Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216047.roa
File:                     AS216047.roa (raw, json)
Hash identifier:          7vhFPChwh52oHVBNp7BtyUwcnCKGtEg71j+2YjDGtgU=
Subject key identifier:   11:E3:5F:A8:09:84:19:32:6C:57:2E:15:53:57:06:A9:38:38:7D:42
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1F0931D297DEA69CEC1BDD7BE034B87659A8DE7D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216047.roa
Signing time:             Tue 01 Oct 2024 07:59:51 +0000
ROA not before:           Tue 01 Oct 2024 07:54:51 +0000
ROA not after:            Tue 30 Sep 2025 07:59:51 +0000
asID:                     216047
IP address blocks:        103.141.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:09:31:d2:97:de:a6:9c:ec:1b:dd:7b:e0:34:b8:76:59:a8:de:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  1 07:54:51 2024 GMT
            Not After : Sep 30 07:59:51 2025 GMT
        Subject: CN=11E35FA8098419326C572E15535706A938387D42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6f:c6:69:75:ad:e6:41:f4:2c:40:89:3b:3e:
                    e0:22:3c:16:2b:8a:05:bc:01:2c:76:46:a9:06:03:
                    38:a9:54:db:37:7d:65:a3:2a:9b:7b:e6:cf:6b:72:
                    8e:61:5e:88:3b:93:95:1f:12:48:dc:00:69:6a:28:
                    f2:a5:c5:db:b3:34:be:59:10:ff:08:30:23:d7:5a:
                    7c:e7:10:ec:0c:66:d6:e3:89:32:e6:94:2d:df:09:
                    57:11:74:46:9d:7b:55:95:fd:b1:1f:97:6f:6a:a6:
                    8e:fe:1a:f3:99:1f:eb:bb:c0:3e:db:cd:1d:80:74:
                    78:76:b4:1d:c0:85:00:49:78:92:40:90:30:22:72:
                    8b:c5:24:ce:6b:59:89:05:4b:9a:31:a5:15:20:04:
                    5b:a5:23:17:f3:88:7b:49:ee:bb:63:b3:bb:83:e9:
                    82:f9:03:a1:c2:88:d0:7c:b9:81:ef:9e:5d:50:65:
                    24:52:0b:a4:73:70:a6:85:5c:e2:5d:a7:88:ac:3e:
                    89:d3:b5:e4:34:fa:1a:2a:b2:a8:70:5c:68:a8:ce:
                    94:02:10:53:84:1d:01:a0:4c:8d:b8:38:0f:3c:79:
                    47:df:b3:24:54:7c:21:d1:e3:5b:28:9e:b4:df:f1:
                    6b:79:92:b2:57:f9:2c:c3:4f:3e:87:cc:27:39:83:
                    2f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E3:5F:A8:09:84:19:32:6C:57:2E:15:53:57:06:A9:38:38:7D:42
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216047.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ea:a5:56:50:f7:c0:15:50:82:7f:40:5e:55:2e:c0:a0:4d:
         8a:38:d6:8c:c9:3e:c5:aa:36:a2:7b:98:33:ed:77:73:f7:a2:
         4d:ea:fa:5b:b8:4c:b1:3b:e4:ba:97:83:e2:3e:aa:e7:b0:4b:
         c6:87:58:af:09:0d:f1:24:aa:49:03:95:47:5d:68:9a:c2:f2:
         bb:4c:49:20:a1:f8:42:d4:c9:bc:15:65:76:83:0a:b9:5e:90:
         40:b7:af:89:ad:1a:7d:c9:b0:32:f8:f8:4e:6e:23:ea:78:ca:
         f6:90:73:91:ce:23:12:7c:6b:33:e3:41:03:c9:b5:40:ff:ed:
         81:db:41:ed:a1:0a:2a:40:9b:81:2d:0b:f7:fc:49:da:2b:8a:
         e6:cb:a7:9d:04:16:99:96:ad:ec:f3:e1:31:7e:21:0f:1d:f0:
         f4:d1:9c:7e:51:f9:44:2d:df:78:7c:06:d8:78:30:d0:b0:06:
         98:9c:f4:1e:e5:f8:64:0d:7a:f8:33:58:47:41:06:88:86:06:
         de:3f:2b:57:10:c2:45:3c:1f:d4:d0:c5:7a:57:c9:3e:c9:33:
         11:d4:46:73:b5:98:67:35:97:24:a9:6a:a5:19:55:15:45:53:
         22:ed:79:0f:d0:95:0b:56:92:1f:09:7e:85:e2:1c:f6:dc:87:
         6c:c3:4e:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHwkx0pfeppzsG9174DS4dlmo3n0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDEwNzU0NTFaFw0yNTA5MzAwNzU5NTFaMDMxMTAvBgNV
BAMTKDExRTM1RkE4MDk4NDE5MzI2QzU3MkUxNTUzNTcwNkE5MzgzODdENDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCob8Zpda3mQfQsQIk7PuAiPBYr
igW8ASx2RqkGAzipVNs3fWWjKpt75s9rco5hXog7k5UfEkjcAGlqKPKlxduzNL5Z
EP8IMCPXWnznEOwMZtbjiTLmlC3fCVcRdEade1WV/bEfl29qpo7+GvOZH+u7wD7b
zR2AdHh2tB3AhQBJeJJAkDAicovFJM5rWYkFS5oxpRUgBFulIxfziHtJ7rtjs7uD
6YL5A6HCiNB8uYHvnl1QZSRSC6RzcKaFXOJdp4isPonTteQ0+hoqsqhwXGiozpQC
EFOEHQGgTI24OA88eUffsyRUfCHR41sonrTf8Wt5krJX+SzDTz6HzCc5gy95AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEeNfqAmEGTJsVy4VU1cGqTg4fUIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MDQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ41E
MA0GCSqGSIb3DQEBCwUAA4IBAQAR6qVWUPfAFVCCf0BeVS7AoE2KONaMyT7Fqjai
e5gz7Xdz96JN6vpbuEyxO+S6l4PiPqrnsEvGh1ivCQ3xJKpJA5VHXWiawvK7TEkg
ofhC1Mm8FWV2gwq5XpBAt6+JrRp9ybAy+PhObiPqeMr2kHORziMSfGsz40EDybVA
/+2B20HtoQoqQJuBLQv3/EnaK4rmy6edBBaZlq3s8+ExfiEPHfD00Zx+UflELd94
fAbYeDDQsAaYnPQe5fhkDXr4M1hHQQaIhgbePytXEMJFPB/U0MV6V8k+yTMR1EZz
tZhnNZckqWqlGVUVRVMi7XkP0JULVpIfCX6F4hz23Idsw04B
-----END CERTIFICATE-----