Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13213.roa
File:                     AS13213.roa (raw, json)
Hash identifier:          yMU52liMLz2rDyhg1DSg5PekrGZ+txiGm7LNHQ72uaw=
Subject key identifier:   50:27:25:01:09:50:B7:3F:CB:DA:01:75:08:0D:E1:55:52:D2:E4:0B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3B6FFF0CD83F2E94CD13AE661766F78462024C45
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13213.roa
Signing time:             Mon 04 Dec 2023 17:23:05 +0000
ROA not before:           Mon 04 Dec 2023 17:18:05 +0000
ROA not after:            Mon 02 Dec 2024 17:23:05 +0000
asID:                     13213
IP address blocks:        191.101.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:6f:ff:0c:d8:3f:2e:94:cd:13:ae:66:17:66:f7:84:62:02:4c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  4 17:18:05 2023 GMT
            Not After : Dec  2 17:23:05 2024 GMT
        Subject: CN=502725010950B73FCBDA0175080DE15552D2E40B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d6:bb:fa:7b:80:59:44:9b:35:f3:2e:06:32:
                    25:81:35:53:e4:67:d4:c9:45:3d:07:a5:fd:56:d3:
                    8b:c4:22:57:52:67:c8:d0:6c:d8:50:6a:3a:4b:74:
                    3a:51:97:92:99:b4:34:4c:1d:7c:c1:84:aa:78:6b:
                    db:e3:58:c0:85:81:83:ea:c3:a2:28:da:ea:0d:8b:
                    d1:6b:8c:d0:03:27:9e:ec:b8:d9:87:9d:00:a0:f7:
                    6b:7a:a3:b7:f7:55:3e:f7:60:57:28:d4:92:58:7d:
                    5e:39:c5:53:d1:9d:1d:b6:37:46:00:ee:1e:dd:e6:
                    9d:f7:7e:6e:92:e0:cf:5a:d5:bb:46:75:31:11:39:
                    28:70:fb:ff:1c:1b:c4:6a:a2:e1:65:1a:32:cf:d1:
                    3f:a9:da:0c:b4:3d:a8:46:00:4c:a6:7f:22:43:05:
                    42:29:86:ef:ca:be:96:03:81:fd:ed:6e:75:a4:be:
                    28:d2:f1:b2:64:8f:44:ca:86:24:ba:73:15:0c:e9:
                    5d:e5:b2:0d:6f:35:99:dd:6e:59:21:8b:42:da:fc:
                    22:f0:c9:05:ae:6b:5e:ee:6f:70:f2:a0:43:2b:86:
                    51:10:5f:03:8d:d0:88:36:66:01:32:eb:98:1b:ea:
                    9f:94:28:c1:30:ea:23:8b:7a:f4:84:f8:48:17:5a:
                    18:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:27:25:01:09:50:B7:3F:CB:DA:01:75:08:0D:E1:55:52:D2:E4:0B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:88:a2:2d:bf:85:e6:ac:9a:0b:9b:a7:39:b7:50:ec:16:b8:
         c8:04:9b:77:b0:ee:74:d7:97:c4:40:61:1c:ab:e5:17:1f:1a:
         3d:c0:f8:cc:0f:f5:3d:23:32:5d:7e:47:59:a1:6b:43:df:2d:
         2d:9a:78:c0:bc:a4:c6:7e:16:f5:56:0d:52:17:eb:56:11:cf:
         da:65:47:9e:b7:0e:a5:be:61:4e:17:0b:ed:0c:2a:f4:f8:db:
         52:3f:11:c6:2e:bf:17:c7:35:50:71:e3:99:ce:70:bf:59:d6:
         f6:59:f1:ce:a1:6d:0e:15:88:81:a0:89:bd:73:00:3c:37:c0:
         9e:4f:b3:ac:ce:d6:f7:de:9c:97:49:15:4a:1e:97:bc:ed:26:
         d0:73:b0:d6:90:19:d9:4c:96:5d:10:e2:d0:08:25:51:e1:44:
         bb:7a:53:e9:08:6a:f0:a5:1e:35:2b:57:40:8a:e8:7b:6f:1c:
         8b:9f:c2:9a:3a:bf:4f:b9:d3:e7:45:84:f8:64:53:ce:16:7c:
         d1:b5:2e:f8:d7:88:57:81:ce:0d:68:da:27:a8:32:cc:f2:e9:
         03:e3:f7:aa:14:70:b0:0f:09:8f:9b:d4:c5:c6:d0:14:4c:24:
         bf:82:73:8b:1c:cf:35:2c:7f:16:25:1a:9e:41:57:f2:21:f3:
         77:ae:2a:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUO2//DNg/LpTNE65mF2b3hGICTEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMDQxNzE4MDVaFw0yNDEyMDIxNzIzMDVaMDMxMTAvBgNV
BAMTKDUwMjcyNTAxMDk1MEI3M0ZDQkRBMDE3NTA4MERFMTU1NTJEMkU0MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN1rv6e4BZRJs18y4GMiWBNVPk
Z9TJRT0Hpf1W04vEIldSZ8jQbNhQajpLdDpRl5KZtDRMHXzBhKp4a9vjWMCFgYPq
w6Io2uoNi9FrjNADJ57suNmHnQCg92t6o7f3VT73YFco1JJYfV45xVPRnR22N0YA
7h7d5p33fm6S4M9a1btGdTEROShw+/8cG8RqouFlGjLP0T+p2gy0PahGAEymfyJD
BUIphu/KvpYDgf3tbnWkvijS8bJkj0TKhiS6cxUM6V3lsg1vNZndblkhi0La/CLw
yQWua17ub3DyoEMrhlEQXwON0Ig2ZgEy65gb6p+UKMEw6iOLevSE+EgXWhg3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUCclAQlQtz/L2gF1CA3hVVLS5AswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyMTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZR0w
DQYJKoZIhvcNAQELBQADggEBAIuIoi2/heasmgubpzm3UOwWuMgEm3ew7nTXl8RA
YRyr5RcfGj3A+MwP9T0jMl1+R1mha0PfLS2aeMC8pMZ+FvVWDVIX61YRz9plR563
DqW+YU4XC+0MKvT421I/EcYuvxfHNVBx45nOcL9Z1vZZ8c6hbQ4ViIGgib1zADw3
wJ5Ps6zO1vfenJdJFUoel7ztJtBzsNaQGdlMll0Q4tAIJVHhRLt6U+kIavClHjUr
V0CK6HtvHIufwpo6v0+50+dFhPhkU84WfNG1LvjXiFeBzg1o2ieoMszy6QPj96oU
cLAPCY+b1MXG0BRMJL+Cc4sczzUsfxYlGp5BV/Ih83euKo8=
-----END CERTIFICATE-----