Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
File:                     AS216338.roa (raw, json)
Hash identifier:          gXYUyLVPjFlvGzExS3p1ApT7OBm7EvVG0jyz9q2r5nU=
Subject key identifier:   9A:4A:FA:AD:88:1D:9F:3F:18:85:DF:53:20:C1:44:DA:45:11:C1:FF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1EDBA6A3C8377822616719475BABD0256200EDFC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa
Signing time:             Sun 24 Sep 2023 15:14:45 +0000
ROA not before:           Sun 24 Sep 2023 15:09:45 +0000
ROA not after:            Sun 22 Sep 2024 15:14:45 +0000
asID:                     216338
IP address blocks:        191.101.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:db:a6:a3:c8:37:78:22:61:67:19:47:5b:ab:d0:25:62:00:ed:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 24 15:09:45 2023 GMT
            Not After : Sep 22 15:14:45 2024 GMT
        Subject: CN=9A4AFAAD881D9F3F1885DF5320C144DA4511C1FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b2:df:b9:58:a0:8a:43:7c:b7:ab:23:2d:8b:
                    e5:38:fa:b2:e9:2c:16:83:69:da:68:c2:44:e5:4a:
                    37:fa:6e:ab:53:a7:9e:d7:5b:a3:6f:72:61:02:ac:
                    b8:b4:86:ce:c8:86:ad:cb:d1:61:bf:44:0a:3e:9e:
                    d6:5f:9e:4c:05:b6:2f:32:b3:3f:32:6f:0f:1c:b1:
                    c2:8a:eb:88:75:52:69:16:be:8d:a7:d4:3e:79:4d:
                    cd:d5:30:2a:d1:06:fa:15:57:3c:eb:d8:75:38:b5:
                    f8:62:24:39:f3:e1:69:75:da:da:11:bf:07:ef:ad:
                    9e:81:92:29:52:63:42:8d:56:36:ab:a6:19:f9:74:
                    92:f3:99:4e:4e:7e:65:0f:f5:63:9c:c8:37:e0:23:
                    be:85:20:9a:4e:92:75:f4:f7:90:c3:eb:40:85:e9:
                    95:e6:63:c1:e5:a6:8b:8e:2a:6c:32:d4:81:63:b1:
                    8d:0a:6f:9e:2c:80:ac:26:68:00:9b:40:36:5d:fc:
                    7b:ea:f0:af:99:c6:01:a3:b5:1b:53:06:2d:28:91:
                    7e:6d:4e:8a:c9:18:e2:51:08:7a:32:4b:28:24:8c:
                    b3:a9:86:29:5b:f8:2d:a4:53:1e:f0:5b:a0:fb:e2:
                    de:40:84:5a:03:41:ec:54:38:0e:b2:4b:21:63:51:
                    6b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:4A:FA:AD:88:1D:9F:3F:18:85:DF:53:20:C1:44:DA:45:11:C1:FF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c3:c3:79:58:fd:42:72:ee:4d:bd:9f:af:2b:a4:ee:65:da:
         04:6b:30:6e:95:da:fa:66:9c:61:15:ca:14:4c:72:67:58:ff:
         f1:77:64:46:5e:d2:2b:f0:43:3c:40:c6:81:77:8f:93:ba:ec:
         b0:ec:cb:70:46:e8:3c:0a:77:96:a8:2e:d4:3a:30:bf:a2:ac:
         68:77:f3:84:1e:a8:cb:b3:6b:c3:68:82:38:c0:4c:0c:66:da:
         a6:6c:da:d7:d9:93:3f:fa:47:0d:b2:fd:34:bb:b2:8a:f1:5f:
         65:4c:34:5b:45:9a:9c:53:e7:f2:14:b7:dc:26:65:34:32:43:
         7d:1b:96:b3:e1:20:94:99:64:3b:dd:aa:31:f1:d5:59:67:37:
         be:6e:f4:4f:e9:5a:ef:36:e0:08:2e:89:9b:c0:fd:b1:04:25:
         33:fd:97:a0:ff:e8:79:02:48:cf:23:8e:02:74:64:9f:d6:68:
         ae:91:42:63:55:9b:4a:58:30:cb:d4:4a:82:2d:5d:e6:9b:6c:
         13:b8:79:7d:c9:4b:2e:4d:cc:14:30:57:4b:9c:e4:0f:19:18:
         d7:a0:6f:25:a7:d0:81:04:0e:dd:91:76:8e:1c:7d:c9:12:4a:
         b5:a8:4d:0d:f3:fb:57:a2:18:d7:0f:26:64:8e:11:c8:ef:89:
         81:53:ba:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHtumo8g3eCJhZxlHW6vQJWIA7fwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA5MjQxNTA5NDVaFw0yNDA5MjIxNTE0NDVaMDMxMTAvBgNV
BAMTKDlBNEFGQUFEODgxRDlGM0YxODg1REY1MzIwQzE0NERBNDUxMUMxRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvst+5WKCKQ3y3qyMti+U4+rLp
LBaDadpowkTlSjf6bqtTp57XW6NvcmECrLi0hs7Ihq3L0WG/RAo+ntZfnkwFti8y
sz8ybw8cscKK64h1UmkWvo2n1D55Tc3VMCrRBvoVVzzr2HU4tfhiJDnz4Wl12toR
vwfvrZ6BkilSY0KNVjarphn5dJLzmU5OfmUP9WOcyDfgI76FIJpOknX095DD60CF
6ZXmY8HlpouOKmwy1IFjsY0Kb54sgKwmaACbQDZd/Hvq8K+ZxgGjtRtTBi0okX5t
TorJGOJRCHoySygkjLOphilb+C2kUx7wW6D74t5AhFoDQexUOA6ySyFjUWvDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmkr6rYgdnz8Yhd9TIMFE2kURwf8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2MzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Vl
MA0GCSqGSIb3DQEBCwUAA4IBAQACw8N5WP1Ccu5NvZ+vK6TuZdoEazBuldr6Zpxh
FcoUTHJnWP/xd2RGXtIr8EM8QMaBd4+Tuuyw7MtwRug8CneWqC7UOjC/oqxod/OE
HqjLs2vDaII4wEwMZtqmbNrX2ZM/+kcNsv00u7KK8V9lTDRbRZqcU+fyFLfcJmU0
MkN9G5az4SCUmWQ73aox8dVZZze+bvRP6VrvNuAILombwP2xBCUz/Zeg/+h5AkjP
I44CdGSf1miukUJjVZtKWDDL1EqCLV3mm2wTuHl9yUsuTcwUMFdLnOQPGRjXoG8l
p9CBBA7dkXaOHH3JEkq1qE0N8/tXohjXDyZkjhHI74mBU7o1
-----END CERTIFICATE-----