Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
File:                     AS201320.roa (raw, json)
Hash identifier:          UXX/ze2xwWFJtWmZMhk/A6sVJxt93wcRxPp55p/8+mQ=
Subject key identifier:   C4:8C:A5:31:94:DD:8E:45:44:60:93:0E:0F:86:1E:C7:50:40:D7:4F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       170EED8815D28BAD2AECB1398E8031B1A173119F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
Signing time:             Fri 16 May 2025 13:54:08 +0000
ROA not before:           Fri 16 May 2025 13:49:08 +0000
ROA not after:            Fri 15 May 2026 13:54:08 +0000
asID:                     201320
IP address blocks:        191.101.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:0e:ed:88:15:d2:8b:ad:2a:ec:b1:39:8e:80:31:b1:a1:73:11:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 16 13:49:08 2025 GMT
            Not After : May 15 13:54:08 2026 GMT
        Subject: CN=C48CA53194DD8E454460930E0F861EC75040D74F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0d:d0:b1:ac:d2:5a:c9:80:fd:28:63:33:2a:
                    8e:fa:d4:d2:82:40:9f:d9:7a:04:b6:20:4b:b8:1b:
                    ee:89:e9:c2:e7:00:0b:27:b7:e1:60:cc:0a:30:e3:
                    30:79:5e:35:f9:fc:03:c5:fd:3a:40:0a:f1:85:dd:
                    7e:c7:3a:76:71:d3:71:c3:e5:d7:89:27:07:43:fb:
                    cf:09:c7:e6:2c:44:2d:d8:c6:42:32:4c:6e:71:32:
                    3b:1e:0f:42:78:7e:dc:aa:04:a1:46:32:ad:ef:ba:
                    89:e5:2e:9b:03:29:8f:35:55:aa:a1:06:f1:2e:6e:
                    52:4a:b2:2e:f9:c6:8b:23:66:a2:63:3e:86:85:bd:
                    f3:5c:e1:2d:0e:6b:4e:20:f1:7e:93:76:66:d0:9c:
                    f4:47:fa:14:23:09:f9:d3:28:c4:e3:5e:b7:8b:03:
                    55:ad:2d:dc:21:25:5d:79:f2:a6:45:d3:d1:cf:47:
                    1d:74:d1:27:e0:58:29:16:26:13:54:85:c9:fa:4f:
                    42:56:e3:e6:bb:72:04:e2:90:85:8e:73:d5:5a:93:
                    a2:58:eb:b1:14:87:49:c3:9c:91:a7:c0:92:28:d0:
                    55:57:c3:6e:7f:98:74:2a:d0:07:e9:65:3f:a6:11:
                    bc:59:81:fe:b6:ee:65:46:d1:b8:45:86:c3:17:7e:
                    0c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8C:A5:31:94:DD:8E:45:44:60:93:0E:0F:86:1E:C7:50:40:D7:4F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ea:50:96:2a:ee:9e:45:33:40:4b:32:d5:04:3c:3c:7a:9c:
         e1:60:d8:1e:33:a1:36:27:b1:1d:a8:9a:31:17:65:9e:21:26:
         1a:8f:6b:35:3e:5e:2e:59:eb:bf:5c:7c:eb:ff:1a:ba:ae:89:
         83:49:b1:68:90:ec:d1:23:d5:07:5b:b6:3f:78:c4:68:78:d3:
         46:38:20:99:f9:18:59:cb:75:7b:d9:46:21:69:f6:c5:6a:ac:
         3f:41:e5:19:82:2a:e1:6a:ef:0a:2e:9d:94:3e:b5:25:e5:45:
         85:a8:98:1e:42:a8:76:38:40:3d:9b:d5:b2:c8:17:6e:f3:ed:
         98:87:65:69:d9:4d:d7:89:27:35:f1:c1:02:9e:28:88:af:fe:
         14:7e:7c:64:c8:fa:8d:71:09:cd:40:c0:3c:29:6a:ad:ab:5d:
         0d:98:d1:f3:49:16:d6:3c:48:c5:ce:40:c5:11:14:48:3e:09:
         68:3d:ae:31:73:74:c7:40:eb:09:66:63:ff:b5:bc:e6:4d:61:
         51:f8:39:4b:2b:27:c2:fa:1a:e2:73:75:6b:11:fe:b8:25:09:
         03:3e:28:d7:1c:e3:44:ff:64:7e:13:e1:40:3a:45:fb:e2:e3:
         e5:0c:9d:40:04:49:76:0e:ee:ff:70:ef:97:68:e8:97:c4:1f:
         3e:e2:81:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFw7tiBXSi60q7LE5joAxsaFzEZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTYxMzQ5MDhaFw0yNjA1MTUxMzU0MDhaMDMxMTAvBgNV
BAMTKEM0OENBNTMxOTRERDhFNDU0NDYwOTMwRTBGODYxRUM3NTA0MEQ3NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyDdCxrNJayYD9KGMzKo761NKC
QJ/ZegS2IEu4G+6J6cLnAAsnt+FgzAow4zB5XjX5/APF/TpACvGF3X7HOnZx03HD
5deJJwdD+88Jx+YsRC3YxkIyTG5xMjseD0J4ftyqBKFGMq3vuonlLpsDKY81Vaqh
BvEublJKsi75xosjZqJjPoaFvfNc4S0Oa04g8X6TdmbQnPRH+hQjCfnTKMTjXreL
A1WtLdwhJV158qZF09HPRx100SfgWCkWJhNUhcn6T0JW4+a7cgTikIWOc9Vak6JY
67EUh0nDnJGnwJIo0FVXw25/mHQq0AfpZT+mEbxZgf627mVG0bhFhsMXfgxbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxIylMZTdjkVEYJMOD4Yex1BA108wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2VW
MA0GCSqGSIb3DQEBCwUAA4IBAQBv6lCWKu6eRTNASzLVBDw8epzhYNgeM6E2J7Ed
qJoxF2WeISYaj2s1Pl4uWeu/XHzr/xq6romDSbFokOzRI9UHW7Y/eMRoeNNGOCCZ
+RhZy3V72UYhafbFaqw/QeUZgirhau8KLp2UPrUl5UWFqJgeQqh2OEA9m9WyyBdu
8+2Yh2Vp2U3XiSc18cECniiIr/4UfnxkyPqNcQnNQMA8KWqtq10NmNHzSRbWPEjF
zkDFERRIPgloPa4xc3THQOsJZmP/tbzmTWFR+DlLKyfC+hric3VrEf64JQkDPijX
HONE/2R+E+FAOkX74uPlDJ1ABEl2Du7/cO+XaOiXxB8+4oHa
-----END CERTIFICATE-----