJcppefaTuOT5
Bnz29VeqY4TLhpVoaE4cZovTeZQ4rwR1yyQgZGiYqgRDSBPhSB/DfVj3CZOlzsL/
/JDhJOYubOpBVl2ybir4o+hRtJvbSpGls9q24txwh3qtYJycF03iKO6PkyfFZpzB
Ez5jRbvkz6vCtXiv8da+kmBtkrJTkPbXReeYga5GzBD1BjM/QzO9+S/yVwOXCyDG
uWJ3b5CfEEFgu3H6I201f+WZ3kxg1JnBLbFKJ7W3139nbMH03eaprodbW0upDSpM
plz9HhJLYa3o2+tAo4FItSikYyKcJDIzomzRkjGAVP7f/g+8bPLuicEbgomrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/AS3y1NrvdTeCz782iQHHeNL75QwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEzMjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkH
MA0GCSqGSIb3DQEBCwUAA4IBAQDTfXJq4HAu+U7v+NJZpgHRZ89G4W36x5dk7IH4
o4V4n96SFCEO1dlBHVtOthsl7oAK0HFs1OthR9MUJDyftjs9izrWFLiKPOrQi4Xy
4wuC8rILi9DTyKED01ulsII5aSeIHODPT1B9cUK+iNnOmiPG7q3/Xev7WeGMNTkd
CHUW1lMiEFN9hioEprjIAyySak6NtzhIP3Ov10jg5yBr1kOK4v0kFjSC46iuIqzo
5mPi1xzcMWLX9mdUDHBLTmg4laHFUxrDhm0hzxWpbN+UjThrct+G6Ch9HjAX8uh4
kduV0hgDwuxJ8t4pqsQi64f8bn8G/PEuU+0IuEj+PDNyp3U/
-----END CERTIFICATE-----