Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          StSEW6SNJrp1QTS7VVp/Te7lXUoXFkLAPh5CZ30w3So=
Subject key identifier:   B6:75:96:E7:17:D0:80:B4:41:87:89:3A:56:67:81:6C:10:41:A7:76
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0B67C446BEF88EB71762E3809661EC1BE4BE5780
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216414.roa
Signing time:             Wed 15 Nov 2023 07:29:15 +0000
ROA not before:           Wed 15 Nov 2023 07:24:15 +0000
ROA not after:            Wed 13 Nov 2024 07:29:15 +0000
asID:                     216414
IP address blocks:        147.78.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:67:c4:46:be:f8:8e:b7:17:62:e3:80:96:61:ec:1b:e4:be:57:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 15 07:24:15 2023 GMT
            Not After : Nov 13 07:29:15 2024 GMT
        Subject: CN=B67596E717D080B44187893A5667816C1041A776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7a:75:fd:ca:d3:c3:20:d4:e0:74:62:07:20:
                    06:6c:a9:f2:df:45:23:be:87:20:3f:ab:cf:bd:fb:
                    24:84:09:65:8a:2c:25:f5:23:68:b3:28:fa:21:4d:
                    8e:42:f3:62:9c:09:67:c3:2d:6e:3c:b0:40:1a:d6:
                    49:5f:39:d8:3e:8a:82:42:af:28:e1:f5:d3:bc:38:
                    d2:ed:05:96:53:db:9c:a8:1a:3f:fd:b8:bd:b0:aa:
                    87:5a:8e:26:04:99:d4:8a:8c:01:b8:e5:c4:ae:3d:
                    ae:8e:01:5f:4e:0b:7f:2e:d0:5c:88:89:ae:08:a0:
                    86:90:b7:51:b2:00:5a:f5:1b:4b:38:0c:9d:35:6f:
                    94:c2:49:a7:95:db:5b:b4:e2:be:5c:57:2d:10:2b:
                    a3:e1:70:f4:59:19:47:e5:cb:ed:18:7f:b2:d9:24:
                    60:55:27:f3:ba:26:89:c8:9f:14:07:ce:60:2c:5b:
                    28:0d:cc:98:0a:dd:91:7c:45:c8:44:17:e1:fd:26:
                    7f:da:a5:b2:2c:e6:ae:7e:1d:8c:ff:c4:40:f7:9f:
                    52:5f:c0:51:ce:38:9c:40:0b:7c:41:38:33:3f:49:
                    b4:9c:45:ce:08:72:fc:cf:7b:02:64:be:e7:ab:2d:
                    c7:16:a4:13:c9:19:98:dc:fa:9c:7c:52:5b:1e:71:
                    1e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:75:96:E7:17:D0:80:B4:41:87:89:3A:56:67:81:6C:10:41:A7:76
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:0f:b0:11:14:0d:a1:ac:f4:f5:8b:d2:2c:29:f0:76:ff:6f:
         c0:a3:25:6e:c3:4b:19:24:9d:66:9a:f7:93:81:e9:15:a9:25:
         bd:e2:06:10:28:cd:f3:bd:26:7e:89:69:95:08:46:e6:40:6c:
         ff:da:96:ee:cd:2a:76:b2:f8:15:69:c6:87:a6:09:c8:ce:c4:
         11:bf:f8:9d:4c:58:8c:e9:f1:ad:5a:48:7b:4c:6c:6e:b6:83:
         2b:d8:08:c9:39:a8:6f:85:ca:f0:a6:ee:a2:b8:78:0f:15:3e:
         59:56:a1:b8:bd:a5:53:a4:1d:b8:34:07:19:3f:f8:41:8d:6a:
         1c:cb:f0:67:d3:b1:db:45:e8:2f:80:de:49:15:90:45:f3:7a:
         73:99:8d:3b:3c:1c:f9:9a:12:b7:4e:16:c0:62:a1:fc:32:e5:
         77:97:18:c9:2b:76:a8:9e:e2:ed:b6:e2:0e:96:8b:13:70:7d:
         e2:e6:ac:99:49:04:df:97:3e:70:b2:4c:67:15:d5:ab:c6:65:
         cc:fc:48:01:e9:c5:8c:1a:fe:10:3f:2c:0f:11:69:7b:8e:ac:
         84:f4:e9:77:23:28:e5:78:55:c3:30:13:65:a4:40:f1:65:d9:
         2c:cf:64:b8:35:09:06:c9:e0:2a:50:60:51:db:3f:8c:84:69:
         cb:76:16:5d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC2fERr74jrcXYuOAlmHsG+S+V4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMTUwNzI0MTVaFw0yNDExMTMwNzI5MTVaMDMxMTAvBgNV
BAMTKEI2NzU5NkU3MTdEMDgwQjQ0MTg3ODkzQTU2Njc4MTZDMTA0MUE3NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpenX9ytPDINTgdGIHIAZsqfLf
RSO+hyA/q8+9+ySECWWKLCX1I2izKPohTY5C82KcCWfDLW48sEAa1klfOdg+ioJC
ryjh9dO8ONLtBZZT25yoGj/9uL2wqodajiYEmdSKjAG45cSuPa6OAV9OC38u0FyI
ia4IoIaQt1GyAFr1G0s4DJ01b5TCSaeV21u04r5cVy0QK6PhcPRZGUfly+0Yf7LZ
JGBVJ/O6JonInxQHzmAsWygNzJgK3ZF8RchEF+H9Jn/apbIs5q5+HYz/xED3n1Jf
wFHOOJxAC3xBODM/SbScRc4IcvzPewJkvuerLccWpBPJGZjc+px8UlsecR4XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtnWW5xfQgLRBh4k6VmeBbBBBp3YwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk054
MA0GCSqGSIb3DQEBCwUAA4IBAQCID7ARFA2hrPT1i9IsKfB2/2/AoyVuw0sZJJ1m
mveTgekVqSW94gYQKM3zvSZ+iWmVCEbmQGz/2pbuzSp2svgVacaHpgnIzsQRv/id
TFiM6fGtWkh7TGxutoMr2AjJOahvhcrwpu6iuHgPFT5ZVqG4vaVTpB24NAcZP/hB
jWocy/Bn07HbRegvgN5JFZBF83pzmY07PBz5mhK3ThbAYqH8MuV3lxjJK3aonuLt
tuIOlosTcH3i5qyZSQTflz5wskxnFdWrxmXM/EgB6cWMGv4QPywPEWl7jqyE9Ol3
IyjleFXDMBNlpEDxZdksz2S4NQkGyeAqUGBR2z+MhGnLdhZd
-----END CERTIFICATE-----