Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201088.roa
File:                     AS201088.roa (raw, json)
Hash identifier:          vkGnHFhtSwp5xB1aYxq//osKZb13AZmCp2ULvsZPZ68=
Subject key identifier:   42:8D:33:EA:C3:C4:B6:07:5C:B9:9E:02:4F:73:40:33:32:14:D8:60
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       465F0DD8750212310F85AD3A9EC8628AE681761B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201088.roa
Signing time:             Wed 28 Jun 2023 08:03:53 +0000
ROA not before:           Wed 28 Jun 2023 07:58:53 +0000
ROA not after:            Wed 26 Jun 2024 08:03:53 +0000
asID:                     201088
IP address blocks:        191.96.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:5f:0d:d8:75:02:12:31:0f:85:ad:3a:9e:c8:62:8a:e6:81:76:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 28 07:58:53 2023 GMT
            Not After : Jun 26 08:03:53 2024 GMT
        Subject: CN=428D33EAC3C4B6075CB99E024F7340333214D860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:20:49:5a:d6:35:b0:58:12:f2:70:c6:cc:b0:
                    2b:ed:42:9a:d1:e5:39:3f:dc:9b:b7:33:2c:48:f8:
                    e2:1e:03:21:28:83:64:0c:d4:71:37:42:3b:16:bf:
                    95:8e:66:f6:ba:cf:8b:41:e4:99:9a:5a:dc:fb:39:
                    d4:2a:c3:43:3e:b6:48:b9:ad:0c:19:a6:bd:50:84:
                    2e:b8:a0:43:ec:8d:b2:5d:50:e9:00:e7:13:83:e7:
                    12:07:c0:9a:b7:5a:a8:c0:c2:ba:1b:77:b4:82:28:
                    18:d0:98:00:b7:fb:9c:6a:e7:d5:06:e1:de:b6:bb:
                    82:f5:82:10:73:d2:ae:91:d8:85:ab:3b:6e:11:f3:
                    79:c8:1a:af:f3:64:92:e6:99:46:55:8f:a1:7d:fe:
                    46:02:fa:5d:81:35:ff:5d:56:41:16:9e:3b:83:1f:
                    90:cb:28:82:b3:e2:d5:42:0d:5f:3e:36:cb:1d:f0:
                    d9:3b:81:d5:09:a0:d8:21:3f:c3:87:91:c8:55:18:
                    5a:38:0e:3d:59:de:39:25:57:c1:cd:a9:cf:7e:f8:
                    ce:b8:f1:0d:4f:a7:78:62:cc:71:9f:13:dd:33:e3:
                    fc:41:94:4b:79:89:a7:30:13:f2:36:53:82:13:ce:
                    86:ab:77:0f:53:58:f8:1d:06:67:4d:eb:06:a7:cb:
                    c4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8D:33:EA:C3:C4:B6:07:5C:B9:9E:02:4F:73:40:33:32:14:D8:60
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201088.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c2:5c:1b:22:00:07:7d:78:1b:c8:5a:c4:38:84:9f:0e:b4:
         ae:66:6c:dd:20:e7:7a:3b:c4:e5:15:13:d7:12:2a:67:c0:79:
         63:11:66:e4:73:e4:ae:c3:d7:4b:32:4e:33:be:49:9e:17:af:
         1d:c1:e0:57:53:2c:0a:27:64:a5:2a:65:00:20:61:22:68:88:
         ad:14:cb:73:cf:5a:49:0a:a7:72:b9:17:b4:f8:5f:e7:20:32:
         32:9e:e5:40:dc:d2:26:f4:85:19:2d:67:ab:fa:ce:9d:65:c6:
         d5:eb:6b:06:9d:7e:ca:cf:81:78:1b:86:e0:f8:fc:16:98:ff:
         cd:8b:ee:d8:bd:cd:99:7a:a2:d8:e4:7d:9c:e2:07:f7:6c:0d:
         53:7a:79:2a:f3:31:e9:08:fa:2f:76:76:5e:3b:5b:79:a7:1b:
         36:6d:a6:6a:65:91:80:9d:e8:89:ae:ae:d1:e8:02:f1:12:7c:
         53:31:a2:4b:c3:2d:f6:aa:fa:19:85:2a:7f:b3:8d:7d:27:c3:
         af:f6:b6:6c:fd:95:49:7e:87:d6:5e:85:aa:e0:12:a4:1d:95:
         fc:30:5b:db:9e:8b:e8:f1:25:ae:ca:66:3b:bb:78:3d:30:76:
         d2:8e:33:80:7d:f2:80:b9:86:cb:d8:8b:d1:99:c4:3c:a6:0c:
         84:a4:a6:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURl8N2HUCEjEPha06nshiiuaBdhswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjgwNzU4NTNaFw0yNDA2MjYwODAzNTNaMDMxMTAvBgNV
BAMTKDQyOEQzM0VBQzNDNEI2MDc1Q0I5OUUwMjRGNzM0MDMzMzIxNEQ4NjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrIEla1jWwWBLycMbMsCvtQprR
5Tk/3Ju3MyxI+OIeAyEog2QM1HE3QjsWv5WOZva6z4tB5JmaWtz7OdQqw0M+tki5
rQwZpr1QhC64oEPsjbJdUOkA5xOD5xIHwJq3WqjAwrobd7SCKBjQmAC3+5xq59UG
4d62u4L1ghBz0q6R2IWrO24R83nIGq/zZJLmmUZVj6F9/kYC+l2BNf9dVkEWnjuD
H5DLKIKz4tVCDV8+Nssd8Nk7gdUJoNghP8OHkchVGFo4Dj1Z3jklV8HNqc9++M64
8Q1Pp3hizHGfE90z4/xBlEt5iacwE/I2U4ITzoardw9TWPgdBmdN6wany8RbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQo0z6sPEtgdcuZ4CT3NAMzIU2GAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMDg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CC
MA0GCSqGSIb3DQEBCwUAA4IBAQBAwlwbIgAHfXgbyFrEOISfDrSuZmzdIOd6O8Tl
FRPXEipnwHljEWbkc+Suw9dLMk4zvkmeF68dweBXUywKJ2SlKmUAIGEiaIitFMtz
z1pJCqdyuRe0+F/nIDIynuVA3NIm9IUZLWer+s6dZcbV62sGnX7Kz4F4G4bg+PwW
mP/Ni+7Yvc2ZeqLY5H2c4gf3bA1Tenkq8zHpCPovdnZeO1t5pxs2baZqZZGAneiJ
rq7R6ALxEnxTMaJLwy32qvoZhSp/s419J8Ov9rZs/ZVJfofWXoWq4BKkHZX8MFvb
novo8SWuymY7u3g9MHbSjjOAffKAuYbL2IvRmcQ8pgyEpKYU
-----END CERTIFICATE-----