Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216022.roa
File:                     AS216022.roa (raw, json)
Hash identifier:          qxO+ayb6dEekeDIyukhebnmetnUL1rsEOITIpVg9bY0=
Subject key identifier:   BB:34:C7:EB:68:EF:36:A6:24:10:7A:A9:4A:1C:14:FA:A7:7C:71:56
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3AF7A82B45AC027A521AC04E1D968968ADD86122
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216022.roa
Signing time:             Thu 09 May 2024 09:03:32 +0000
ROA not before:           Thu 09 May 2024 08:58:32 +0000
ROA not after:            Thu 08 May 2025 09:03:32 +0000
asID:                     216022
IP address blocks:        191.101.102.0/24 maxlen: 24
                          191.101.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:f7:a8:2b:45:ac:02:7a:52:1a:c0:4e:1d:96:89:68:ad:d8:61:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  9 08:58:32 2024 GMT
            Not After : May  8 09:03:32 2025 GMT
        Subject: CN=BB34C7EB68EF36A624107AA94A1C14FAA77C7156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3c:fc:7c:28:22:1e:17:be:c9:05:9e:c9:00:
                    6a:41:b8:a2:82:28:b3:20:fb:e7:0f:fa:10:cd:2c:
                    b6:ce:7c:3f:c1:5e:67:11:e7:9a:21:ff:c6:e6:b4:
                    fe:ee:f8:e6:6e:13:8a:bd:d0:1d:f5:8c:47:5c:a1:
                    52:0d:57:f5:80:ee:b0:26:bc:ea:a5:f8:ce:c3:1e:
                    30:1b:b1:b5:4a:a7:e3:73:14:18:98:27:40:68:5a:
                    15:fe:6f:eb:7a:31:f8:57:82:59:e5:49:d0:dd:ef:
                    d6:ae:11:ae:3f:e3:b9:05:73:bf:b8:cd:7b:c8:18:
                    00:1c:10:4e:c5:cb:be:5c:7e:d1:24:ce:09:dd:30:
                    fe:c1:1d:cc:4e:53:dc:33:c1:7b:c7:9b:20:20:b7:
                    2c:1b:24:c1:f9:7d:b3:9e:bd:a5:07:44:d6:fa:58:
                    67:63:9f:a2:48:1c:40:aa:e4:70:bd:b6:fe:48:e1:
                    38:e2:22:ca:ea:41:9c:9e:42:6c:6a:76:83:1c:81:
                    a0:a2:f0:f9:b9:68:26:cb:4f:28:39:c7:2b:b3:57:
                    46:44:c1:2c:51:42:52:0e:90:3f:a6:c0:ae:32:e9:
                    ad:a4:d5:b6:4a:60:08:6d:ec:8a:34:2f:44:20:12:
                    8e:a2:ea:d1:9f:f6:e6:aa:df:9b:b9:59:e0:fa:41:
                    c0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:34:C7:EB:68:EF:36:A6:24:10:7A:A9:4A:1C:14:FA:A7:7C:71:56
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.102.0/24
                  191.101.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:5f:e1:c4:55:54:a1:14:48:ce:80:a4:e9:ff:b5:02:59:03:
         06:7c:18:f3:ea:70:e0:68:95:c2:b2:a8:57:0a:49:03:52:b8:
         93:85:80:42:d4:2a:5d:69:6b:b7:6a:1e:eb:f3:0d:d4:58:c1:
         8b:c4:a4:78:fa:b7:f5:45:68:bb:c4:15:eb:36:ec:19:f5:44:
         33:4c:3d:2d:80:f5:e7:0f:c5:6d:de:7b:b2:43:7d:ed:6e:86:
         3e:7f:9a:db:3a:1a:d0:4b:9a:4d:8f:a4:ab:0c:0a:9d:d2:27:
         46:2c:37:a5:65:25:d7:1e:c8:8a:cb:91:59:d6:ca:2d:98:24:
         a5:7a:3c:de:52:f9:e2:e5:b0:f6:a2:03:8f:32:8f:4b:33:4d:
         af:71:c4:3b:1c:67:9d:05:e2:33:8d:9a:62:a9:82:d3:49:1c:
         da:0c:b4:2d:f2:22:a8:23:63:70:e3:db:34:50:b8:11:f2:d8:
         97:d5:e7:b5:80:a7:52:a2:45:13:ec:1f:65:25:f6:2a:e6:10:
         d3:09:36:96:7f:57:26:1a:b8:4a:6c:34:a3:c4:ad:ca:29:db:
         22:0d:83:6a:80:f5:25:dc:a0:2d:fe:f3:64:2f:27:f8:30:d0:
         92:27:af:6e:d2:5e:42:dd:70:50:a0:15:23:74:fa:b2:83:3e:
         4b:07:b9:1b
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUOveoK0WsAnpSGsBOHZaJaK3YYSIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDkwODU4MzJaFw0yNTA1MDgwOTAzMzJaMDMxMTAvBgNV
BAMTKEJCMzRDN0VCNjhFRjM2QTYyNDEwN0FBOTRBMUMxNEZBQTc3QzcxNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOPPx8KCIeF77JBZ7JAGpBuKKC
KLMg++cP+hDNLLbOfD/BXmcR55oh/8bmtP7u+OZuE4q90B31jEdcoVINV/WA7rAm
vOql+M7DHjAbsbVKp+NzFBiYJ0BoWhX+b+t6MfhXglnlSdDd79auEa4/47kFc7+4
zXvIGAAcEE7Fy75cftEkzgndMP7BHcxOU9wzwXvHmyAgtywbJMH5fbOevaUHRNb6
WGdjn6JIHECq5HC9tv5I4TjiIsrqQZyeQmxqdoMcgaCi8Pm5aCbLTyg5xyuzV0ZE
wSxRQlIOkD+mwK4y6a2k1bZKYAht7Io0L0QgEo6i6tGf9uaq35u5WeD6QcCTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUuzTH62jvNqYkEHqpShwU+qd8cVYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2Vm
AwQAv2V5MA0GCSqGSIb3DQEBCwUAA4IBAQATX+HEVVShFEjOgKTp/7UCWQMGfBjz
6nDgaJXCsqhXCkkDUriThYBC1CpdaWu3ah7r8w3UWMGLxKR4+rf1RWi7xBXrNuwZ
9UQzTD0tgPXnD8Vt3nuyQ33tboY+f5rbOhrQS5pNj6SrDAqd0idGLDelZSXXHsiK
y5FZ1sotmCSlejzeUvni5bD2ogOPMo9LM02vccQ7HGedBeIzjZpiqYLTSRzaDLQt
8iKoI2Nw49s0ULgR8tiX1ee1gKdSokUT7B9lJfYq5hDTCTaWf1cmGrhKbDSjxK3K
KdsiDYNqgPUl3KAt/vNkLyf4MNCSJ69u0l5C3XBQoBUjdPqygz5LB7kb
-----END CERTIFICATE-----