Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
File:                     AS20141.roa (raw, json)
Hash identifier:          ulW/xfH/ZTBTLRC+rGJeCqOqX0ZU9nLiANGcn8/7ulA=
Subject key identifier:   D0:53:07:DC:34:10:9A:2D:3B:FE:58:26:DE:59:E1:37:CC:57:5C:E6
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       761D94A58A182DEB2F0EC5DCF6721798E4A6C22D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa
Signing time:             Tue 13 Jun 2023 16:58:54 +0000
ROA not before:           Tue 13 Jun 2023 16:53:54 +0000
ROA not after:            Tue 11 Jun 2024 16:58:54 +0000
asID:                     20141
IP address blocks:        191.96.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1d:94:a5:8a:18:2d:eb:2f:0e:c5:dc:f6:72:17:98:e4:a6:c2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 13 16:53:54 2023 GMT
            Not After : Jun 11 16:58:54 2024 GMT
        Subject: CN=D05307DC34109A2D3BFE5826DE59E137CC575CE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4c:57:69:2c:e5:4b:71:71:ca:88:b4:8e:42:
                    f7:33:c5:13:67:01:77:c1:ff:b5:a1:5c:86:25:f9:
                    10:22:a8:fb:19:ba:8d:0f:23:39:ea:ff:4f:9c:89:
                    15:c8:df:e8:91:fb:01:08:5b:60:1f:d9:1b:c4:0a:
                    f7:91:69:a7:1f:14:c6:76:23:2c:97:f6:68:d9:28:
                    c0:d5:dc:ae:ed:7a:b2:0f:03:31:3d:92:9b:15:68:
                    47:3d:7b:86:57:dd:a0:b8:7e:ba:a7:8e:3f:74:00:
                    8e:f3:30:c9:c8:cd:4f:eb:84:66:74:23:5b:72:c4:
                    01:70:90:0f:3e:e3:90:9f:1e:af:05:d0:1d:38:2b:
                    51:5d:bd:c5:86:14:e2:a4:b7:7f:48:8f:14:b9:d3:
                    d3:f9:4a:ea:d1:1f:f7:0c:63:c4:48:f3:11:05:f3:
                    81:f1:4d:84:7d:ab:13:b1:0a:46:37:8d:5f:fd:9b:
                    41:50:af:76:c8:6c:8e:66:ae:30:67:ab:c9:0e:c4:
                    1b:4c:d0:25:25:32:f4:ea:89:1b:40:57:76:32:2f:
                    b2:ef:5b:36:41:03:69:f3:c2:76:5b:5d:46:25:84:
                    12:41:4d:de:7e:8d:83:af:79:31:e9:c7:15:57:ae:
                    8a:c2:25:93:27:d5:a0:70:f1:1e:86:ed:9b:9f:ed:
                    9d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:53:07:DC:34:10:9A:2D:3B:FE:58:26:DE:59:E1:37:CC:57:5C:E6
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f8:0b:b3:df:36:b6:fa:c7:48:4c:da:20:2f:aa:06:cc:dc:
         d5:1b:a2:93:a1:c0:77:c1:6a:54:64:03:02:a7:cd:ee:7f:64:
         de:19:ef:7b:49:df:d5:cf:0b:35:a2:15:cc:30:63:ae:68:72:
         1c:35:ed:1c:c5:c4:8f:f4:da:ba:02:55:67:c5:dc:38:2d:4f:
         ed:a1:52:64:37:0d:ee:d3:ed:1e:f7:53:d8:a2:a9:35:f4:86:
         dd:a3:df:fd:66:8f:a8:c6:f3:86:d0:bf:3a:33:82:7e:29:c0:
         52:67:b8:b1:9a:4b:d5:95:1b:8d:47:54:72:11:b2:3f:a4:3f:
         12:de:c0:2c:fd:e0:e6:7e:f0:18:07:62:72:3c:50:69:e7:49:
         64:9e:7e:33:86:0a:ca:91:9f:97:9d:a2:f6:a1:b3:c0:ef:92:
         11:6a:25:07:c1:a8:59:af:f0:a0:59:f4:65:17:98:73:80:a4:
         37:13:43:34:b7:97:17:02:08:08:1e:7e:a1:57:00:34:44:5b:
         07:87:bf:72:26:d9:b7:e5:fa:b3:9a:10:ce:d6:0e:70:55:aa:
         df:e2:63:4b:2e:9c:47:fd:c1:98:f1:bd:b6:f9:00:10:aa:c5:
         aa:e2:a6:6e:ad:34:15:f5:51:c6:20:3c:13:2f:2c:27:4e:88:
         ca:c8:f7:eb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdh2UpYoYLesvDsXc9nIXmOSmwi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MTMxNjUzNTRaFw0yNDA2MTExNjU4NTRaMDMxMTAvBgNV
BAMTKEQwNTMwN0RDMzQxMDlBMkQzQkZFNTgyNkRFNTlFMTM3Q0M1NzVDRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJTFdpLOVLcXHKiLSOQvczxRNn
AXfB/7WhXIYl+RAiqPsZuo0PIznq/0+ciRXI3+iR+wEIW2Af2RvECveRaacfFMZ2
IyyX9mjZKMDV3K7terIPAzE9kpsVaEc9e4ZX3aC4frqnjj90AI7zMMnIzU/rhGZ0
I1tyxAFwkA8+45CfHq8F0B04K1FdvcWGFOKkt39IjxS509P5SurRH/cMY8RI8xEF
84HxTYR9qxOxCkY3jV/9m0FQr3bIbI5mrjBnq8kOxBtM0CUlMvTqiRtAV3YyL7Lv
WzZBA2nzwnZbXUYlhBJBTd5+jYOveTHpxxVXrorCJZMn1aBw8R6G7Zuf7Z3hAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU0FMH3DQQmi07/lgm3lnhN8xXXOYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxNDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/YFow
DQYJKoZIhvcNAQELBQADggEBAE74C7PfNrb6x0hM2iAvqgbM3NUbopOhwHfBalRk
AwKnze5/ZN4Z73tJ39XPCzWiFcwwY65ochw17RzFxI/02roCVWfF3DgtT+2hUmQ3
De7T7R73U9iiqTX0ht2j3/1mj6jG84bQvzozgn4pwFJnuLGaS9WVG41HVHIRsj+k
PxLewCz94OZ+8BgHYnI8UGnnSWSefjOGCsqRn5edovahs8DvkhFqJQfBqFmv8KBZ
9GUXmHOApDcTQzS3lxcCCAgefqFXADREWweHv3Im2bfl+rOaEM7WDnBVqt/iY0su
nEf9wZjxvbb5ABCqxaripm6tNBX1UcYgPBMvLCdOiMrI9+s=
-----END CERTIFICATE-----