Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
File:                     AS201320.roa (raw, json)
Hash identifier:          fDw0MRbJHXeQ1P1ZWV4aFUgKr8w6htQRNes/gyN3xeg=
Subject key identifier:   2D:9D:7D:E9:3D:C4:DB:52:F9:EE:D1:6F:FB:89:48:2A:8B:32:F3:F6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6EFCB46C6C8C76B3F9E1E018D606A752D363271A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa
Signing time:             Fri 14 Jul 2023 12:38:15 +0000
ROA not before:           Fri 14 Jul 2023 12:33:15 +0000
ROA not after:            Fri 12 Jul 2024 12:38:15 +0000
asID:                     201320
IP address blocks:        191.101.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:fc:b4:6c:6c:8c:76:b3:f9:e1:e0:18:d6:06:a7:52:d3:63:27:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 14 12:33:15 2023 GMT
            Not After : Jul 12 12:38:15 2024 GMT
        Subject: CN=2D9D7DE93DC4DB52F9EED16FFB89482A8B32F3F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:45:f5:90:65:8c:66:15:0c:dd:86:1e:b8:84:
                    04:9d:ef:11:2b:4d:2a:86:6e:77:76:b1:8c:70:9a:
                    58:97:30:55:ac:d7:51:37:dc:f5:00:6b:1f:c4:47:
                    46:b0:72:d5:a1:00:ee:7d:fd:aa:02:41:26:e1:af:
                    a1:1b:00:39:54:bc:70:32:9f:f4:40:c7:ce:13:08:
                    b2:59:91:3f:af:0d:1e:76:ac:56:62:02:e7:83:dc:
                    92:dc:3c:1e:fe:10:92:02:1d:7b:7c:ec:e6:c6:bd:
                    07:06:d9:25:02:48:0d:3a:1a:5a:d1:00:18:ef:24:
                    8f:00:3d:8b:22:7b:19:ed:b5:2f:2a:4e:e6:b9:59:
                    64:ef:10:ba:7c:4a:c5:72:70:7c:1e:5a:42:20:69:
                    25:2f:12:3d:04:c4:5b:4d:03:99:35:6d:0b:bc:e6:
                    d3:40:a0:70:2c:c1:3b:7a:27:8e:da:dc:ef:cb:20:
                    94:b8:ee:c0:fe:f6:cc:74:4b:a8:d9:bf:e5:34:f5:
                    6e:6d:70:0a:36:d4:f4:32:28:2d:11:6b:13:5f:83:
                    76:5e:76:9d:c7:04:8b:99:14:4e:1b:62:9e:3a:12:
                    88:a8:34:8c:fc:30:33:f5:5a:9f:bc:27:8d:10:b2:
                    c1:df:8e:8f:83:44:ce:a9:eb:90:a6:b9:30:e9:3b:
                    2b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9D:7D:E9:3D:C4:DB:52:F9:EE:D1:6F:FB:89:48:2A:8B:32:F3:F6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:c8:26:6d:60:9d:39:99:9b:cc:fd:b8:33:fb:5c:81:d6:b8:
         0a:a0:59:df:57:d2:52:e8:b8:e6:43:d9:be:8f:e3:31:18:43:
         9a:15:c7:00:45:b6:45:23:70:88:87:3b:14:35:bd:ac:c0:61:
         de:dc:e1:d5:65:21:03:9e:5f:42:42:23:36:1b:c5:41:b7:51:
         ce:ff:2b:e9:40:44:75:6f:55:68:99:88:44:6c:b6:9b:ea:81:
         5f:41:df:87:cb:06:54:6e:28:10:38:62:86:c3:7e:b5:15:fd:
         d9:87:36:a9:19:ec:b8:07:70:a8:6d:4b:a5:5c:01:06:51:e0:
         37:b1:ee:52:aa:06:60:a5:eb:d9:1b:64:54:d6:ed:1c:04:22:
         42:1a:24:f0:a4:ec:7b:b0:0a:b2:84:6b:ef:7b:e9:3e:73:d2:
         0d:b8:83:f6:be:86:1a:3c:93:90:4f:61:85:98:da:6d:00:6f:
         29:20:a4:98:74:70:b8:03:87:14:92:cf:40:bd:e8:f1:35:f4:
         61:b1:a9:05:96:14:f5:8e:c3:06:27:01:10:1f:7c:5a:2d:f4:
         b9:46:e9:a4:13:21:36:cc:8b:e4:7c:47:81:08:df:e7:0f:58:
         f7:97:f5:5c:bf:76:3c:0c:56:34:be:70:6e:5c:76:12:87:8a:
         65:ac:c8:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbvy0bGyMdrP54eAY1ganUtNjJxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTQxMjMzMTVaFw0yNDA3MTIxMjM4MTVaMDMxMTAvBgNV
BAMTKDJEOUQ3REU5M0RDNERCNTJGOUVFRDE2RkZCODk0ODJBOEIzMkYzRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRfWQZYxmFQzdhh64hASd7xEr
TSqGbnd2sYxwmliXMFWs11E33PUAax/ER0awctWhAO59/aoCQSbhr6EbADlUvHAy
n/RAx84TCLJZkT+vDR52rFZiAueD3JLcPB7+EJICHXt87ObGvQcG2SUCSA06GlrR
ABjvJI8APYsiexnttS8qTua5WWTvELp8SsVycHweWkIgaSUvEj0ExFtNA5k1bQu8
5tNAoHAswTt6J47a3O/LIJS47sD+9sx0S6jZv+U09W5tcAo21PQyKC0RaxNfg3Ze
dp3HBIuZFE4bYp46EoioNIz8MDP1Wp+8J40QssHfjo+DRM6p65CmuTDpOysXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULZ196T3E21L57tFv+4lIKosy8/YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2VW
MA0GCSqGSIb3DQEBCwUAA4IBAQADyCZtYJ05mZvM/bgz+1yB1rgKoFnfV9JS6Ljm
Q9m+j+MxGEOaFccARbZFI3CIhzsUNb2swGHe3OHVZSEDnl9CQiM2G8VBt1HO/yvp
QER1b1VomYhEbLab6oFfQd+HywZUbigQOGKGw361Ff3ZhzapGey4B3CobUulXAEG
UeA3se5SqgZgpevZG2RU1u0cBCJCGiTwpOx7sAqyhGvve+k+c9INuIP2voYaPJOQ
T2GFmNptAG8pIKSYdHC4A4cUks9AvejxNfRhsakFlhT1jsMGJwEQH3xaLfS5Rumk
EyE2zIvkfEeBCN/nD1j3l/Vcv3Y8DFY0vnBuXHYSh4plrMig
-----END CERTIFICATE-----