Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa
File:                     AS13287.roa (raw, json)
Hash identifier:          KNgZ03iMNLo9z3JnaFMT7E7RtZrYRzeUm/KY2BWZT0E=
Subject key identifier:   E4:73:B3:11:8A:D2:CC:C1:08:AB:00:5A:24:89:A1:60:47:FC:B0:48
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       177D5C41C831555E87C0A0FB2EFB3D16BA703A44
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa
Signing time:             Fri 21 Feb 2025 12:53:55 +0000
ROA not before:           Fri 21 Feb 2025 12:48:55 +0000
ROA not after:            Fri 20 Feb 2026 12:53:55 +0000
asID:                     13287
IP address blocks:        191.101.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:7d:5c:41:c8:31:55:5e:87:c0:a0:fb:2e:fb:3d:16:ba:70:3a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 21 12:48:55 2025 GMT
            Not After : Feb 20 12:53:55 2026 GMT
        Subject: CN=E473B3118AD2CCC108AB005A2489A16047FCB048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:50:30:ae:73:8b:dd:3a:4e:e3:d1:82:7b:ef:
                    4b:38:44:b9:f9:2b:57:ff:79:07:a1:29:48:cf:9d:
                    f7:f6:76:70:75:ad:cc:01:2c:99:84:78:ac:71:08:
                    4f:11:25:63:04:7f:0a:bc:9d:61:fd:a6:0e:43:3b:
                    f6:90:0e:e4:22:3b:ca:75:03:fc:5d:e2:09:73:d9:
                    88:8c:9d:c9:ff:e9:ca:57:8d:c9:dd:b2:d6:5a:9b:
                    85:0e:b8:56:83:49:85:e5:d5:ca:91:bf:19:ea:ff:
                    ca:9d:8e:93:65:a2:5c:20:b3:9f:f2:f4:77:b2:fe:
                    2c:9b:68:10:25:ee:80:52:cf:cf:2f:5b:6f:9a:9d:
                    9a:24:60:41:fc:af:c7:f2:92:a4:e0:e9:ac:8e:31:
                    40:04:ab:53:77:2a:d1:7d:8c:85:45:e8:5e:bb:11:
                    60:42:a4:36:ff:09:ec:db:dd:ef:5a:63:8b:df:1e:
                    11:cb:f3:a6:49:75:48:65:76:60:ca:b2:f3:0c:8c:
                    51:53:82:d3:a6:e5:78:51:98:de:0d:89:ad:68:a7:
                    10:7d:3f:57:47:52:0b:ce:7e:f5:32:99:08:5b:02:
                    9c:c7:c7:d9:1b:ff:7f:08:82:6d:54:aa:42:2a:da:
                    5b:73:24:62:17:ac:dd:40:8a:bd:db:bf:51:29:c1:
                    15:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:73:B3:11:8A:D2:CC:C1:08:AB:00:5A:24:89:A1:60:47:FC:B0:48
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:9a:62:bf:4b:a6:04:dd:c5:da:40:ef:a9:80:58:12:01:bf:
         44:18:46:db:f0:ff:b6:24:9f:5e:0e:a2:99:3b:33:2d:28:bf:
         da:c2:65:ec:2e:38:81:23:41:41:1e:0c:61:e4:7b:94:08:ea:
         34:e9:65:5e:8e:54:40:1b:e6:94:a2:a8:6e:7e:1d:e5:56:c9:
         82:00:09:d4:d3:4c:74:ab:01:3a:2c:52:dd:33:7a:98:c5:c0:
         a6:ad:f4:60:07:ff:c7:df:f8:c5:3e:9e:18:94:51:20:44:ff:
         34:5e:a5:9c:a7:57:a3:d7:8e:8a:4f:79:7b:af:51:37:7d:e2:
         05:ab:a9:8e:87:c6:c2:8c:76:98:fc:f6:59:d0:14:f4:35:20:
         87:4c:6c:5a:7d:7d:75:d9:52:3e:c6:95:ff:20:62:4d:ec:e8:
         d2:91:d4:03:5f:d4:e9:2d:6e:8c:2d:f4:b5:ed:50:6f:e7:47:
         df:d5:d2:e1:66:bf:f4:31:aa:50:8b:bb:e7:13:74:6e:64:7a:
         0a:8d:4a:bd:12:da:c9:ec:94:56:2e:1e:3c:0e:b5:b9:c4:8b:
         ed:b2:d4:63:65:26:35:26:49:38:22:55:5c:6d:6d:66:06:8c:
         b6:01:f8:2a:6a:0d:a9:30:de:2d:9e:3a:a9:e6:b8:bb:eb:41:
         a5:1e:aa:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUF31cQcgxVV6HwKD7Lvs9FrpwOkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMjExMjQ4NTVaFw0yNjAyMjAxMjUzNTVaMDMxMTAvBgNV
BAMTKEU0NzNCMzExOEFEMkNDQzEwOEFCMDA1QTI0ODlBMTYwNDdGQ0IwNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQUDCuc4vdOk7j0YJ770s4RLn5
K1f/eQehKUjPnff2dnB1rcwBLJmEeKxxCE8RJWMEfwq8nWH9pg5DO/aQDuQiO8p1
A/xd4glz2YiMncn/6cpXjcndstZam4UOuFaDSYXl1cqRvxnq/8qdjpNlolwgs5/y
9Hey/iybaBAl7oBSz88vW2+anZokYEH8r8fykqTg6ayOMUAEq1N3KtF9jIVF6F67
EWBCpDb/Cezb3e9aY4vfHhHL86ZJdUhldmDKsvMMjFFTgtOm5XhRmN4Nia1opxB9
P1dHUgvOfvUymQhbApzHx9kb/38Igm1UqkIq2ltzJGIXrN1Air3bv1EpwRUfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5HOzEYrSzMEIqwBaJImhYEf8sEgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZSQw
DQYJKoZIhvcNAQELBQADggEBAK2aYr9LpgTdxdpA76mAWBIBv0QYRtvw/7Ykn14O
opk7My0ov9rCZewuOIEjQUEeDGHke5QI6jTpZV6OVEAb5pSiqG5+HeVWyYIACdTT
THSrATosUt0zepjFwKat9GAH/8ff+MU+nhiUUSBE/zRepZynV6PXjopPeXuvUTd9
4gWrqY6HxsKMdpj89lnQFPQ1IIdMbFp9fXXZUj7Glf8gYk3s6NKR1ANf1Oktbowt
9LXtUG/nR9/V0uFmv/QxqlCLu+cTdG5kegqNSr0S2snslFYuHjwOtbnEi+2y1GNl
JjUmSTgiVVxtbWYGjLYB+CpqDakw3i2eOqnmuLvrQaUeqkY=
-----END CERTIFICATE-----