Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa
File:                     AS1.roa (raw, json)
Hash identifier:          teo94Kq228D8H6pl3bEgq2Z/Vn9qbg8QeUCj+Fd3HzU=
Subject key identifier:   FA:E3:C8:D7:FD:FB:21:E0:D9:59:55:3F:43:C4:37:C6:70:AF:A2:55
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       36A30139B6B5BC69FE6E46F371855075C4118DCF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa
Signing time:             Sun 05 May 2024 08:03:28 +0000
ROA not before:           Sun 05 May 2024 07:58:28 +0000
ROA not after:            Sun 04 May 2025 08:03:28 +0000
asID:                     1
IP address blocks:        191.101.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:a3:01:39:b6:b5:bc:69:fe:6e:46:f3:71:85:50:75:c4:11:8d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 07:58:28 2024 GMT
            Not After : May  4 08:03:28 2025 GMT
        Subject: CN=FAE3C8D7FDFB21E0D959553F43C437C670AFA255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6f:e1:d3:63:34:ac:31:20:a7:61:84:0d:2f:
                    40:1b:e4:b3:d7:e3:0b:f0:36:40:dd:62:ba:c9:2d:
                    3d:98:7b:97:df:b5:79:a6:d2:14:7e:62:cd:a2:e1:
                    2f:2c:7c:dc:e7:65:08:aa:a5:9f:80:07:8b:dd:b4:
                    64:95:8a:e0:45:71:9a:63:f1:e3:05:d8:c6:f9:40:
                    62:52:51:d8:ba:91:31:77:10:5b:67:0e:79:d3:df:
                    b5:98:b2:01:42:ae:d1:2d:ad:db:73:bb:5a:28:12:
                    df:3f:72:7a:ee:e6:a7:4d:0b:64:bc:5f:e0:32:79:
                    5c:5b:ca:c9:e7:64:c3:05:7b:b5:35:c8:89:98:64:
                    74:5d:71:64:f3:1b:98:07:d3:27:0e:a2:23:f6:4a:
                    8e:22:2e:7f:b1:b8:5e:54:13:b8:6f:d5:2d:3a:26:
                    fc:72:72:76:50:f2:0d:5e:88:bd:e7:96:14:39:e1:
                    57:fa:3e:af:1d:1b:a9:d5:1f:61:4d:8b:18:84:3e:
                    04:67:26:02:85:0c:44:9c:69:2b:5e:c7:75:72:c4:
                    4d:3c:ab:0b:a9:00:d1:ac:90:9e:64:69:ef:86:9b:
                    11:42:12:52:85:65:86:03:db:ee:8a:b6:32:f3:87:
                    24:79:84:0c:a9:c5:7b:bf:3b:7b:81:c6:17:11:63:
                    17:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:E3:C8:D7:FD:FB:21:E0:D9:59:55:3F:43:C4:37:C6:70:AF:A2:55
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS1.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:1c:ac:28:90:da:c1:cc:b1:85:6f:e7:67:c8:16:01:0f:4b:
         6c:c2:d2:c9:a2:c0:6f:c7:03:23:7e:5f:9e:cc:f8:bc:23:1e:
         8f:88:27:8c:f4:34:b0:f4:f6:83:03:2d:9f:02:20:07:20:70:
         6a:a9:48:e0:74:77:20:d7:f5:fe:24:a3:99:63:84:ec:c1:e2:
         20:c9:b5:1d:94:2e:72:c4:61:c4:29:9f:a2:f6:eb:d7:d2:6e:
         56:61:46:c8:c9:2e:38:1a:52:68:7c:56:3d:65:1e:f9:53:77:
         83:be:59:a9:12:85:b1:37:5c:97:73:32:23:f1:75:51:91:a0:
         58:73:01:9f:25:0d:60:11:93:84:48:93:b8:f2:95:56:85:c1:
         65:48:df:df:dc:4f:02:ec:aa:3b:a8:8d:5f:4c:96:66:11:aa:
         53:c6:e3:a0:e9:96:c7:74:7a:e3:f7:96:b1:cf:45:21:11:33:
         b4:0a:62:d2:38:f5:a4:ba:a9:bc:1d:10:b9:4d:03:2b:6c:70:
         9f:eb:86:6b:c2:9f:dd:38:1d:73:cf:62:9c:cb:33:b2:70:bf:
         66:2c:10:1e:1a:00:1e:96:ad:ab:89:f3:37:cb:56:0b:ee:35:
         29:0b:b3:10:09:25:b8:eb:3a:90:a2:5b:c5:3d:f2:db:a1:4f:
         80:7e:4f:5e
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIUNqMBOba1vGn+bkbzcYVQdcQRjc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDUwNzU4MjhaFw0yNTA1MDQwODAzMjhaMDMxMTAvBgNV
BAMTKEZBRTNDOEQ3RkRGQjIxRTBEOTU5NTUzRjQzQzQzN0M2NzBBRkEyNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCob+HTYzSsMSCnYYQNL0Ab5LPX
4wvwNkDdYrrJLT2Ye5fftXmm0hR+Ys2i4S8sfNznZQiqpZ+AB4vdtGSViuBFcZpj
8eMF2Mb5QGJSUdi6kTF3EFtnDnnT37WYsgFCrtEtrdtzu1ooEt8/cnru5qdNC2S8
X+AyeVxbysnnZMMFe7U1yImYZHRdcWTzG5gH0ycOoiP2So4iLn+xuF5UE7hv1S06
JvxycnZQ8g1eiL3nlhQ54Vf6Pq8dG6nVH2FNixiEPgRnJgKFDEScaStex3VyxE08
qwupANGskJ5kae+GmxFCElKFZYYD2+6KtjLzhyR5hAypxXu/O3uBxhcRYxcnAgMB
AAGjggIFMIICATAdBgNVHQ4EFgQU+uPI1/37IeDZWVU/Q8Q3xnCvolUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9lmTANBgkq
hkiG9w0BAQsFAAOCAQEAcRysKJDawcyxhW/nZ8gWAQ9LbMLSyaLAb8cDI35fnsz4
vCMej4gnjPQ0sPT2gwMtnwIgByBwaqlI4HR3INf1/iSjmWOE7MHiIMm1HZQucsRh
xCmfovbr19JuVmFGyMkuOBpSaHxWPWUe+VN3g75ZqRKFsTdcl3MyI/F1UZGgWHMB
nyUNYBGThEiTuPKVVoXBZUjf39xPAuyqO6iNX0yWZhGqU8bjoOmWx3R64/eWsc9F
IREztApi0jj1pLqpvB0QuU0DK2xwn+uGa8Kf3Tgdc89inMszsnC/ZiwQHhoAHpat
q4nzN8tWC+41KQuzEAkluOs6kKJbxT3y26FPgH5PXg==
-----END CERTIFICATE-----