Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa
File:                     AS216414.roa (raw, json)
Hash identifier:          5/bs/CK1nnVhGwS4AE9i4QiQxfInOosBxUhXSu+3RJo=
Subject key identifier:   E7:9E:09:E7:A8:F8:12:33:E1:20:B3:0F:B3:01:F9:9F:EF:57:66:69
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4F7613469425E9215BF0A1C1196501B1CC1DC9F9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa
Signing time:             Wed 30 Aug 2023 07:38:32 +0000
ROA not before:           Wed 30 Aug 2023 07:33:32 +0000
ROA not after:            Wed 28 Aug 2024 07:38:32 +0000
asID:                     216414
IP address blocks:        181.215.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:76:13:46:94:25:e9:21:5b:f0:a1:c1:19:65:01:b1:cc:1d:c9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 30 07:33:32 2023 GMT
            Not After : Aug 28 07:38:32 2024 GMT
        Subject: CN=E79E09E7A8F81233E120B30FB301F99FEF576669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ba:65:18:7f:8f:df:a0:bb:26:f8:d3:09:ca:
                    83:2a:6f:0d:18:ca:00:81:39:33:09:c0:20:ef:8a:
                    9b:e5:47:03:b1:9a:85:35:8e:5e:c4:5e:41:c0:28:
                    38:25:b4:1f:ba:83:c1:30:fc:ac:49:d1:fe:9c:34:
                    cb:8b:01:6f:ef:00:0e:1c:f8:a3:72:88:75:2a:c4:
                    7c:4f:1d:ae:b6:29:02:ab:66:b0:4b:33:d8:d7:34:
                    04:bc:70:79:47:2a:8a:58:fb:f7:c0:39:04:dc:3f:
                    d9:00:59:fa:ce:04:08:77:b2:b8:13:03:ca:c2:5b:
                    c8:f5:a8:b3:72:7d:95:c9:12:7e:18:52:d0:06:c5:
                    48:3c:65:57:3b:88:78:5f:d7:d2:f1:79:c4:14:a4:
                    fd:2c:5f:e8:54:9a:b1:d9:5d:c1:a8:02:dc:c7:56:
                    f7:1c:4f:e2:b7:f3:aa:ce:ca:92:1a:00:ec:4f:98:
                    50:f9:36:98:68:88:4c:20:b6:71:04:f2:67:a0:e1:
                    4f:5f:ce:80:9a:f4:16:76:be:6e:74:31:42:9e:a3:
                    b9:b0:90:ee:16:be:9a:45:b1:4b:0b:bf:9c:de:ba:
                    2d:ac:a8:74:b9:2f:3e:c5:5b:a5:9c:79:f3:b3:6e:
                    c1:53:41:2e:4e:bf:4b:d8:8e:fc:95:fb:73:d9:29:
                    0a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9E:09:E7:A8:F8:12:33:E1:20:B3:0F:B3:01:F9:9F:EF:57:66:69
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS216414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:17:65:e4:c6:43:fa:a7:83:25:bf:1c:57:3d:59:f1:c5:14:
         7e:5a:4f:4b:c7:e8:35:0c:48:13:2b:cf:c5:8d:6c:ed:9d:e9:
         4d:38:ee:51:e4:61:4f:d0:08:43:fa:09:61:97:01:a4:10:11:
         ba:bb:7a:44:50:b7:b7:ce:f2:41:28:d5:21:52:6d:39:33:3d:
         7d:a9:69:f7:b5:4a:6c:de:e0:3d:e1:9d:12:c2:45:2d:63:90:
         f3:e5:32:3b:c3:95:37:51:fe:7d:1f:17:ba:80:4a:e6:04:f5:
         24:ba:86:8a:86:25:bf:1d:8b:d2:86:18:7b:84:52:9e:3f:65:
         73:c1:65:60:01:3c:9b:5b:2b:81:31:77:94:b6:c8:ff:a6:dc:
         5c:f7:25:8d:46:d1:88:da:d0:62:19:d8:52:90:f8:53:3d:35:
         15:a4:b3:bb:04:5b:db:17:e0:ba:01:c5:74:06:7a:e6:06:b8:
         3b:51:82:0a:c2:23:ec:21:a5:a9:db:84:82:3b:a3:46:5b:a4:
         4b:5a:2a:41:79:1a:e7:a5:3e:41:c9:2e:de:26:81:f8:52:05:
         17:68:63:c5:58:0f:ea:a3:a2:7d:6f:17:c9:88:71:af:32:fc:
         0e:55:1d:68:05:f2:5d:bc:e5:df:ed:51:7d:b0:b5:11:54:13:
         e9:37:75:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUT3YTRpQl6SFb8KHBGWUBscwdyfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA4MzAwNzMzMzJaFw0yNDA4MjgwNzM4MzJaMDMxMTAvBgNV
BAMTKEU3OUUwOUU3QThGODEyMzNFMTIwQjMwRkIzMDFGOTlGRUY1NzY2NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgumUYf4/foLsm+NMJyoMqbw0Y
ygCBOTMJwCDvipvlRwOxmoU1jl7EXkHAKDgltB+6g8Ew/KxJ0f6cNMuLAW/vAA4c
+KNyiHUqxHxPHa62KQKrZrBLM9jXNAS8cHlHKopY+/fAOQTcP9kAWfrOBAh3srgT
A8rCW8j1qLNyfZXJEn4YUtAGxUg8ZVc7iHhf19LxecQUpP0sX+hUmrHZXcGoAtzH
VvccT+K386rOypIaAOxPmFD5NphoiEwgtnEE8meg4U9fzoCa9BZ2vm50MUKeo7mw
kO4WvppFsUsLv5zeui2sqHS5Lz7FW6WcefOzbsFTQS5Ov0vYjvyV+3PZKQohAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU554J56j4EjPhILMPswH5n+9XZmkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE2NDE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcW
MA0GCSqGSIb3DQEBCwUAA4IBAQBbF2XkxkP6p4MlvxxXPVnxxRR+Wk9Lx+g1DEgT
K8/FjWztnelNOO5R5GFP0AhD+glhlwGkEBG6u3pEULe3zvJBKNUhUm05Mz19qWn3
tUps3uA94Z0SwkUtY5Dz5TI7w5U3Uf59Hxe6gErmBPUkuoaKhiW/HYvShhh7hFKe
P2VzwWVgATybWyuBMXeUtsj/ptxc9yWNRtGI2tBiGdhSkPhTPTUVpLO7BFvbF+C6
AcV0BnrmBrg7UYIKwiPsIaWp24SCO6NGW6RLWipBeRrnpT5ByS7eJoH4UgUXaGPF
WA/qo6J9bxfJiHGvMvwOVR1oBfJdvOXf7VF9sLURVBPpN3Um
-----END CERTIFICATE-----