Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa
File:                     AS216325.roa (raw, json)
Hash identifier:          z5EzXq/KXRyI3BucGASsnLfpVjJYPY24LQms6pD4//Y=
Subject key identifier:   F4:26:5A:37:94:ED:F2:D2:2F:31:EB:B9:6E:4D:B6:9B:FC:10:C3:80
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0E8A6E04160FEC5A457E1809059DA49F8F989751
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa
Signing time:             Wed 27 Sep 2023 09:24:23 +0000
ROA not before:           Wed 27 Sep 2023 09:19:23 +0000
ROA not after:            Wed 25 Sep 2024 09:24:23 +0000
asID:                     216325
IP address blocks:        195.206.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:8a:6e:04:16:0f:ec:5a:45:7e:18:09:05:9d:a4:9f:8f:98:97:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 27 09:19:23 2023 GMT
            Not After : Sep 25 09:24:23 2024 GMT
        Subject: CN=F4265A3794EDF2D22F31EBB96E4DB69BFC10C380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7a:68:40:59:21:b9:18:cb:7b:42:39:3d:9c:
                    02:4e:49:b9:9e:b8:29:66:32:56:85:43:20:67:15:
                    d7:b1:a8:ee:de:97:78:f2:1c:39:cc:88:c8:6c:df:
                    eb:c9:ec:19:76:28:f9:3c:33:e2:d2:94:59:fd:ee:
                    9d:af:ac:f9:ed:4b:dd:a3:29:24:cd:09:9e:1f:54:
                    49:4e:3d:0a:3c:14:a3:ab:da:fc:66:9a:ab:0d:33:
                    d9:e0:47:6f:98:7d:41:a3:78:27:58:5b:6f:a8:ec:
                    75:89:dc:f5:34:b3:c6:62:d6:b4:ee:e7:30:35:94:
                    48:f2:be:56:4c:a9:08:36:ed:ce:3d:72:93:ff:42:
                    64:f1:b5:35:a8:9c:07:e8:43:ad:e8:2c:a3:75:dd:
                    40:e5:00:c1:39:89:c2:6e:4e:14:23:72:54:40:5c:
                    dd:60:85:16:67:ec:1e:36:b5:87:5c:2f:63:8a:86:
                    a4:54:d3:f5:84:a2:0d:c9:0a:09:d3:ed:40:86:3d:
                    44:23:55:9c:81:0f:13:ab:47:3c:59:d8:42:b7:63:
                    64:1a:dc:86:82:9d:23:de:ac:32:53:8d:d0:25:04:
                    fe:e1:00:b1:a9:54:bf:2f:b6:24:18:ba:2b:47:f1:
                    b5:e1:1e:e4:c0:4f:6f:8a:7b:ae:6e:8b:02:4a:eb:
                    91:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:26:5A:37:94:ED:F2:D2:2F:31:EB:B9:6E:4D:B6:9B:FC:10:C3:80
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f1:41:b9:b5:0c:b5:2f:f5:2c:28:57:a9:30:05:43:1b:0d:
         37:bb:1c:13:96:a7:1e:e0:eb:31:c7:ce:b9:4c:53:3c:3b:f9:
         af:e8:c7:79:aa:35:dd:d9:96:75:f7:57:68:06:ea:11:ba:4a:
         d3:43:aa:38:90:13:26:e5:ee:df:6e:9d:b5:ce:54:12:e4:86:
         b8:ee:08:8a:06:72:80:f6:9d:c3:ca:c3:f6:f6:91:1c:2d:ae:
         af:96:b4:0d:cc:60:73:c6:fd:c1:e3:bf:06:ad:2d:02:91:71:
         2a:44:ce:f8:01:0c:49:41:91:00:4a:96:dc:b0:b7:a7:76:3a:
         d6:55:b0:8a:80:49:d4:43:d2:5f:bd:eb:fb:2e:5e:1b:e9:9c:
         94:aa:32:39:f3:d8:e3:a5:d8:b1:af:54:3a:30:c8:50:c1:4c:
         d7:85:4a:aa:18:3d:9f:9a:3c:85:2c:dc:d0:40:9c:10:55:7f:
         7c:15:16:11:77:6c:67:bf:20:33:4c:db:f3:b7:f3:d5:8b:c2:
         38:9e:6e:4b:f8:d0:86:07:10:52:d4:39:51:d5:a5:3e:01:56:
         37:cc:fa:a8:c8:14:a4:c6:a7:a9:d8:1d:42:f8:55:73:20:74:
         cf:b2:78:6f:d7:3d:af:3f:76:fc:cd:26:5f:68:39:71:bf:cf:
         6b:31:eb:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDopuBBYP7FpFfhgJBZ2kn4+Yl1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA5MjcwOTE5MjNaFw0yNDA5MjUwOTI0MjNaMDMxMTAvBgNV
BAMTKEY0MjY1QTM3OTRFREYyRDIyRjMxRUJCOTZFNERCNjlCRkMxMEMzODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVemhAWSG5GMt7Qjk9nAJOSbme
uClmMlaFQyBnFdexqO7el3jyHDnMiMhs3+vJ7Bl2KPk8M+LSlFn97p2vrPntS92j
KSTNCZ4fVElOPQo8FKOr2vxmmqsNM9ngR2+YfUGjeCdYW2+o7HWJ3PU0s8Zi1rTu
5zA1lEjyvlZMqQg27c49cpP/QmTxtTWonAfoQ63oLKN13UDlAME5icJuThQjclRA
XN1ghRZn7B42tYdcL2OKhqRU0/WEog3JCgnT7UCGPUQjVZyBDxOrRzxZ2EK3Y2Qa
3IaCnSPerDJTjdAlBP7hALGpVL8vtiQYuitH8bXhHuTAT2+Ke65uiwJK65HHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9CZaN5Tt8tIvMeu5bk22m/wQw4AwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MzI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw87q
MA0GCSqGSIb3DQEBCwUAA4IBAQAc8UG5tQy1L/UsKFepMAVDGw03uxwTlqce4Osx
x865TFM8O/mv6Md5qjXd2ZZ191doBuoRukrTQ6o4kBMm5e7fbp21zlQS5Ia47giK
BnKA9p3DysP29pEcLa6vlrQNzGBzxv3B478GrS0CkXEqRM74AQxJQZEASpbcsLen
djrWVbCKgEnUQ9Jfvev7Ll4b6ZyUqjI589jjpdixr1Q6MMhQwUzXhUqqGD2fmjyF
LNzQQJwQVX98FRYRd2xnvyAzTNvzt/PVi8I4nm5L+NCGBxBS1DlR1aU+AVY3zPqo
yBSkxqep2B1C+FVzIHTPsnhv1z2vP3b8zSZfaDlxv89rMeuz
-----END CERTIFICATE-----