Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
File:                     AS205771.roa (raw, json)
Hash identifier:          DH/JJwMjCXpOPPN9hOmchR5S+K08bLFwqlE1nVIJwOE=
Subject key identifier:   28:8C:05:04:07:90:9C:41:4B:49:40:E7:C8:F7:77:0A:72:88:F9:EE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41ADAD290723FFDB7E18B56E1851ED4D220FAFB2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa
Signing time:             Mon 01 Apr 2024 00:05:14 +0000
ROA not before:           Mon 01 Apr 2024 00:00:14 +0000
ROA not after:            Mon 31 Mar 2025 00:05:14 +0000
asID:                     205771
IP address blocks:        191.101.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ad:ad:29:07:23:ff:db:7e:18:b5:6e:18:51:ed:4d:22:0f:af:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  1 00:00:14 2024 GMT
            Not After : Mar 31 00:05:14 2025 GMT
        Subject: CN=288C050407909C414B4940E7C8F7770A7288F9EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:65:be:9b:04:a9:1b:ff:48:7b:b1:14:e1:2f:
                    b1:62:dd:7e:64:8e:93:b4:f1:84:e7:e6:bd:3f:55:
                    65:bf:33:55:cb:bd:73:aa:26:e3:81:db:34:33:be:
                    14:85:25:1d:c4:01:2a:f7:7b:4a:17:60:be:f9:3d:
                    d8:c7:42:8a:d6:78:fc:4f:ff:b0:7d:a5:84:56:d7:
                    ed:42:6f:fe:d4:34:62:ce:09:f4:fc:fc:c0:11:c5:
                    3e:2f:17:6b:77:8d:ec:28:01:54:8f:63:68:67:c6:
                    3d:d3:77:4f:57:f1:af:44:fd:aa:26:7a:4b:86:8c:
                    e6:bf:66:52:7e:1c:29:93:14:18:a7:bf:1e:b8:19:
                    d9:28:5f:9d:20:8d:ef:02:d5:eb:a8:ca:bb:e9:b1:
                    55:f4:48:bb:89:dc:0b:25:ff:6a:30:b3:3f:4a:4f:
                    17:fb:77:6e:16:ae:20:99:2a:5c:92:8b:b5:77:d7:
                    e2:74:60:f9:c3:b1:dc:7b:b9:42:17:29:cb:3e:46:
                    bc:b5:90:66:7b:71:d4:62:c2:b0:5b:25:cb:0a:5d:
                    a9:25:e7:85:f2:14:09:ff:60:52:08:3f:63:65:ce:
                    ad:8a:83:a8:7e:de:e4:67:5b:18:bd:9c:f2:3f:fa:
                    39:ee:f8:a0:56:db:0e:00:9c:77:e3:51:b0:f7:54:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:8C:05:04:07:90:9C:41:4B:49:40:E7:C8:F7:77:0A:72:88:F9:EE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:80:0d:bb:1a:ed:c7:c2:cc:6b:a1:e4:54:52:b4:4a:36:cf:
         14:f5:dc:72:7c:24:5d:95:ec:ac:8b:2e:66:55:df:d0:c9:5c:
         72:de:f2:5f:f9:0e:ef:44:90:1a:4c:96:e8:50:15:12:5f:6e:
         57:a3:d4:5c:f6:da:a8:39:7e:06:ef:3e:d4:1a:e6:c4:fc:bb:
         a9:37:d4:d2:c3:fa:ea:dd:3e:2d:9d:8c:18:b1:50:3d:f8:54:
         8a:df:5b:ab:e2:dd:2a:59:9a:bb:fb:63:9a:1a:05:19:32:30:
         0c:b7:45:8c:a7:65:55:20:92:e1:81:ca:d8:1a:4b:b1:06:3e:
         e5:54:2f:26:47:2a:fc:d9:81:5f:d4:80:af:e9:85:90:a6:4b:
         bf:eb:57:fa:9f:4b:a1:74:ca:7f:82:7a:e4:22:2b:90:f2:0b:
         ab:00:1d:1f:0e:67:14:d0:b0:d2:94:a1:b1:34:d6:c0:0a:5e:
         19:43:14:17:38:15:f0:e1:33:ad:4f:86:2b:83:d5:13:40:a3:
         d6:82:0d:41:0a:72:e9:64:8b:82:eb:f3:0f:c7:79:60:f7:d0:
         be:cc:0e:ae:be:41:2b:e7:39:ae:8e:5e:90:ed:31:17:31:43:
         87:d6:e0:28:2a:0d:60:1e:dd:fe:30:bb:70:73:74:3d:45:a0:
         92:8f:88:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQa2tKQcj/9t+GLVuGFHtTSIPr7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDEwMDAwMTRaFw0yNTAzMzEwMDA1MTRaMDMxMTAvBgNV
BAMTKDI4OEMwNTA0MDc5MDlDNDE0QjQ5NDBFN0M4Rjc3NzBBNzI4OEY5RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTZb6bBKkb/0h7sRThL7Fi3X5k
jpO08YTn5r0/VWW/M1XLvXOqJuOB2zQzvhSFJR3EASr3e0oXYL75PdjHQorWePxP
/7B9pYRW1+1Cb/7UNGLOCfT8/MARxT4vF2t3jewoAVSPY2hnxj3Td09X8a9E/aom
ekuGjOa/ZlJ+HCmTFBinvx64GdkoX50gje8C1euoyrvpsVX0SLuJ3Asl/2owsz9K
Txf7d24WriCZKlySi7V31+J0YPnDsdx7uUIXKcs+Rry1kGZ7cdRiwrBbJcsKXakl
54XyFAn/YFIIP2Nlzq2Kg6h+3uRnWxi9nPI/+jnu+KBW2w4AnHfjUbD3VMqBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKIwFBAeQnEFLSUDnyPd3CnKI+e4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UY
MA0GCSqGSIb3DQEBCwUAA4IBAQBSgA27Gu3HwsxroeRUUrRKNs8U9dxyfCRdleys
iy5mVd/QyVxy3vJf+Q7vRJAaTJboUBUSX25Xo9Rc9tqoOX4G7z7UGubE/LupN9TS
w/rq3T4tnYwYsVA9+FSK31ur4t0qWZq7+2OaGgUZMjAMt0WMp2VVIJLhgcrYGkux
Bj7lVC8mRyr82YFf1ICv6YWQpku/61f6n0uhdMp/gnrkIiuQ8gurAB0fDmcU0LDS
lKGxNNbACl4ZQxQXOBXw4TOtT4Yrg9UTQKPWgg1BCnLpZIuC6/MPx3lg99C+zA6u
vkEr5zmujl6Q7TEXMUOH1uAoKg1gHt3+MLtwc3Q9RaCSj4g1
-----END CERTIFICATE-----