Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
File:                     AS204914.roa (raw, json)
Hash identifier:          1nGxg5r3pQ7C9w0iz5Mry+GxLdVZ/oaThBevXyc8QDc=
Subject key identifier:   13:69:E5:D9:C3:A4:B7:E8:AA:BF:5F:A1:A2:8A:09:BB:91:DE:41:50
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2AA1F026093FD47B0297F93ECEFBC30DA66D046B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
Signing time:             Sun 09 Jul 2023 10:19:04 +0000
ROA not before:           Sun 09 Jul 2023 10:14:04 +0000
ROA not after:            Sun 07 Jul 2024 10:19:04 +0000
asID:                     204914
IP address blocks:        2.57.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:a1:f0:26:09:3f:d4:7b:02:97:f9:3e:ce:fb:c3:0d:a6:6d:04:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  9 10:14:04 2023 GMT
            Not After : Jul  7 10:19:04 2024 GMT
        Subject: CN=1369E5D9C3A4B7E8AABF5FA1A28A09BB91DE4150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:27:dd:58:6d:63:88:d6:dc:bb:2f:bd:98:0a:
                    e7:b5:da:8d:6e:ad:4b:5b:f5:a2:4d:86:82:97:05:
                    f3:4c:f1:28:e0:94:63:89:6a:be:c8:55:b7:f1:4f:
                    01:fe:05:87:23:56:ac:40:d4:68:d6:24:cf:54:7f:
                    75:6c:2c:f6:f1:78:8c:c1:b9:58:e2:6c:bc:26:30:
                    54:81:8f:d5:0a:83:37:fb:f9:00:75:b2:99:60:92:
                    18:3d:a2:e1:23:9e:83:f2:3d:64:bb:64:c8:d7:c0:
                    1a:b3:ba:15:c5:2a:05:6c:d3:32:b1:4b:73:02:20:
                    2e:9b:03:d4:3f:bf:7c:4d:be:3a:98:16:ed:21:34:
                    f5:ad:f1:b7:ba:63:4c:4d:05:3f:f9:47:ce:51:af:
                    10:74:d9:ca:0f:1f:fc:3c:c0:e0:be:2d:f5:2b:cb:
                    76:25:09:4e:59:cf:fc:cb:22:5b:a7:0c:43:2d:64:
                    dd:09:bb:26:90:8a:66:fb:a1:d0:31:7f:46:d6:5e:
                    48:40:31:82:b5:17:d3:71:c7:62:aa:05:f6:62:6d:
                    85:a9:c7:2a:d1:81:ba:c5:16:e5:30:1c:9d:aa:bb:
                    bd:0e:37:2a:f5:b5:6c:52:8b:33:0b:ff:1a:f5:3f:
                    e9:0f:cc:e1:fb:dc:22:6f:11:85:f1:57:dc:bb:4b:
                    51:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:69:E5:D9:C3:A4:B7:E8:AA:BF:5F:A1:A2:8A:09:BB:91:DE:41:50
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:8c:8e:81:20:6b:fa:cf:95:30:96:e2:7f:75:f0:a8:e5:63:
         47:6a:eb:2b:f7:61:d5:c9:0e:5c:3f:25:b3:41:ee:8d:f3:8c:
         37:e3:c8:76:8b:f1:0b:3a:18:8d:5a:85:8c:4a:ae:45:9c:c4:
         ab:b0:a0:00:b7:52:f2:d1:21:69:ee:53:11:11:37:97:49:6f:
         6e:53:64:ee:54:43:42:0b:92:2c:92:51:bc:8d:3f:6a:ef:53:
         e6:d8:a0:61:e4:5f:97:28:02:26:8a:08:42:0b:40:15:84:e9:
         95:72:f1:43:ba:4b:e4:6c:2a:87:97:43:07:bf:0f:c8:b7:d7:
         1e:03:af:bb:35:d0:bd:3c:3a:a1:0c:10:ed:0d:77:ca:72:3f:
         c2:41:e1:5d:d9:a3:eb:24:5c:b6:18:d2:a8:ee:b1:1f:18:07:
         c4:b6:2a:3f:08:93:0d:61:08:bc:9c:7e:99:da:b4:b6:8c:bb:
         01:cc:51:71:5e:68:59:1b:33:c6:06:05:9d:98:88:e2:e5:d9:
         e6:98:ae:9f:14:b0:20:b9:f6:e8:e8:ec:b5:e1:e8:29:fa:74:
         3f:98:2b:4d:ef:61:3b:35:cc:fd:4a:ff:be:ea:22:cc:bc:24:
         c2:06:83:5d:e0:30:eb:1b:30:3f:f9:97:35:1a:0d:28:b7:d6:
         3d:3d:51:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKqHwJgk/1HsCl/k+zvvDDaZtBGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MDkxMDE0MDRaFw0yNDA3MDcxMDE5MDRaMDMxMTAvBgNV
BAMTKDEzNjlFNUQ5QzNBNEI3RThBQUJGNUZBMUEyOEEwOUJCOTFERTQxNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaJ91YbWOI1ty7L72YCue12o1u
rUtb9aJNhoKXBfNM8SjglGOJar7IVbfxTwH+BYcjVqxA1GjWJM9Uf3VsLPbxeIzB
uVjibLwmMFSBj9UKgzf7+QB1splgkhg9ouEjnoPyPWS7ZMjXwBqzuhXFKgVs0zKx
S3MCIC6bA9Q/v3xNvjqYFu0hNPWt8be6Y0xNBT/5R85RrxB02coPH/w8wOC+LfUr
y3YlCU5Zz/zLIlunDEMtZN0JuyaQimb7odAxf0bWXkhAMYK1F9Nxx2KqBfZibYWp
xyrRgbrFFuUwHJ2qu70ONyr1tWxSizML/xr1P+kPzOH73CJvEYXxV9y7S1H1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUE2nl2cOkt+iqv1+hoooJu5HeQVAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkT
MA0GCSqGSIb3DQEBCwUAA4IBAQCYjI6BIGv6z5UwluJ/dfCo5WNHausr92HVyQ5c
PyWzQe6N84w348h2i/ELOhiNWoWMSq5FnMSrsKAAt1Ly0SFp7lMRETeXSW9uU2Tu
VENCC5IsklG8jT9q71Pm2KBh5F+XKAImighCC0AVhOmVcvFDukvkbCqHl0MHvw/I
t9ceA6+7NdC9PDqhDBDtDXfKcj/CQeFd2aPrJFy2GNKo7rEfGAfEtio/CJMNYQi8
nH6Z2rS2jLsBzFFxXmhZGzPGBgWdmIji5dnmmK6fFLAgufbo6Oy14egp+nQ/mCtN
72E7Ncz9Sv++6iLMvCTCBoNd4DDrGzA/+Zc1Gg0ot9Y9PVF3
-----END CERTIFICATE-----