Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          8qt3uQV2GvqTjXHGDmgLOb50bc4asohGr1+/CFkkIz4=
Subject key identifier:   43:F8:64:1E:D1:91:17:C2:2F:38:33:A4:2E:30:9B:60:CC:E4:45:EA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       75338EE9B2BC27757F18B046D831BB9DB4246345
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
Signing time:             Thu 07 Dec 2023 09:41:35 +0000
ROA not before:           Thu 07 Dec 2023 09:36:35 +0000
ROA not after:            Thu 05 Dec 2024 09:41:35 +0000
asID:                     202662
IP address blocks:        191.96.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:33:8e:e9:b2:bc:27:75:7f:18:b0:46:d8:31:bb:9d:b4:24:63:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  7 09:36:35 2023 GMT
            Not After : Dec  5 09:41:35 2024 GMT
        Subject: CN=43F8641ED19117C22F3833A42E309B60CCE445EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:02:96:1c:19:2d:7b:d2:54:93:6b:87:ef:48:
                    63:e4:b0:d0:2a:b6:c7:56:dc:a7:66:51:9d:15:cb:
                    d7:2b:39:d7:d4:e8:5a:73:9e:e5:16:e2:57:d2:fb:
                    b0:bf:2d:8e:6b:b0:57:bb:be:fb:b3:13:d4:13:15:
                    4d:8f:51:ed:73:f5:8f:24:04:bb:81:9d:69:89:56:
                    cd:05:bb:e0:ce:9b:3f:06:12:5c:19:06:51:0e:a6:
                    b8:94:7b:66:0b:79:9b:ff:6a:24:be:d5:f6:c7:51:
                    43:c1:fd:5d:fb:7c:07:90:5d:ec:f2:2a:d8:57:15:
                    61:95:11:6d:ca:25:49:63:25:68:5f:0d:90:36:98:
                    ca:e2:bd:02:c2:e8:f3:ce:9d:06:25:f2:94:28:54:
                    38:f6:54:66:82:e7:3b:a5:29:b7:b7:bf:d6:c2:d5:
                    9d:4c:6f:96:1b:5e:f5:7c:05:68:4b:db:7b:17:f7:
                    56:b1:f4:68:13:3b:84:19:56:6a:0a:64:93:f1:5b:
                    15:3a:3a:e9:8e:71:7e:35:8a:28:f3:53:bc:41:27:
                    c0:4d:72:49:1e:b2:58:95:05:50:1d:4b:ee:09:c6:
                    7e:52:05:4c:d7:b2:c0:04:a9:9e:01:89:85:25:02:
                    76:c8:a0:de:34:c4:aa:6f:72:7f:25:23:98:4f:bb:
                    4c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F8:64:1E:D1:91:17:C2:2F:38:33:A4:2E:30:9B:60:CC:E4:45:EA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:2d:f1:d3:32:86:95:6e:cb:08:7e:8f:1d:35:03:79:f4:41:
         96:70:61:ff:de:04:07:15:e0:5f:8b:65:ae:03:40:a5:4d:cf:
         54:53:c9:a4:31:c1:20:ec:0b:7f:c2:77:ff:0b:9d:35:85:e7:
         f7:13:2c:97:06:7d:ed:ba:2e:1d:3b:4b:ff:f7:36:2a:2f:e5:
         59:0e:ec:2d:31:a9:56:1f:da:84:9b:96:39:92:f3:8e:4c:8b:
         6c:a2:20:a0:1c:00:62:fa:6d:d5:23:dd:0b:06:c0:a7:d4:08:
         4b:6e:47:6c:5b:71:82:be:d8:6b:13:6d:85:1c:33:53:c0:80:
         0b:ee:24:66:79:df:56:fe:ee:bb:04:05:67:ca:92:6c:8c:b3:
         75:74:e1:b8:32:8e:4e:12:79:ed:29:b3:09:51:c4:6f:bc:35:
         eb:e1:57:11:08:ba:95:e8:54:eb:a9:3b:4f:86:8f:15:45:39:
         21:c2:ad:35:49:e0:c7:cc:e0:cc:b5:a7:56:0f:1f:cc:6c:a1:
         05:0b:a2:82:53:a1:1c:37:4b:8d:da:30:d0:5d:36:9d:c5:27:
         50:14:8c:63:f0:30:05:ab:d8:7a:c2:79:5d:6d:08:9b:69:0f:
         9d:3d:ff:6c:69:a1:4b:2c:d4:27:4a:d7:fc:85:ac:15:96:18:
         e4:db:16:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdTOO6bK8J3V/GLBG2DG7nbQkY0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzEyMDcwOTM2MzVaFw0yNDEyMDUwOTQxMzVaMDMxMTAvBgNV
BAMTKDQzRjg2NDFFRDE5MTE3QzIyRjM4MzNBNDJFMzA5QjYwQ0NFNDQ1RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtApYcGS170lSTa4fvSGPksNAq
tsdW3KdmUZ0Vy9crOdfU6FpznuUW4lfS+7C/LY5rsFe7vvuzE9QTFU2PUe1z9Y8k
BLuBnWmJVs0Fu+DOmz8GElwZBlEOpriUe2YLeZv/aiS+1fbHUUPB/V37fAeQXezy
KthXFWGVEW3KJUljJWhfDZA2mMrivQLC6PPOnQYl8pQoVDj2VGaC5zulKbe3v9bC
1Z1Mb5YbXvV8BWhL23sX91ax9GgTO4QZVmoKZJPxWxU6OumOcX41iijzU7xBJ8BN
ckkesliVBVAdS+4Jxn5SBUzXssAEqZ4BiYUlAnbIoN40xKpvcn8lI5hPu0xjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQ/hkHtGRF8IvODOkLjCbYMzkReowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQAzLfHTMoaVbssIfo8dNQN59EGWcGH/3gQHFeBf
i2WuA0ClTc9UU8mkMcEg7At/wnf/C501hef3EyyXBn3tui4dO0v/9zYqL+VZDuwt
MalWH9qEm5Y5kvOOTItsoiCgHABi+m3VI90LBsCn1AhLbkdsW3GCvthrE22FHDNT
wIAL7iRmed9W/u67BAVnypJsjLN1dOG4Mo5OEnntKbMJUcRvvDXr4VcRCLqV6FTr
qTtPho8VRTkhwq01SeDHzODMtadWDx/MbKEFC6KCU6EcN0uN2jDQXTadxSdQFIxj
8DAFq9h6wnldbQibaQ+dPf9saaFLLNQnStf8hawVlhjk2xYN
-----END CERTIFICATE-----