Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
File:                     AS32181.roa (raw, json)
Hash identifier:          90XjMHNEoEhptcn/MO1uDYTd94xJp5Yx+H4mzhsoT7w=
Subject key identifier:   09:5E:A1:5E:B7:0C:47:AE:8D:8F:79:45:FB:75:2A:E9:14:36:7E:0A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5577EE2ABC2D275DE0F777D93280F684AC1544AA
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
Signing time:             Mon 11 Sep 2023 09:05:49 +0000
ROA not before:           Mon 11 Sep 2023 09:00:49 +0000
ROA not after:            Mon 09 Sep 2024 09:05:49 +0000
asID:                     32181
IP address blocks:        195.20.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:77:ee:2a:bc:2d:27:5d:e0:f7:77:d9:32:80:f6:84:ac:15:44:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 11 09:00:49 2023 GMT
            Not After : Sep  9 09:05:49 2024 GMT
        Subject: CN=095EA15EB70C47AE8D8F7945FB752AE914367E0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:44:72:72:18:c1:c0:e6:0f:05:15:6c:5f:04:
                    2a:29:83:6c:38:87:ac:58:c6:d1:bc:20:57:80:a7:
                    7c:18:f7:9a:9e:02:23:4d:6c:96:5e:2e:55:b4:5b:
                    ef:b3:75:f4:5a:88:c9:41:99:ae:8b:1d:4e:98:21:
                    95:95:02:0f:31:16:29:42:ff:b2:94:89:32:af:cf:
                    9c:2e:47:9e:9e:06:30:fc:07:72:61:5f:f9:a3:6a:
                    9c:3e:33:bb:9d:6a:90:60:0b:58:a8:70:8f:c2:9e:
                    8d:0a:36:d7:7f:69:82:0d:29:61:6c:6c:56:19:4a:
                    07:4e:be:70:a3:5e:fa:5e:42:1e:0d:8c:56:6d:04:
                    19:c2:4d:ed:0c:de:38:ca:c4:9a:9b:f7:a7:71:a8:
                    3f:a6:2b:8e:7b:15:8f:e9:a1:2c:cf:f7:9e:96:22:
                    fd:74:b3:9e:a2:30:1a:23:32:4f:a5:52:7e:c2:8c:
                    c2:15:39:6e:04:a5:11:83:9d:49:8d:c7:8b:26:a3:
                    b6:dd:83:d7:fe:31:ab:9c:fd:30:b8:85:61:e0:a3:
                    f5:1f:58:bf:2d:c7:7f:38:1c:f5:49:df:0a:50:71:
                    ad:1b:fd:78:03:73:76:97:6f:d8:2e:63:9c:39:c0:
                    92:0d:2a:65:77:0c:bc:74:2e:55:65:19:3f:a9:62:
                    f8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:5E:A1:5E:B7:0C:47:AE:8D:8F:79:45:FB:75:2A:E9:14:36:7E:0A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:ca:e6:ff:2f:4b:37:10:05:34:24:e7:49:2e:0a:8c:3f:06:
         ca:0c:f1:8c:a3:ea:bf:46:8a:88:e8:7b:d7:24:ef:e1:09:1f:
         9c:84:e0:83:9c:22:4c:ad:e6:9b:5e:fd:59:63:83:70:d0:5c:
         f8:81:44:3f:f2:bd:7f:28:66:76:15:81:cd:16:b4:fd:24:2a:
         46:6b:33:3e:f3:c3:75:12:75:cf:ce:48:7d:c0:16:7b:38:65:
         e1:32:d3:1e:ac:92:66:a3:b5:36:06:eb:b5:a0:c4:92:bb:1c:
         22:38:bb:2a:bc:8e:9b:ec:86:af:a6:a2:69:9d:fc:84:5c:16:
         5f:b6:13:fa:f2:59:41:47:01:6e:ee:f1:17:9b:2b:13:71:2a:
         17:ef:31:98:fc:1c:9e:62:07:de:2c:07:5b:4a:bb:df:71:b0:
         22:44:03:f8:68:c1:cf:21:13:7c:80:d8:6d:4c:fb:65:87:da:
         8e:04:e1:a5:64:09:bd:47:19:30:67:24:9e:88:dc:0e:52:81:
         2b:60:9e:3d:aa:49:88:75:f7:28:78:0b:2a:5c:b5:a3:79:f4:
         0a:d3:88:c8:5f:03:1e:b2:b1:f6:3b:e0:f7:f4:af:94:b7:1f:
         dd:dc:09:07:f5:59:e0:e5:db:f6:52:78:4c:49:55:b7:9f:95:
         01:0c:a6:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVXfuKrwtJ13g93fZMoD2hKwVRKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzA5MTEwOTAwNDlaFw0yNDA5MDkwOTA1NDlaMDMxMTAvBgNV
BAMTKDA5NUVBMTVFQjcwQzQ3QUU4RDhGNzk0NUZCNzUyQUU5MTQzNjdFMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJRHJyGMHA5g8FFWxfBCopg2w4
h6xYxtG8IFeAp3wY95qeAiNNbJZeLlW0W++zdfRaiMlBma6LHU6YIZWVAg8xFilC
/7KUiTKvz5wuR56eBjD8B3JhX/mjapw+M7udapBgC1iocI/Cno0KNtd/aYINKWFs
bFYZSgdOvnCjXvpeQh4NjFZtBBnCTe0M3jjKxJqb96dxqD+mK457FY/poSzP956W
Iv10s56iMBojMk+lUn7CjMIVOW4EpRGDnUmNx4smo7bdg9f+Mauc/TC4hWHgo/Uf
WL8tx384HPVJ3wpQca0b/XgDc3aXb9guY5w5wJINKmV3DLx0LlVlGT+pYvijAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUCV6hXrcMR66Nj3lF+3Uq6RQ2fgowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzIxODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFGMw
DQYJKoZIhvcNAQELBQADggEBAEXK5v8vSzcQBTQk50kuCow/BsoM8Yyj6r9Giojo
e9ck7+EJH5yE4IOcIkyt5pte/Vljg3DQXPiBRD/yvX8oZnYVgc0WtP0kKkZrMz7z
w3USdc/OSH3AFns4ZeEy0x6skmajtTYG67WgxJK7HCI4uyq8jpvshq+mommd/IRc
Fl+2E/ryWUFHAW7u8RebKxNxKhfvMZj8HJ5iB94sB1tKu99xsCJEA/howc8hE3yA
2G1M+2WH2o4E4aVkCb1HGTBnJJ6I3A5SgStgnj2qSYh19yh4CypctaN59ArTiMhf
Ax6ysfY74Pf0r5S3H93cCQf1WeDl2/ZSeExJVbeflQEMpoE=
-----END CERTIFICATE-----