Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa
File:                     AS20648.roa (raw, json)
Hash identifier:          I0SEUP5yKMBn+VKyxuMnYIc0IMKpp+tM/xFmakwoC4s=
Subject key identifier:   72:BA:72:E0:BA:07:11:D0:B3:E3:B2:C2:5A:F6:D1:7B:DD:EB:5C:F8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5256C9283B46F84C1DD706282E135591C65D34BC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa
Signing time:             Thu 05 Dec 2024 11:46:12 +0000
ROA not before:           Thu 05 Dec 2024 11:41:12 +0000
ROA not after:            Thu 04 Dec 2025 11:46:12 +0000
asID:                     20648
IP address blocks:        191.101.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:56:c9:28:3b:46:f8:4c:1d:d7:06:28:2e:13:55:91:c6:5d:34:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec  5 11:41:12 2024 GMT
            Not After : Dec  4 11:46:12 2025 GMT
        Subject: CN=72BA72E0BA0711D0B3E3B2C25AF6D17BDDEB5CF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2c:9c:e3:83:56:9f:ac:fe:ad:f1:79:16:36:
                    3e:c9:2d:20:31:52:54:83:c5:7d:29:35:d7:d8:6a:
                    29:39:34:45:62:d5:78:51:32:2d:e1:1c:3e:fc:31:
                    9e:29:cb:b8:d3:be:b9:40:ce:ab:89:c3:c1:a3:6b:
                    c7:a7:78:93:68:8d:d8:93:c5:e5:4d:b1:ca:fc:62:
                    54:df:0a:48:42:13:2b:4f:76:b3:05:c1:6b:1e:9c:
                    3f:82:0f:f8:75:82:88:37:d5:85:6e:3e:97:2e:23:
                    e3:b2:e3:55:8c:45:fe:0b:e2:07:44:72:08:d9:37:
                    f4:1f:61:c0:50:36:bd:36:84:f1:5e:8e:51:07:23:
                    07:1c:96:f5:54:b4:73:8e:28:94:4c:c3:d4:a6:00:
                    44:9e:f6:84:72:53:c1:ae:b6:b0:e2:3e:e7:22:8b:
                    5f:6f:ad:69:66:e8:bb:79:49:7e:b2:6e:e2:95:74:
                    d0:20:0b:27:da:2e:9e:f4:e7:f5:7f:cc:f0:63:cf:
                    7f:2e:ec:36:ae:d5:b3:54:37:a4:14:c6:0b:9f:1b:
                    6b:da:b7:35:bb:ae:fe:77:d2:2b:b7:99:32:ea:46:
                    ab:e1:9a:b2:15:f5:84:1e:7d:16:5a:59:1b:65:9e:
                    f8:6e:b7:56:f8:f0:18:62:72:52:9b:0c:77:a5:17:
                    bb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BA:72:E0:BA:07:11:D0:B3:E3:B2:C2:5A:F6:D1:7B:DD:EB:5C:F8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:6b:70:a1:77:10:9b:f6:10:f7:ed:2d:2d:7f:1f:2e:e1:a9:
         ea:e3:b8:87:a5:ca:94:7a:bf:09:e5:6a:93:da:b6:ce:b1:ca:
         ec:d2:75:cb:38:bc:96:78:62:c4:4c:20:07:1f:10:a0:50:8d:
         56:a8:a8:6c:4b:44:c7:24:55:ca:fc:60:85:68:0e:6f:6a:9d:
         c2:f5:c2:e7:d9:b6:20:8c:37:aa:df:76:5e:f0:6e:0a:b9:42:
         b3:40:9a:5b:80:4a:b8:1f:6f:da:4c:3f:14:87:a5:0b:4f:48:
         cb:b8:d2:7b:d1:91:d0:4a:5d:7b:99:c2:e5:ee:44:29:ca:e2:
         06:3b:55:25:fc:79:1f:39:a5:79:f6:16:42:f0:1f:74:02:b2:
         e1:5d:a5:a0:a3:2b:2e:8e:81:2a:f1:b1:ff:dd:53:cc:72:0d:
         c8:6a:06:ba:7f:86:62:72:b6:e9:4c:ec:64:ed:9d:14:9b:ed:
         56:79:68:e9:d4:59:86:a8:c0:de:90:a1:04:79:49:48:1d:26:
         97:b7:99:7f:3e:55:27:1f:f5:10:4b:22:b8:e1:cb:be:b2:12:
         60:87:bc:66:4e:5a:54:b0:f3:c3:f0:b2:14:a4:a0:47:64:1a:
         24:10:8b:be:47:8b:4b:88:be:6d:1b:bd:ce:9c:79:28:43:fe:
         aa:1c:76:30
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUlbJKDtG+Ewd1wYoLhNVkcZdNLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMDUxMTQxMTJaFw0yNTEyMDQxMTQ2MTJaMDMxMTAvBgNV
BAMTKDcyQkE3MkUwQkEwNzExRDBCM0UzQjJDMjVBRjZEMTdCRERFQjVDRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNLJzjg1afrP6t8XkWNj7JLSAx
UlSDxX0pNdfYaik5NEVi1XhRMi3hHD78MZ4py7jTvrlAzquJw8Gja8eneJNojdiT
xeVNscr8YlTfCkhCEytPdrMFwWsenD+CD/h1gog31YVuPpcuI+Oy41WMRf4L4gdE
cgjZN/QfYcBQNr02hPFejlEHIwcclvVUtHOOKJRMw9SmAESe9oRyU8GutrDiPuci
i19vrWlm6Lt5SX6ybuKVdNAgCyfaLp705/V/zPBjz38u7Dau1bNUN6QUxgufG2va
tzW7rv530iu3mTLqRqvhmrIV9YQefRZaWRtlnvhut1b48BhiclKbDHelF7t7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUcrpy4LoHEdCz47LCWvbRe93rXPgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2NDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZfQw
DQYJKoZIhvcNAQELBQADggEBAFprcKF3EJv2EPftLS1/Hy7hqerjuIelypR6vwnl
apPats6xyuzSdcs4vJZ4YsRMIAcfEKBQjVaoqGxLRMckVcr8YIVoDm9qncL1wufZ
tiCMN6rfdl7wbgq5QrNAmluASrgfb9pMPxSHpQtPSMu40nvRkdBKXXuZwuXuRCnK
4gY7VSX8eR85pXn2FkLwH3QCsuFdpaCjKy6OgSrxsf/dU8xyDchqBrp/hmJytulM
7GTtnRSb7VZ5aOnUWYaowN6QoQR5SUgdJpe3mX8+VScf9RBLIrjhy76yEmCHvGZO
WlSw88PwshSkoEdkGiQQi75Hi0uIvm0bvc6ceShD/qocdjA=
-----END CERTIFICATE-----