Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa
File:                     AS208450.roa (raw, json)
Hash identifier:          ovWk8SPHikQvJUoVpi8CbTy4EOeleqre+kW0wVgkhMg=
Subject key identifier:   16:F5:9F:10:74:FF:35:EF:F7:D6:1D:B1:9A:14:86:BB:1A:98:5B:4C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3B8770C5FBCA431D5F32B744F2AF5483C4110C62
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa
Signing time:             Fri 27 Dec 2024 17:33:56 +0000
ROA not before:           Fri 27 Dec 2024 17:28:56 +0000
ROA not after:            Fri 26 Dec 2025 17:33:56 +0000
asID:                     208450
IP address blocks:        191.101.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:87:70:c5:fb:ca:43:1d:5f:32:b7:44:f2:af:54:83:c4:11:0c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 27 17:28:56 2024 GMT
            Not After : Dec 26 17:33:56 2025 GMT
        Subject: CN=16F59F1074FF35EFF7D61DB19A1486BB1A985B4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4a:55:d1:20:74:0c:e5:51:a6:e4:2b:81:fc:
                    30:e4:41:27:5e:2b:78:a0:5e:60:79:2e:cb:c1:81:
                    74:93:c6:f2:fb:ab:8c:4e:18:80:59:99:c1:5b:33:
                    3a:1f:84:17:7e:d5:d4:d2:d8:90:9f:34:a8:16:13:
                    14:6f:c3:a8:ac:8e:70:ed:3a:20:de:3e:c3:19:07:
                    26:fd:43:8d:4b:e0:08:09:94:46:c3:04:d5:8d:3f:
                    08:ed:40:4b:db:75:3e:8e:94:25:12:97:32:a6:7f:
                    cd:54:c2:f9:14:f0:0b:c6:8d:01:73:c0:11:c0:bc:
                    00:b3:db:93:4c:83:af:77:18:ff:af:28:f2:fc:11:
                    a8:fc:13:a9:fc:33:88:5a:d6:45:40:8f:41:81:72:
                    77:18:87:05:9c:88:95:75:77:15:5f:ab:9b:12:5d:
                    97:c1:76:06:1a:1d:19:33:19:de:72:03:c4:1f:d7:
                    cb:c4:47:a2:1d:c6:15:41:97:49:78:1a:a0:86:a6:
                    dd:0d:3a:6b:8d:3d:d7:27:31:e2:ce:c6:a8:9f:5b:
                    df:d3:10:0a:2e:16:a7:08:14:ef:a6:30:32:8e:6b:
                    c8:05:7d:6f:21:60:0f:4f:a2:07:c1:3f:2e:05:69:
                    b5:1f:51:3d:7d:1c:06:6f:ee:95:3e:cd:0c:af:9a:
                    bf:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F5:9F:10:74:FF:35:EF:F7:D6:1D:B1:9A:14:86:BB:1A:98:5B:4C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:de:64:48:db:16:22:c7:6e:f6:bf:74:9a:82:c1:a1:78:69:
         88:6a:19:52:d2:bf:e6:47:6d:ec:d3:6b:8e:80:6f:17:7f:75:
         b7:82:f0:9b:b0:30:63:f4:d0:cf:63:76:38:55:e7:c3:fc:57:
         11:e0:6a:ea:a9:8f:69:b5:60:eb:0a:f7:a3:a9:54:fa:f2:2f:
         a9:75:bd:57:aa:af:80:02:5e:87:75:81:1d:e4:15:80:a8:0c:
         be:12:ab:22:c6:a7:eb:5a:93:25:ae:a2:27:2f:68:74:de:5e:
         e4:31:87:b9:31:bc:19:41:b4:1f:04:90:51:b3:c8:42:04:3a:
         30:2c:a2:49:31:78:29:fe:ff:08:ff:d6:07:02:4f:94:cc:45:
         31:25:02:5e:91:9c:0b:c4:b6:ae:6e:5e:6b:4b:0c:83:8c:dd:
         b5:63:3a:26:b8:2e:8f:67:5a:69:3a:40:d3:22:b9:27:3b:4f:
         52:fb:9c:ec:2f:d2:fd:70:18:83:9a:09:85:9b:5b:05:c6:20:
         e4:ac:1f:e4:9c:d0:84:ee:a8:07:36:9e:7f:17:c5:6d:34:0e:
         d6:60:98:05:bc:70:9c:10:9b:f8:86:80:80:0e:73:d1:40:00:
         d2:cd:9b:97:57:82:23:f6:bb:3d:2c:07:4d:62:27:d5:dd:f8:
         45:eb:d6:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUO4dwxfvKQx1fMrdE8q9Ug8QRDGIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEyMjcxNzI4NTZaFw0yNTEyMjYxNzMzNTZaMDMxMTAvBgNV
BAMTKDE2RjU5RjEwNzRGRjM1RUZGN0Q2MURCMTlBMTQ4NkJCMUE5ODVCNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfSlXRIHQM5VGm5CuB/DDkQSde
K3igXmB5LsvBgXSTxvL7q4xOGIBZmcFbMzofhBd+1dTS2JCfNKgWExRvw6isjnDt
OiDePsMZByb9Q41L4AgJlEbDBNWNPwjtQEvbdT6OlCUSlzKmf81UwvkU8AvGjQFz
wBHAvACz25NMg693GP+vKPL8Eaj8E6n8M4ha1kVAj0GBcncYhwWciJV1dxVfq5sS
XZfBdgYaHRkzGd5yA8Qf18vER6IdxhVBl0l4GqCGpt0NOmuNPdcnMeLOxqifW9/T
EAouFqcIFO+mMDKOa8gFfW8hYA9PogfBPy4FabUfUT19HAZv7pU+zQyvmr+XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFvWfEHT/Ne/31h2xmhSGuxqYW0wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA4NDUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Xa
MA0GCSqGSIb3DQEBCwUAA4IBAQAg3mRI2xYix272v3SagsGheGmIahlS0r/mR23s
02uOgG8Xf3W3gvCbsDBj9NDPY3Y4VefD/FcR4GrqqY9ptWDrCvejqVT68i+pdb1X
qq+AAl6HdYEd5BWAqAy+EqsixqfrWpMlrqInL2h03l7kMYe5MbwZQbQfBJBRs8hC
BDowLKJJMXgp/v8I/9YHAk+UzEUxJQJekZwLxLaubl5rSwyDjN21YzomuC6PZ1pp
OkDTIrknO09S+5zsL9L9cBiDmgmFm1sFxiDkrB/knNCE7qgHNp5/F8VtNA7WYJgF
vHCcEJv4hoCADnPRQADSzZuXV4Ij9rs9LAdNYifV3fhF69bH
-----END CERTIFICATE-----