Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS203868.roa
File:                     AS203868.roa (raw, json)
Hash identifier:          HXj/GEVPHiD5sq5HDJYrKa332gHYxWMN6dqsGtPDhkY=
Subject key identifier:   3A:92:22:D8:78:EF:45:65:85:F7:34:F2:F3:C2:FC:EF:22:7A:3B:4E
Certificate issuer:       /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial:       37016DCF24FC8A4DAD54A815948F51C10988EF6C
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS203868.roa
Signing time:             Mon 08 Apr 2024 20:12:20 +0000
ROA not before:           Mon 08 Apr 2024 20:07:20 +0000
ROA not after:            Mon 07 Apr 2025 20:12:20 +0000
asID:                     203868
IP address blocks:        2a13:df80:7d30::/44 maxlen: 64

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:01:6d:cf:24:fc:8a:4d:ad:54:a8:15:94:8f:51:c1:09:88:ef:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
        Validity
            Not Before: Apr  8 20:07:20 2024 GMT
            Not After : Apr  7 20:12:20 2025 GMT
        Subject: CN=3A9222D878EF456585F734F2F3C2FCEF227A3B4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:54:78:e4:23:88:15:23:86:82:c6:8d:3c:c0:
                    e2:49:7c:2c:4e:3a:1e:a4:5f:72:bb:b1:bd:3a:f7:
                    81:0b:a2:07:42:2a:95:94:ec:03:c6:6e:d4:4f:b6:
                    62:f2:1a:24:a5:b7:7c:55:9a:7a:e2:e0:3b:e1:a0:
                    fd:4b:f2:78:bd:e5:e2:f7:92:90:cb:49:fc:51:e2:
                    89:a9:9b:71:b7:14:11:e5:e6:b8:21:65:0d:d4:f0:
                    a8:89:ba:f2:86:7f:f1:96:8a:9a:b4:d8:a3:9e:19:
                    97:b5:e2:cc:40:ad:e4:5e:b5:8c:4c:7f:73:dc:a7:
                    ad:a9:01:b7:32:84:9a:fe:33:29:e8:84:44:4d:12:
                    da:20:be:0d:d7:ef:31:a5:83:39:cc:c8:bc:ab:c2:
                    ac:b8:f7:22:f8:d8:40:20:3a:8a:08:e4:37:b9:95:
                    2a:49:0b:12:b7:4c:8a:bf:92:a9:40:d5:be:30:05:
                    ae:fe:1d:8c:96:f1:8f:84:f9:4b:a1:94:20:d0:b2:
                    f1:db:85:e6:5a:47:e5:75:32:c7:cc:09:4b:fe:4d:
                    fc:64:bd:e1:c7:c1:0b:2c:ff:9a:fa:a5:56:bb:0a:
                    58:40:f4:07:be:86:1f:69:5c:57:25:c6:eb:7d:c8:
                    fd:58:37:5a:c0:b6:cd:16:65:29:3a:f3:e2:f7:54:
                    d4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:92:22:D8:78:EF:45:65:85:F7:34:F2:F3:C2:FC:EF:22:7A:3B:4E
            X509v3 Authority Key Identifier:
                keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/AS203868.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:df80:7d30::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:ac:3a:d9:0f:8c:90:48:b6:f1:d9:c5:4f:15:ad:ef:f6:b6:
         c4:b7:22:da:ef:5a:1c:f8:a8:61:f0:bf:b1:f3:65:ff:a1:44:
         2b:56:3d:73:10:b1:3d:1d:7e:43:a7:79:a8:da:1c:e1:d3:90:
         48:b5:b8:c6:9a:38:59:a1:1c:92:fe:f3:f9:da:fe:34:66:8f:
         8d:dd:ec:3b:9e:de:d6:55:70:36:2a:16:14:e1:33:ef:5a:17:
         79:26:95:42:97:7b:38:a5:4e:b0:f8:7d:98:2b:9d:ab:de:19:
         8c:97:ff:d9:ee:82:94:0b:11:fb:8b:48:23:7c:1d:2f:46:7a:
         e8:bf:e4:f6:49:70:92:ab:29:01:31:0e:aa:3d:9d:63:ef:ff:
         9f:dd:5e:ff:e6:04:fe:b2:8a:05:c2:a3:25:4d:43:fe:6b:73:
         6a:ad:07:b7:32:b9:43:d9:bc:96:30:cd:c9:f0:bb:21:c0:df:
         43:43:fc:26:36:7d:3b:ff:6e:1a:43:22:dc:18:3b:b3:d4:43:
         c9:3a:8e:eb:60:f5:6e:10:e5:46:e7:8e:53:f9:86:e5:76:61:
         3f:15:a3:6c:fb:3b:ce:b4:b2:1a:b9:b3:34:05:45:c3:5d:ae:
         e9:0e:e2:60:39:22:a0:f5:29:78:96:c3:74:8c:c6:d1:3a:68:
         fa:06:64:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNwFtzyT8ik2tVKgVlI9RwQmI72wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDA0MDgyMDA3MjBaFw0yNTA0MDcyMDEyMjBaMDMxMTAvBgNV
BAMTKDNBOTIyMkQ4NzhFRjQ1NjU4NUY3MzRGMkYzQzJGQ0VGMjI3QTNCNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrVHjkI4gVI4aCxo08wOJJfCxO
Oh6kX3K7sb0694ELogdCKpWU7APGbtRPtmLyGiSlt3xVmnri4DvhoP1L8ni95eL3
kpDLSfxR4ompm3G3FBHl5rghZQ3U8KiJuvKGf/GWipq02KOeGZe14sxAreRetYxM
f3Pcp62pAbcyhJr+MynohERNEtogvg3X7zGlgznMyLyrwqy49yL42EAgOooI5De5
lSpJCxK3TIq/kqlA1b4wBa7+HYyW8Y+E+UuhlCDQsvHbheZaR+V1MsfMCUv+Tfxk
veHHwQss/5r6pVa7ClhA9Ae+hh9pXFclxut9yP1YN1rAts0WZSk68+L3VNRFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUOpIi2HjvRWWF9zTy88L87yJ6O04wHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA0MDMyYzhmLTFkNTct
NGMzYi05MDQzLWEwZTdmZWJmMTY3ZC8wL0FTMjAzODY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhPf
gH0wMA0GCSqGSIb3DQEBCwUAA4IBAQCOrDrZD4yQSLbx2cVPFa3v9rbEtyLa71oc
+Khh8L+x82X/oUQrVj1zELE9HX5Dp3mo2hzh05BItbjGmjhZoRyS/vP52v40Zo+N
3ew7nt7WVXA2KhYU4TPvWhd5JpVCl3s4pU6w+H2YK52r3hmMl//Z7oKUCxH7i0gj
fB0vRnrov+T2SXCSqykBMQ6qPZ1j7/+f3V7/5gT+sooFwqMlTUP+a3NqrQe3MrlD
2byWMM3J8LshwN9DQ/wmNn07/24aQyLcGDuz1EPJOo7rYPVuEOVG545T+YbldmE/
FaNs+zvOtLIaubM0BUXDXa7pDuJgOSKg9Sl4lsN0jMbROmj6BmTj
-----END CERTIFICATE-----