Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
File:                     AS147003.roa (raw, json)
Hash identifier:          n08I4XBVPtZQjFGzMKjfLX8vQftnhGmnwl4KRzGqNKo=
Subject key identifier:   61:4F:22:75:6C:10:B8:95:70:91:58:77:98:B8:55:1D:12:B0:0F:9F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       06C3D1C4564B296475D248144C7CB8EBBB2A1A9E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa
Signing time:             Thu 16 May 2024 15:59:57 +0000
ROA not before:           Thu 16 May 2024 15:54:57 +0000
ROA not after:            Thu 15 May 2025 15:59:57 +0000
asID:                     147003
IP address blocks:        191.96.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:c3:d1:c4:56:4b:29:64:75:d2:48:14:4c:7c:b8:eb:bb:2a:1a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 16 15:54:57 2024 GMT
            Not After : May 15 15:59:57 2025 GMT
        Subject: CN=614F22756C10B8957091587798B8551D12B00F9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0c:a6:26:ea:60:a0:07:25:ad:ed:1d:c0:13:
                    e6:fe:3a:ed:f8:1b:f3:f6:f6:46:a6:be:e2:ec:50:
                    fb:8c:b9:da:6b:cc:e9:80:a2:7f:3e:d2:5e:36:64:
                    18:fc:2c:53:04:23:81:99:98:16:5f:30:ab:cc:ca:
                    da:f0:d6:66:be:48:f1:6c:5a:0f:d7:6f:79:33:5e:
                    00:21:43:0a:6f:7c:d6:ed:94:09:ec:d7:1b:26:3e:
                    f3:cb:49:ac:22:1d:4d:a1:2b:bf:35:5a:94:ff:09:
                    c5:12:ea:fd:f2:56:05:16:9d:b3:de:e6:7e:8f:c0:
                    ce:db:91:0c:14:b9:d1:90:ca:6c:92:5c:de:d6:cf:
                    6a:9e:d9:af:76:46:13:ef:98:d2:4e:7f:52:40:5b:
                    57:fb:87:af:49:4d:a7:54:53:fd:61:37:9e:59:60:
                    e6:09:11:52:19:25:3b:41:39:db:34:08:6b:8d:ae:
                    0e:bc:cd:26:81:b5:28:cd:5e:54:7a:8d:9a:92:47:
                    37:5f:a8:7a:53:19:fd:5b:ce:be:24:af:26:6d:2d:
                    ac:5e:1d:0e:1c:2d:8a:15:22:9e:e1:38:8f:15:4e:
                    9f:44:ac:fb:76:1e:68:b1:30:0c:1b:6c:a2:09:4f:
                    54:d5:95:95:74:6d:67:1f:94:87:db:0e:9e:dc:19:
                    95:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:4F:22:75:6C:10:B8:95:70:91:58:77:98:B8:55:1D:12:B0:0F:9F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS147003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:a8:6a:81:23:a3:94:95:a5:d5:02:ef:3b:e0:d7:71:f8:66:
         c9:70:04:2a:72:90:04:46:2a:65:6b:99:ea:15:56:30:94:e1:
         64:08:84:90:14:8e:a8:2c:1c:db:21:69:8b:75:b0:86:51:40:
         06:c1:bc:3b:27:a3:7b:cf:d0:db:e0:96:c6:3c:7b:c4:48:3c:
         21:08:c1:87:19:64:5f:72:30:07:30:d0:06:1e:c3:08:df:bd:
         ac:33:be:06:0b:5d:07:d0:9d:ab:1c:da:94:73:c8:a6:03:ae:
         db:39:c4:22:4f:29:52:f4:b9:72:a1:f0:6a:ed:e5:90:bd:b9:
         ac:e7:bf:57:0f:83:e7:ab:0a:54:7c:f9:09:5f:46:94:08:e6:
         24:6f:cc:c9:a3:6b:b2:1b:e8:03:14:c4:f1:02:85:ac:bf:33:
         db:fd:ce:1b:fd:b2:1f:3c:85:ef:41:b5:42:da:73:04:58:78:
         91:d8:2b:a0:32:ae:ad:15:9d:f9:d6:6b:c0:e8:4d:da:81:ca:
         25:9a:a6:d8:a2:7b:fc:c8:ba:8d:24:23:d1:85:c4:3b:2a:2d:
         9f:11:15:34:6b:03:3c:83:d6:5d:6b:ef:40:c2:32:3c:68:35:
         fc:3f:d5:41:2f:f9:4a:c7:79:2e:51:bb:97:3b:f9:1c:db:34:
         00:36:93:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBsPRxFZLKWR10kgUTHy467sqGp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTYxNTU0NTdaFw0yNTA1MTUxNTU5NTdaMDMxMTAvBgNV
BAMTKDYxNEYyMjc1NkMxMEI4OTU3MDkxNTg3Nzk4Qjg1NTFEMTJCMDBGOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnDKYm6mCgByWt7R3AE+b+Ou34
G/P29kamvuLsUPuMudprzOmAon8+0l42ZBj8LFMEI4GZmBZfMKvMytrw1ma+SPFs
Wg/Xb3kzXgAhQwpvfNbtlAns1xsmPvPLSawiHU2hK781WpT/CcUS6v3yVgUWnbPe
5n6PwM7bkQwUudGQymySXN7Wz2qe2a92RhPvmNJOf1JAW1f7h69JTadUU/1hN55Z
YOYJEVIZJTtBOds0CGuNrg68zSaBtSjNXlR6jZqSRzdfqHpTGf1bzr4kryZtLaxe
HQ4cLYoVIp7hOI8VTp9ErPt2HmixMAwbbKIJT1TVlZV0bWcflIfbDp7cGZVLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYU8idWwQuJVwkVh3mLhVHRKwD58wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ3MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ad
MA0GCSqGSIb3DQEBCwUAA4IBAQBTqGqBI6OUlaXVAu874Ndx+GbJcAQqcpAERipl
a5nqFVYwlOFkCISQFI6oLBzbIWmLdbCGUUAGwbw7J6N7z9Db4JbGPHvESDwhCMGH
GWRfcjAHMNAGHsMI372sM74GC10H0J2rHNqUc8imA67bOcQiTylS9LlyofBq7eWQ
vbms579XD4PnqwpUfPkJX0aUCOYkb8zJo2uyG+gDFMTxAoWsvzPb/c4b/bIfPIXv
QbVC2nMEWHiR2CugMq6tFZ351mvA6E3agcolmqbYonv8yLqNJCPRhcQ7Ki2fERU0
awM8g9Zda+9AwjI8aDX8P9VBL/lKx3kuUbuXO/kc2zQANpNQ
-----END CERTIFICATE-----