Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa
File:                     AS13287.roa (raw, json)
Hash identifier:          G4eMGrnLg+UDUtsl+g+J59U+ZIiTNOKUIFELxY2gagE=
Subject key identifier:   83:CE:FD:42:79:1F:2E:DC:BB:98:BD:34:F6:79:22:10:2F:D4:F9:C6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C671262366DCD4C948BF7324043C09EFBB07EAC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa
Signing time:             Fri 22 Mar 2024 12:25:55 +0000
ROA not before:           Fri 22 Mar 2024 12:20:55 +0000
ROA not after:            Fri 21 Mar 2025 12:25:55 +0000
asID:                     13287
IP address blocks:        191.101.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:67:12:62:36:6d:cd:4c:94:8b:f7:32:40:43:c0:9e:fb:b0:7e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 22 12:20:55 2024 GMT
            Not After : Mar 21 12:25:55 2025 GMT
        Subject: CN=83CEFD42791F2EDCBB98BD34F67922102FD4F9C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:64:f4:ff:4c:71:25:16:55:66:1f:7c:d6:0b:
                    72:41:fa:9e:52:77:cf:87:1e:91:05:95:a4:db:f4:
                    04:71:5e:0f:fa:00:6e:0c:04:3c:df:94:31:31:45:
                    19:55:5a:db:f9:ad:9f:a7:7d:cf:c4:27:03:29:a9:
                    9f:17:22:6a:46:7f:3b:c3:41:30:86:aa:ad:1e:34:
                    ca:f6:4d:50:48:ee:0d:e3:f6:fb:f2:eb:f5:df:97:
                    12:ea:d1:40:2a:23:45:e3:48:b3:ff:2b:69:6d:71:
                    dd:00:17:3f:3e:ae:ef:23:14:1e:2a:0c:f3:70:cb:
                    23:eb:48:ac:5e:ba:79:84:4f:39:5c:ac:e7:21:75:
                    e3:66:df:03:50:cc:4f:a8:ea:67:3e:0b:7d:f9:ce:
                    ef:30:26:d3:9c:a7:9a:65:8c:d2:0c:52:c0:12:71:
                    a1:97:2f:c4:c6:d7:dd:99:1b:b7:da:30:4d:41:cf:
                    53:82:f0:1e:33:d0:c3:6d:f6:0c:00:11:9c:c3:f5:
                    d7:58:0f:87:22:9b:b1:f1:f6:1b:02:2a:11:f1:bf:
                    34:75:95:4d:48:52:32:4e:5e:c0:31:af:2e:a9:64:
                    4d:e8:af:a2:22:0d:a8:e8:4d:af:4f:bb:84:d6:20:
                    19:e8:14:47:57:a7:64:fb:f9:0c:34:a2:4b:56:35:
                    b4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CE:FD:42:79:1F:2E:DC:BB:98:BD:34:F6:79:22:10:2F:D4:F9:C6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b8:34:25:21:fc:76:4a:54:73:f3:b0:f5:37:ba:3e:ac:8d:
         a3:19:67:d7:5b:03:bf:0e:01:5c:21:9b:27:d4:3a:54:4e:ff:
         04:0d:ae:0e:17:cb:15:af:8d:0e:3a:96:e1:e1:e5:e8:8d:88:
         3f:b9:28:ea:04:af:f9:2b:d2:16:fd:b9:30:73:c6:15:e9:b6:
         1b:e9:68:65:d5:a2:ff:f2:e4:ef:a8:cc:59:91:73:29:81:03:
         3e:16:06:8a:8e:18:ed:80:33:7a:24:a8:a1:d4:d9:06:b5:ca:
         04:9a:15:2b:76:b7:ef:e6:d4:cc:09:f8:e2:c1:2e:9b:98:2c:
         ca:46:e7:2a:66:86:e9:dc:bb:a3:89:2d:ed:26:5f:16:89:cc:
         a1:4c:1c:8d:03:38:79:ba:8f:8c:85:11:ce:2e:92:fb:12:ac:
         84:48:4f:60:f5:87:27:2a:7b:bd:bf:c7:ab:25:41:ae:bd:84:
         2b:53:fb:a0:12:4e:95:2c:9f:29:53:e9:56:e2:41:81:a2:cd:
         d8:49:ba:b7:35:ee:bf:67:92:6c:c3:60:ec:2e:2a:b0:39:ec:
         34:33:2b:1a:78:7d:ab:66:b1:93:48:31:63:1a:5c:59:19:58:
         b6:f6:56:ed:29:63:45:f7:17:33:22:bf:28:75:1a:fb:a5:55:
         41:ee:b5:33
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbGcSYjZtzUyUi/cyQEPAnvuwfqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjIxMjIwNTVaFw0yNTAzMjExMjI1NTVaMDMxMTAvBgNV
BAMTKDgzQ0VGRDQyNzkxRjJFRENCQjk4QkQzNEY2NzkyMjEwMkZENEY5QzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXZPT/THElFlVmH3zWC3JB+p5S
d8+HHpEFlaTb9ARxXg/6AG4MBDzflDExRRlVWtv5rZ+nfc/EJwMpqZ8XImpGfzvD
QTCGqq0eNMr2TVBI7g3j9vvy6/XflxLq0UAqI0XjSLP/K2ltcd0AFz8+ru8jFB4q
DPNwyyPrSKxeunmETzlcrOchdeNm3wNQzE+o6mc+C335zu8wJtOcp5pljNIMUsAS
caGXL8TG192ZG7faME1Bz1OC8B4z0MNt9gwAEZzD9ddYD4cim7Hx9hsCKhHxvzR1
lU1IUjJOXsAxry6pZE3or6IiDajoTa9Pu4TWIBnoFEdXp2T7+Qw0oktWNbR1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUg879QnkfLty7mL009nkiEC/U+cYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZSQw
DQYJKoZIhvcNAQELBQADggEBAF64NCUh/HZKVHPzsPU3uj6sjaMZZ9dbA78OAVwh
myfUOlRO/wQNrg4XyxWvjQ46luHh5eiNiD+5KOoEr/kr0hb9uTBzxhXpthvpaGXV
ov/y5O+ozFmRcymBAz4WBoqOGO2AM3okqKHU2Qa1ygSaFSt2t+/m1MwJ+OLBLpuY
LMpG5ypmhuncu6OJLe0mXxaJzKFMHI0DOHm6j4yFEc4ukvsSrIRIT2D1hycqe72/
x6slQa69hCtT+6ASTpUsnylT6VbiQYGizdhJurc17r9nkmzDYOwuKrA57DQzKxp4
fatmsZNIMWMaXFkZWLb2Vu0pY0X3FzMivyh1GvulVUHutTM=
-----END CERTIFICATE-----