Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa
File:                     AS199654.roa (raw, json)
Hash identifier:          PamrI63O6HDD6+NqbnoUUoD1hB+qfzJBQNDMm2Z7ITo=
Subject key identifier:   BE:02:34:15:E5:83:19:62:B9:7D:EA:68:19:0F:56:D0:7B:A9:21:B8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5E0CEE61FF72F1B6AB163E6BB5E914FB11EC160E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa
Signing time:             Sun 31 Dec 2023 23:04:59 +0000
ROA not before:           Sun 31 Dec 2023 22:59:59 +0000
ROA not after:            Sun 29 Dec 2024 23:04:59 +0000
asID:                     199654
IP address blocks:        191.96.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:0c:ee:61:ff:72:f1:b6:ab:16:3e:6b:b5:e9:14:fb:11:ec:16:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 31 22:59:59 2023 GMT
            Not After : Dec 29 23:04:59 2024 GMT
        Subject: CN=BE023415E5831962B97DEA68190F56D07BA921B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:cf:4f:e8:8f:0d:fe:ff:dd:e1:e1:92:8e:da:
                    b6:1c:ec:2c:78:99:d5:31:38:22:62:a4:0f:82:c6:
                    82:c1:b0:91:e0:6f:d8:60:94:4e:b8:64:d0:db:93:
                    a4:56:bb:83:76:10:58:9a:b2:21:10:a5:1d:b0:7b:
                    8d:ba:ac:0e:c8:2d:74:60:92:66:b3:21:94:fe:bb:
                    5b:5e:4a:f7:31:ea:61:0a:69:24:1b:f3:48:f9:d6:
                    a3:dc:1d:7d:e0:85:44:56:0f:ae:32:8c:8d:18:eb:
                    91:d1:18:75:1d:aa:f9:05:18:fc:d2:9f:12:06:6a:
                    dc:21:27:5a:f7:ff:1b:d2:f1:b9:b0:74:28:5e:c8:
                    92:c9:e4:63:c3:11:43:23:1b:06:75:9b:41:d5:8e:
                    65:01:ff:34:4a:60:9e:21:f7:35:fc:52:10:e5:98:
                    e3:26:de:38:bb:76:e6:b0:8f:f6:9c:ea:6a:8c:43:
                    1d:9a:a0:4d:88:3a:8a:9b:10:59:6e:84:62:42:47:
                    f2:98:c7:91:4f:4f:8d:c1:ad:e6:2e:86:2c:9b:c7:
                    56:4b:a6:1d:31:59:51:8f:50:23:49:c8:4c:11:24:
                    29:2d:40:89:e8:f2:9f:6e:65:b3:b3:9d:b4:37:5f:
                    b1:92:b6:43:4d:0f:f4:13:84:c4:12:10:2e:fa:90:
                    6a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:02:34:15:E5:83:19:62:B9:7D:EA:68:19:0F:56:D0:7B:A9:21:B8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:2b:a5:13:85:05:b1:ac:5a:d8:0d:e6:29:dc:1a:11:ad:e7:
         36:e6:c4:8e:4c:bd:49:fa:7f:d8:f4:68:1a:dc:ad:02:8e:fc:
         48:80:ce:af:0a:7b:48:02:fd:3d:f6:9e:ed:9c:15:4d:7b:de:
         e0:66:54:8d:17:60:72:27:ff:34:45:0b:87:20:68:3f:10:87:
         5f:98:c1:f6:8e:7a:a2:95:85:26:64:6f:1f:0c:ef:5c:46:72:
         bd:36:88:6d:ea:47:26:2a:ee:52:08:36:92:06:91:3f:89:91:
         5e:e0:51:b8:2d:d7:bd:41:ca:2c:8c:c6:8c:c2:bb:d5:31:3e:
         59:bf:f7:94:4f:b0:93:56:9e:64:86:ae:20:03:0b:a0:41:64:
         6d:8e:65:d9:c2:e7:eb:d0:42:9f:79:17:2e:ce:58:b8:51:55:
         2a:41:66:fe:16:80:9f:c5:93:e9:96:d1:e6:9a:fe:ce:48:15:
         f8:26:c2:f0:64:af:9a:94:fe:89:c8:54:cd:63:89:4a:2d:fa:
         20:1a:b4:8e:e4:47:80:2e:6c:09:e6:37:87:8c:a7:f2:e0:aa:
         10:46:31:98:1e:6b:61:8b:c9:9b:a6:ab:3f:28:ad:65:b1:99:
         8c:ee:0f:88:18:55:af:06:1f:fb:be:39:9a:97:76:e1:f5:c4:
         bd:79:fc:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXgzuYf9y8barFj5rtekU+xHsFg4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMzEyMjU5NTlaFw0yNDEyMjkyMzA0NTlaMDMxMTAvBgNV
BAMTKEJFMDIzNDE1RTU4MzE5NjJCOTdERUE2ODE5MEY1NkQwN0JBOTIxQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsz0/ojw3+/93h4ZKO2rYc7Cx4
mdUxOCJipA+CxoLBsJHgb9hglE64ZNDbk6RWu4N2EFiasiEQpR2we426rA7ILXRg
kmazIZT+u1teSvcx6mEKaSQb80j51qPcHX3ghURWD64yjI0Y65HRGHUdqvkFGPzS
nxIGatwhJ1r3/xvS8bmwdCheyJLJ5GPDEUMjGwZ1m0HVjmUB/zRKYJ4h9zX8UhDl
mOMm3ji7duawj/ac6mqMQx2aoE2IOoqbEFluhGJCR/KYx5FPT43BreYuhiybx1ZL
ph0xWVGPUCNJyEwRJCktQIno8p9uZbOznbQ3X7GStkNND/QThMQSEC76kGpPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvgI0FeWDGWK5fepoGQ9W0HupIbgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2DP
MA0GCSqGSIb3DQEBCwUAA4IBAQAxK6UThQWxrFrYDeYp3BoRrec25sSOTL1J+n/Y
9Gga3K0CjvxIgM6vCntIAv099p7tnBVNe97gZlSNF2ByJ/80RQuHIGg/EIdfmMH2
jnqilYUmZG8fDO9cRnK9Noht6kcmKu5SCDaSBpE/iZFe4FG4Lde9QcosjMaMwrvV
MT5Zv/eUT7CTVp5khq4gAwugQWRtjmXZwufr0EKfeRcuzli4UVUqQWb+FoCfxZPp
ltHmmv7OSBX4JsLwZK+alP6JyFTNY4lKLfogGrSO5EeALmwJ5jeHjKfy4KoQRjGY
Hmthi8mbpqs/KK1lsZmM7g+IGFWvBh/7vjmal3bh9cS9efw8
-----END CERTIFICATE-----