Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
File:                     AS20771.roa (raw, json)
Hash identifier:          vPM7Opn3qv3hFClSvuKO9pb5wziaWBvPlGnimLRVHqY=
Subject key identifier:   05:E9:FB:06:50:DE:2C:11:72:60:65:3B:5F:40:F3:97:9C:B2:F5:68
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2CF1F81B31726FCE13CEB2ED83E6EB08455731B6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa
Signing time:             Wed 01 Jan 2025 08:53:51 +0000
ROA not before:           Wed 01 Jan 2025 08:48:51 +0000
ROA not after:            Wed 31 Dec 2025 08:53:51 +0000
asID:                     20771
IP address blocks:        109.106.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:f1:f8:1b:31:72:6f:ce:13:ce:b2:ed:83:e6:eb:08:45:57:31:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:51 2025 GMT
            Not After : Dec 31 08:53:51 2025 GMT
        Subject: CN=05E9FB0650DE2C117260653B5F40F3979CB2F568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:29:94:e6:a6:9c:40:a8:d2:90:76:c1:43:80:
                    34:3c:a8:cf:23:9d:a2:6a:80:4d:c9:62:3f:9d:74:
                    16:37:e6:84:95:93:ff:2b:ee:4d:72:27:9a:f3:0d:
                    4b:da:18:66:5c:3e:9d:eb:9b:a3:8d:86:1b:12:f5:
                    16:24:b1:d7:74:b6:0a:bd:9e:5d:f4:7b:ea:df:b7:
                    c1:13:1b:f7:44:d6:52:06:dc:cc:ae:e6:b7:04:77:
                    ed:ff:46:ee:fe:d2:45:83:b3:32:2e:3f:b4:13:ef:
                    d0:97:d9:2a:ad:c0:31:88:ec:75:60:ea:ea:1d:00:
                    59:d6:3c:13:80:67:ba:7d:c6:3a:03:5e:30:5c:cd:
                    4e:0d:a0:94:5f:c2:38:03:a4:87:af:4b:5f:d6:7f:
                    19:f1:9d:ff:d4:a2:35:bc:e7:73:6b:96:fb:49:05:
                    2e:03:91:d6:7b:31:52:8e:ea:30:f8:75:2d:05:80:
                    18:11:82:91:c9:d0:19:a4:8b:8b:5a:85:31:2a:e9:
                    4b:49:e1:a5:80:ba:e4:7d:07:86:8c:79:7a:66:0c:
                    74:c0:4d:0d:e6:48:3a:c9:3d:39:98:2d:05:c5:57:
                    26:ee:21:b0:4b:37:90:eb:dd:55:6f:26:b2:f0:77:
                    23:48:77:5f:90:8e:b8:d9:db:f2:ec:f7:48:a8:57:
                    51:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E9:FB:06:50:DE:2C:11:72:60:65:3B:5F:40:F3:97:9C:B2:F5:68
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS20771.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:37:42:d8:7c:e8:3c:e1:f7:62:03:42:4d:e3:b3:99:85:1d:
         89:99:c6:52:1b:f5:e0:e3:bc:9d:ed:34:a5:d5:56:66:a0:62:
         ae:58:4d:03:68:63:0d:f1:5c:47:d1:d4:ef:70:bd:03:fd:9a:
         d0:92:73:fd:fa:4b:03:2c:4e:96:64:ef:30:3b:cd:eb:d6:f5:
         92:44:f9:29:d7:2d:84:ed:35:90:42:40:c4:ab:36:38:cb:e6:
         0f:8e:09:83:ff:1c:a3:19:b0:6b:ae:af:56:c4:9f:fe:d8:4a:
         2a:a4:1c:05:f1:1e:dc:0b:b0:cf:4f:7f:54:a0:48:b2:79:85:
         fe:9a:e8:d0:72:43:9c:c3:7a:2d:d7:7c:4a:8d:4f:4b:d3:d3:
         12:ea:4d:3f:ed:68:c9:58:7f:ee:ea:ae:ce:9c:03:cc:90:a7:
         64:79:6d:55:8f:54:fd:b9:44:8c:13:fc:b1:3a:77:78:45:5f:
         76:5d:8a:c5:50:bf:76:b4:1d:c7:14:b5:44:90:49:fe:af:f8:
         f9:bc:b7:74:be:80:6d:ba:23:eb:04:49:8f:c4:2b:6f:e7:e4:
         ef:25:05:3a:c6:15:d5:e7:5b:41:2d:5b:c0:8c:f9:d6:35:79:
         dd:f9:02:1b:ed:90:e1:bd:c4:96:00:12:38:18:72:a0:6e:4f:
         87:ed:20:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULPH4GzFyb84TzrLtg+brCEVXMbYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTFaFw0yNTEyMzEwODUzNTFaMDMxMTAvBgNV
BAMTKDA1RTlGQjA2NTBERTJDMTE3MjYwNjUzQjVGNDBGMzk3OUNCMkY1NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnKZTmppxAqNKQdsFDgDQ8qM8j
naJqgE3JYj+ddBY35oSVk/8r7k1yJ5rzDUvaGGZcPp3rm6ONhhsS9RYksdd0tgq9
nl30e+rft8ETG/dE1lIG3Myu5rcEd+3/Ru7+0kWDszIuP7QT79CX2SqtwDGI7HVg
6uodAFnWPBOAZ7p9xjoDXjBczU4NoJRfwjgDpIevS1/Wfxnxnf/UojW853NrlvtJ
BS4DkdZ7MVKO6jD4dS0FgBgRgpHJ0Bmki4tahTEq6UtJ4aWAuuR9B4aMeXpmDHTA
TQ3mSDrJPTmYLQXFVybuIbBLN5Dr3VVvJrLwdyNId1+QjrjZ2/Ls90ioV1E/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBen7BlDeLBFyYGU7X0Dzl5yy9WgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3NzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtagAw
DQYJKoZIhvcNAQELBQADggEBAA43Qth86Dzh92IDQk3js5mFHYmZxlIb9eDjvJ3t
NKXVVmagYq5YTQNoYw3xXEfR1O9wvQP9mtCSc/36SwMsTpZk7zA7zevW9ZJE+SnX
LYTtNZBCQMSrNjjL5g+OCYP/HKMZsGuur1bEn/7YSiqkHAXxHtwLsM9Pf1SgSLJ5
hf6a6NByQ5zDei3XfEqNT0vT0xLqTT/taMlYf+7qrs6cA8yQp2R5bVWPVP25RIwT
/LE6d3hFX3ZdisVQv3a0HccUtUSQSf6v+Pm8t3S+gG26I+sESY/EK2/n5O8lBTrG
FdXnW0EtW8CM+dY1ed35AhvtkOG9xJYAEjgYcqBuT4ftICU=
-----END CERTIFICATE-----