Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
File:                     AS13335.roa (raw, json)
Hash identifier:          To0qTVnaNLYh8Sc1YQWhmo7ZCnsGEu2uH7niDdhri84=
Subject key identifier:   54:70:99:DF:2F:AF:17:21:88:50:34:87:B7:DF:33:A7:3D:A4:62:8F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4C7E41EBC633DF261CA7275DF5ADC6B6BE2411B1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa
Signing time:             Fri 03 May 2024 14:05:16 +0000
ROA not before:           Fri 03 May 2024 14:00:16 +0000
ROA not after:            Fri 02 May 2025 14:05:16 +0000
asID:                     13335
IP address blocks:        191.96.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:7e:41:eb:c6:33:df:26:1c:a7:27:5d:f5:ad:c6:b6:be:24:11:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  3 14:00:16 2024 GMT
            Not After : May  2 14:05:16 2025 GMT
        Subject: CN=547099DF2FAF172188503487B7DF33A73DA4628F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:15:00:8f:13:76:e6:f5:71:91:35:fa:62:
                    6c:12:86:ae:00:e8:ea:74:bd:87:94:e4:86:db:30:
                    0e:ce:62:5a:c7:50:50:34:b2:b0:7b:98:2f:d1:8e:
                    8e:b2:e3:66:1a:00:69:86:69:45:52:5e:c3:e0:f8:
                    ee:8c:fa:4a:cd:fa:f1:e7:54:f7:1c:b7:06:f5:3d:
                    a0:6b:26:dd:9e:a1:0c:56:f2:a2:aa:4a:c4:2c:39:
                    51:f9:39:43:6e:75:90:16:97:24:66:6f:21:a0:9d:
                    47:f8:3d:fc:d7:3c:6c:0e:d9:eb:50:bc:c0:de:0c:
                    a5:a1:c6:84:89:fd:05:71:c6:24:c7:75:6a:26:bb:
                    60:d1:1d:c2:b9:1f:c1:c3:b8:35:3c:cd:7b:a3:2f:
                    30:2f:c4:7e:52:d7:e7:a7:c1:7e:6e:30:ce:78:28:
                    0d:c7:5f:9e:06:0c:8e:f6:27:31:df:0d:1f:c0:59:
                    b7:24:6c:40:56:bc:c5:77:c7:7d:3b:f8:46:b3:2b:
                    05:40:18:68:df:6d:07:e2:55:09:23:07:72:c3:c1:
                    f4:19:0d:86:24:56:e2:fa:88:02:60:fe:01:d4:e7:
                    48:15:ba:9e:8d:68:ce:06:35:86:cc:64:f1:2a:34:
                    d8:2b:f3:2f:40:80:de:6d:c2:bf:ea:71:68:f1:9f:
                    44:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:70:99:DF:2F:AF:17:21:88:50:34:87:B7:DF:33:A7:3D:A4:62:8F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:64:b5:5c:61:c6:4f:cc:39:08:62:13:29:f6:d1:1a:cd:af:
         d5:9c:a0:90:5b:72:9c:4a:db:62:4e:ee:b3:c0:bb:cb:41:60:
         c0:9f:62:3d:29:51:0e:4c:24:05:de:76:9f:57:d9:aa:b9:17:
         47:76:5b:a5:be:35:2b:d0:63:b1:80:cd:86:36:a6:7c:8f:a4:
         28:8f:e0:84:82:04:c8:d4:1d:78:52:d5:bc:2b:ef:6b:6e:dc:
         27:9d:24:81:80:f8:c8:6b:32:46:b3:50:63:64:84:8e:d6:92:
         d7:04:65:94:51:e2:9d:5a:5a:d7:63:86:df:36:54:4c:b8:c8:
         38:06:2d:75:26:6d:18:f6:5b:fc:de:8e:d8:1c:9a:ea:19:86:
         aa:2c:4a:88:f6:44:9a:76:4d:e1:12:2c:fa:63:ae:2c:52:34:
         b4:70:5a:9b:d7:f8:8c:53:0f:84:24:7d:79:78:62:e9:0a:42:
         79:27:6e:14:ed:72:a3:07:f5:2d:6a:89:f7:7a:16:d2:69:ed:
         92:fc:6b:5d:4f:18:30:3c:3c:62:67:cd:29:14:93:a5:bc:dc:
         0b:01:7d:ef:37:84:45:e0:8f:03:b6:92:db:36:f3:b8:8c:a9:
         3a:6a:ad:aa:b2:bc:8b:18:9d:b1:0a:c4:88:9e:d9:06:5c:8a:
         1e:0a:5f:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUTH5B68Yz3yYcpydd9a3Gtr4kEbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDMxNDAwMTZaFw0yNTA1MDIxNDA1MTZaMDMxMTAvBgNV
BAMTKDU0NzA5OURGMkZBRjE3MjE4ODUwMzQ4N0I3REYzM0E3M0RBNDYyOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwhxUAjxN25vVxkTX6YmwShq4A
6Op0vYeU5IbbMA7OYlrHUFA0srB7mC/Rjo6y42YaAGmGaUVSXsPg+O6M+krN+vHn
VPcctwb1PaBrJt2eoQxW8qKqSsQsOVH5OUNudZAWlyRmbyGgnUf4PfzXPGwO2etQ
vMDeDKWhxoSJ/QVxxiTHdWomu2DRHcK5H8HDuDU8zXujLzAvxH5S1+enwX5uMM54
KA3HX54GDI72JzHfDR/AWbckbEBWvMV3x307+EazKwVAGGjfbQfiVQkjB3LDwfQZ
DYYkVuL6iAJg/gHU50gVup6NaM4GNYbMZPEqNNgr8y9AgN5twr/qcWjxn0TvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVHCZ3y+vFyGIUDSHt98zpz2kYo8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YFEw
DQYJKoZIhvcNAQELBQADggEBAARktVxhxk/MOQhiEyn20RrNr9WcoJBbcpxK22JO
7rPAu8tBYMCfYj0pUQ5MJAXedp9X2aq5F0d2W6W+NSvQY7GAzYY2pnyPpCiP4ISC
BMjUHXhS1bwr72tu3CedJIGA+MhrMkazUGNkhI7WktcEZZRR4p1aWtdjht82VEy4
yDgGLXUmbRj2W/zejtgcmuoZhqosSoj2RJp2TeESLPpjrixSNLRwWpvX+IxTD4Qk
fXl4YukKQnknbhTtcqMH9S1qifd6FtJp7ZL8a11PGDA8PGJnzSkUk6W83AsBfe83
hEXgjwO2kts287iMqTpqraqyvIsYnbEKxIie2QZcih4KX7o=
-----END CERTIFICATE-----