Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          nra7GQzhvHBHJKM6DYWTd+FI46yusw79zx9lj5BgRrw=
Subject key identifier:   A5:6F:4C:E5:F2:FA:28:06:5E:66:8D:96:E1:11:AA:34:1B:E8:8B:8D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       27328E9E3DAFD2E857E6E064F448B7679E2278B4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
Signing time:             Fri 03 May 2024 14:05:16 +0000
ROA not before:           Fri 03 May 2024 14:00:16 +0000
ROA not after:            Fri 02 May 2025 14:05:16 +0000
asID:                     265919
IP address blocks:        191.96.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:32:8e:9e:3d:af:d2:e8:57:e6:e0:64:f4:48:b7:67:9e:22:78:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  3 14:00:16 2024 GMT
            Not After : May  2 14:05:16 2025 GMT
        Subject: CN=A56F4CE5F2FA28065E668D96E111AA341BE88B8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ee:92:e8:a4:3d:dd:12:81:d3:cd:28:a4:97:
                    34:bd:c7:80:ba:93:12:cb:20:9c:3e:42:a6:4b:d6:
                    9b:99:84:3c:e7:ea:5d:c7:9c:a4:1f:14:e0:d7:ae:
                    41:ae:b4:42:6a:bc:92:cb:ff:80:de:27:57:e1:9e:
                    dd:76:6d:b1:8e:cd:be:b6:46:73:76:a5:b5:ae:e1:
                    25:af:ab:2b:02:c6:ed:59:50:a4:71:db:19:9f:cb:
                    52:3d:00:40:43:66:32:1e:04:ba:bc:3d:dc:da:c2:
                    a3:fd:8a:92:11:51:00:ba:f7:c2:b1:15:5f:35:20:
                    15:e6:c6:e6:b3:e8:08:e6:d5:65:83:07:41:94:ff:
                    81:c6:bc:1d:ee:e5:af:bb:5c:c9:25:6e:ac:00:b3:
                    32:31:97:b2:48:07:ae:86:94:35:d2:13:fe:28:53:
                    b2:b3:ff:92:be:03:7e:21:a2:1e:b7:fe:a6:cd:e1:
                    08:c5:6d:ab:a5:f7:81:7d:1c:c4:91:c7:77:37:69:
                    65:49:d4:02:d7:73:ab:ed:dd:e6:97:17:44:c5:a4:
                    88:e9:0a:6a:f5:dc:7a:75:dc:eb:85:05:e0:44:7a:
                    56:42:d3:32:0e:bc:cd:c0:25:b2:1c:85:58:82:92:
                    9c:bb:e7:45:b3:84:f4:6e:71:d0:52:13:7a:e9:3f:
                    a3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6F:4C:E5:F2:FA:28:06:5E:66:8D:96:E1:11:AA:34:1B:E8:8B:8D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:fe:5a:16:46:fa:95:b1:c5:e6:51:45:38:6d:ff:d2:0d:25:
         9b:95:b8:1e:61:17:ba:47:7e:33:40:2d:3d:80:8a:29:94:d0:
         26:40:a1:0e:31:3c:0c:1e:9f:67:b5:c3:37:28:47:2c:9a:37:
         bc:91:dd:5d:c9:87:dc:1a:eb:47:18:3c:7d:ea:24:2a:ce:5a:
         1c:fa:40:77:a5:24:46:8a:9c:89:a2:77:ba:63:14:b4:f2:a7:
         e4:e4:f2:d0:22:a5:71:fb:8d:bf:c0:2a:3b:43:cd:61:31:e4:
         a1:ef:5e:f3:d1:e8:78:47:b8:e4:66:96:c4:f5:75:e4:b5:85:
         cc:fd:0e:9b:02:f4:58:c2:3b:96:b8:f8:77:b7:db:4c:3d:21:
         58:7c:76:41:bd:22:f6:ef:9e:d0:ed:7f:b7:2f:6d:fc:7d:85:
         34:aa:d4:97:4e:8b:f3:a2:e8:52:a5:fd:c8:29:4f:12:b7:f0:
         9e:24:10:b8:84:15:43:e0:2f:3c:d8:40:5c:35:71:72:13:79:
         7e:4e:63:04:3f:c0:4d:21:db:de:52:c6:c7:b1:a7:02:18:62:
         0a:40:b5:7d:ab:c4:34:d4:08:cf:78:0a:45:16:2c:e6:2f:e7:
         79:0b:1b:62:fa:63:ae:1e:c7:15:2b:a5:cf:40:05:70:38:32:
         98:d1:41:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJzKOnj2v0uhX5uBk9Ei3Z54ieLQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDMxNDAwMTZaFw0yNTA1MDIxNDA1MTZaMDMxMTAvBgNV
BAMTKEE1NkY0Q0U1RjJGQTI4MDY1RTY2OEQ5NkUxMTFBQTM0MUJFODhCOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCP7pLopD3dEoHTzSiklzS9x4C6
kxLLIJw+QqZL1puZhDzn6l3HnKQfFODXrkGutEJqvJLL/4DeJ1fhnt12bbGOzb62
RnN2pbWu4SWvqysCxu1ZUKRx2xmfy1I9AEBDZjIeBLq8PdzawqP9ipIRUQC698Kx
FV81IBXmxuaz6Ajm1WWDB0GU/4HGvB3u5a+7XMklbqwAszIxl7JIB66GlDXSE/4o
U7Kz/5K+A34hoh63/qbN4QjFbaul94F9HMSRx3c3aWVJ1ALXc6vt3eaXF0TFpIjp
Cmr13Hp13OuFBeBEelZC0zIOvM3AJbIchViCkpy750WzhPRucdBSE3rpP6NVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpW9M5fL6KAZeZo2W4RGqNBvoi40wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2BR
MA0GCSqGSIb3DQEBCwUAA4IBAQBf/loWRvqVscXmUUU4bf/SDSWblbgeYRe6R34z
QC09gIoplNAmQKEOMTwMHp9ntcM3KEcsmje8kd1dyYfcGutHGDx96iQqzloc+kB3
pSRGipyJone6YxS08qfk5PLQIqVx+42/wCo7Q81hMeSh717z0eh4R7jkZpbE9XXk
tYXM/Q6bAvRYwjuWuPh3t9tMPSFYfHZBvSL2757Q7X+3L238fYU0qtSXTovzouhS
pf3IKU8St/CeJBC4hBVD4C882EBcNXFyE3l+TmMEP8BNIdveUsbHsacCGGIKQLV9
q8Q01AjPeApFFizmL+d5Cxti+mOuHscVK6XPQAVwODKY0UHx
-----END CERTIFICATE-----