Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199393.roa
File:                     AS199393.roa (raw, json)
Hash identifier:          0CXrm+6ufMoJ8zeo7NPL1B3p5+0BKq9LqXeyvzl6cvc=
Subject key identifier:   F3:F5:5A:0A:4C:08:04:AD:1F:6D:25:CA:34:C0:79:81:5A:BF:2A:82
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0CFC3F564A0C3506133D1255B9F9968024BEAFCE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199393.roa
Signing time:             Thu 21 Dec 2023 10:23:34 +0000
ROA not before:           Thu 21 Dec 2023 10:18:34 +0000
ROA not after:            Thu 19 Dec 2024 10:23:34 +0000
asID:                     199393
IP address blocks:        181.214.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:fc:3f:56:4a:0c:35:06:13:3d:12:55:b9:f9:96:80:24:be:af:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 21 10:18:34 2023 GMT
            Not After : Dec 19 10:23:34 2024 GMT
        Subject: CN=F3F55A0A4C0804AD1F6D25CA34C079815ABF2A82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:c1:0e:d9:45:56:b3:17:32:d4:91:e9:34:4f:
                    68:89:09:a8:db:9b:cb:17:83:64:6d:f5:11:9d:3b:
                    e6:9f:0e:da:d5:36:f3:36:1c:6a:69:39:3b:2b:43:
                    a6:c2:a3:da:a6:33:81:e7:96:66:9c:64:bf:81:fd:
                    99:d4:dd:16:20:c8:ac:b1:19:dc:d2:40:23:37:e6:
                    58:7c:48:78:5c:14:da:c8:58:9d:80:77:be:2e:62:
                    e6:88:e6:da:6b:be:74:17:97:be:8e:7e:8a:e1:33:
                    cb:16:27:59:13:51:2c:c3:f7:dd:6d:98:68:31:aa:
                    6e:9e:bf:e6:6f:1e:b4:c8:40:ff:d0:11:c6:1a:ff:
                    9a:ec:e3:55:c3:8d:67:8a:d1:d2:91:09:c7:c1:25:
                    e0:42:cc:a1:86:88:00:8b:47:ee:61:21:cd:ea:4a:
                    bd:90:a6:41:59:d6:fa:f2:2d:48:66:da:7a:23:ff:
                    5a:ff:89:70:1c:4d:02:bb:0f:8f:48:65:3a:52:30:
                    60:11:60:f0:c7:b6:95:74:a8:86:ba:6f:70:d5:7b:
                    78:bf:a7:9d:84:aa:50:82:0d:5c:e1:b3:7f:2c:05:
                    a1:69:ef:2a:de:05:31:a1:b9:af:6d:f6:1a:6c:fd:
                    20:c0:e3:f9:6d:05:25:07:ac:ca:d5:cc:e9:d8:10:
                    86:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F5:5A:0A:4C:08:04:AD:1F:6D:25:CA:34:C0:79:81:5A:BF:2A:82
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199393.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:7c:83:71:eb:79:9a:29:6a:b5:8f:68:8f:25:da:d5:10:4e:
         92:f7:ba:2d:2d:2d:d0:c5:f1:c1:20:f3:89:5c:ff:21:b9:76:
         ec:49:b1:c9:bb:64:0e:28:d7:d1:65:e0:0d:7b:34:a9:3d:75:
         73:80:95:3c:29:d1:ff:d4:93:dc:45:81:ec:56:40:83:8b:16:
         da:94:da:c7:bf:b9:b5:00:17:a5:01:13:28:fc:96:f5:a1:94:
         9e:ab:b2:98:39:1b:75:55:19:16:1a:96:5d:df:1d:6c:36:ac:
         c0:76:82:7b:23:44:ed:9b:47:0f:4f:24:9a:d2:3d:ba:e6:b4:
         cd:4e:95:22:ab:f4:67:23:54:28:5b:92:df:12:6a:f1:73:ee:
         af:d3:f8:83:af:11:e0:cb:6f:17:b9:40:d9:a2:88:c1:bf:c7:
         d1:41:bb:67:7c:09:74:2d:43:46:ba:87:44:13:43:3e:09:ee:
         14:89:14:f7:d5:fb:09:ac:93:9a:58:38:02:e6:56:4e:6e:58:
         ee:e7:0d:24:0b:c0:60:71:56:97:f5:b2:a3:e5:bb:b3:81:f0:
         7c:7f:e4:65:9b:d2:25:44:a8:f0:02:f7:19:0b:53:5f:c0:d4:
         3e:3d:de:af:ac:ff:34:2c:eb:6a:21:b1:3a:e1:97:54:66:e1:
         76:9d:81:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDPw/VkoMNQYTPRJVufmWgCS+r84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMjExMDE4MzRaFw0yNDEyMTkxMDIzMzRaMDMxMTAvBgNV
BAMTKEYzRjU1QTBBNEMwODA0QUQxRjZEMjVDQTM0QzA3OTgxNUFCRjJBODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3wQ7ZRVazFzLUkek0T2iJCajb
m8sXg2Rt9RGdO+afDtrVNvM2HGppOTsrQ6bCo9qmM4HnlmacZL+B/ZnU3RYgyKyx
GdzSQCM35lh8SHhcFNrIWJ2Ad74uYuaI5tprvnQXl76OforhM8sWJ1kTUSzD991t
mGgxqm6ev+ZvHrTIQP/QEcYa/5rs41XDjWeK0dKRCcfBJeBCzKGGiACLR+5hIc3q
Sr2QpkFZ1vryLUhm2noj/1r/iXAcTQK7D49IZTpSMGARYPDHtpV0qIa6b3DVe3i/
p52EqlCCDVzhs38sBaFp7yreBTGhua9t9hps/SDA4/ltBSUHrMrVzOnYEIaLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU8/VaCkwIBK0fbSXKNMB5gVq/KoIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MzkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbW
MA0GCSqGSIb3DQEBCwUAA4IBAQBUfINx63maKWq1j2iPJdrVEE6S97otLS3QxfHB
IPOJXP8huXbsSbHJu2QOKNfRZeANezSpPXVzgJU8KdH/1JPcRYHsVkCDixbalNrH
v7m1ABelARMo/Jb1oZSeq7KYORt1VRkWGpZd3x1sNqzAdoJ7I0Ttm0cPTySa0j26
5rTNTpUiq/RnI1QoW5LfEmrxc+6v0/iDrxHgy28XuUDZoojBv8fRQbtnfAl0LUNG
uodEE0M+Ce4UiRT31fsJrJOaWDgC5lZOblju5w0kC8BgcVaX9bKj5buzgfB8f+Rl
m9IlRKjwAvcZC1NfwNQ+Pd6vrP80LOtqIbE64ZdUZuF2nYGz
-----END CERTIFICATE-----