Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
File:                     AS20771.roa (raw, json)
Hash identifier:          iCAFYMnN4+XRuYx4orN8Z1Bug8S5CGE9K3z4+xWPXBk=
Subject key identifier:   DD:93:06:49:82:C8:68:78:3F:05:93:2B:A8:7A:4A:AA:B5:D3:73:3E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       740C3A4296ED84294072F3D7B9E8AF841427282B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
Signing time:             Wed 31 Jan 2024 08:05:11 +0000
ROA not before:           Wed 31 Jan 2024 08:00:11 +0000
ROA not after:            Wed 29 Jan 2025 08:05:11 +0000
asID:                     20771
IP address blocks:        109.106.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:0c:3a:42:96:ed:84:29:40:72:f3:d7:b9:e8:af:84:14:27:28:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:11 2024 GMT
            Not After : Jan 29 08:05:11 2025 GMT
        Subject: CN=DD93064982C868783F05932BA87A4AAAB5D3733E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:84:5b:96:10:7e:f5:6f:63:00:da:6a:77:8e:
                    71:dc:47:25:fe:4c:c9:07:71:30:41:26:e2:f3:e6:
                    58:34:b6:3e:92:72:8f:f1:dc:6f:07:a4:3d:b0:4c:
                    5b:63:1d:28:94:0b:0d:6c:e2:18:f9:ad:c9:86:c0:
                    08:36:51:e7:58:e0:af:72:fe:e3:24:57:21:8a:92:
                    f6:0e:2a:fe:0e:e5:e3:8a:42:38:87:7e:4a:7f:be:
                    a6:fd:eb:33:d7:82:61:3d:6d:a2:ef:57:e2:f8:2a:
                    74:04:b3:90:f3:75:2c:de:70:8c:5b:93:94:4e:56:
                    50:c3:78:40:b6:cc:0f:00:03:97:1e:72:c0:ac:21:
                    52:7b:16:46:25:8e:f1:2c:99:5f:0e:b2:b9:88:ed:
                    29:da:76:70:6c:19:7e:55:68:e1:33:81:29:61:c5:
                    fc:49:28:e8:4f:95:4b:12:76:27:5c:f4:a2:fb:dd:
                    40:0f:f8:55:51:46:0c:97:cf:b7:fd:6f:02:62:60:
                    7d:a9:e8:61:81:28:dc:a0:d0:53:89:01:35:33:c7:
                    a5:20:92:31:7d:27:38:84:b2:70:e7:74:c1:87:c9:
                    26:c3:4b:10:c9:1f:10:26:f7:66:c3:a9:09:05:bd:
                    6d:0f:bd:00:d6:1f:c8:85:e2:48:c8:1f:f9:6f:c9:
                    e1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:93:06:49:82:C8:68:78:3F:05:93:2B:A8:7A:4A:AA:B5:D3:73:3E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:9a:8a:b8:8e:24:19:2d:87:35:cb:5d:7c:a5:54:4e:5a:3a:
         fb:7e:5c:a6:e3:f9:8b:5d:59:f2:9f:21:52:5b:3a:9a:31:bb:
         66:c5:ca:33:ac:59:1c:15:ba:0a:b0:87:28:6f:84:0a:a5:83:
         e3:3c:48:93:18:7b:c6:71:19:79:22:8c:75:b2:ad:f8:68:bc:
         e0:06:05:3e:dc:9b:d3:ba:48:19:06:2e:f9:78:b0:bd:30:92:
         d0:60:5c:1a:db:9d:a7:97:9e:13:35:92:20:02:e0:eb:d5:a8:
         64:49:6a:48:f0:fd:78:3f:95:a9:07:d2:ee:c8:27:05:1a:67:
         ad:c7:40:4c:ba:a8:8e:07:2b:23:2e:54:83:29:e4:64:1b:98:
         70:3b:22:62:45:22:64:a1:c2:52:ad:a8:0c:d1:d2:18:65:0b:
         f0:1d:75:8d:31:79:71:47:72:dc:5a:0d:71:a6:c0:3e:81:68:
         d7:e5:72:c3:a6:b2:03:fe:48:eb:3e:3c:37:c6:b4:5b:72:89:
         d8:58:8b:46:88:11:f5:d8:71:3a:16:ed:c7:3e:42:72:99:e6:
         ba:c9:75:a7:9d:6b:aa:50:e1:30:9b:35:4f:ac:14:23:31:b5:
         1f:17:2c:9c:b5:77:9c:aa:3e:c0:ef:d7:bb:02:ee:0d:b9:60:
         a5:99:ea:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdAw6QpbthClAcvPXueivhBQnKCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTFaFw0yNTAxMjkwODA1MTFaMDMxMTAvBgNV
BAMTKEREOTMwNjQ5ODJDODY4NzgzRjA1OTMyQkE4N0E0QUFBQjVEMzczM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMhFuWEH71b2MA2mp3jnHcRyX+
TMkHcTBBJuLz5lg0tj6Sco/x3G8HpD2wTFtjHSiUCw1s4hj5rcmGwAg2UedY4K9y
/uMkVyGKkvYOKv4O5eOKQjiHfkp/vqb96zPXgmE9baLvV+L4KnQEs5DzdSzecIxb
k5ROVlDDeEC2zA8AA5cecsCsIVJ7FkYljvEsmV8OsrmI7SnadnBsGX5VaOEzgSlh
xfxJKOhPlUsSdidc9KL73UAP+FVRRgyXz7f9bwJiYH2p6GGBKNyg0FOJATUzx6Ug
kjF9JziEsnDndMGHySbDSxDJHxAm92bDqQkFvW0PvQDWH8iF4kjIH/lvyeFTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU3ZMGSYLIaHg/BZMrqHpKqrXTcz4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3NzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtagAw
DQYJKoZIhvcNAQELBQADggEBAKKairiOJBkthzXLXXylVE5aOvt+XKbj+YtdWfKf
IVJbOpoxu2bFyjOsWRwVugqwhyhvhAqlg+M8SJMYe8ZxGXkijHWyrfhovOAGBT7c
m9O6SBkGLvl4sL0wktBgXBrbnaeXnhM1kiAC4OvVqGRJakjw/Xg/lakH0u7IJwUa
Z63HQEy6qI4HKyMuVIMp5GQbmHA7ImJFImShwlKtqAzR0hhlC/AddY0xeXFHctxa
DXGmwD6BaNflcsOmsgP+SOs+PDfGtFtyidhYi0aIEfXYcToW7cc+QnKZ5rrJdaed
a6pQ4TCbNU+sFCMxtR8XLJy1d5yqPsDv17sC7g25YKWZ6qs=
-----END CERTIFICATE-----