Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
File:                     AS271965.roa (raw, json)
Hash identifier:          t8LjBAG5sbZJHNlqH2dC5hXE0zE4KnWUmSKgnNgAis4=
Subject key identifier:   BB:8A:21:C1:7B:FB:2A:DA:3D:BD:13:E0:FB:6B:1B:F2:2B:CE:B9:A3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41405F778C0AA497BE4FCF14F29B2124CB66B81D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa
Signing time:             Wed 05 Jul 2023 13:26:32 +0000
ROA not before:           Wed 05 Jul 2023 13:21:32 +0000
ROA not after:            Wed 03 Jul 2024 13:26:32 +0000
asID:                     271965
IP address blocks:        191.101.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:40:5f:77:8c:0a:a4:97:be:4f:cf:14:f2:9b:21:24:cb:66:b8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  5 13:21:32 2023 GMT
            Not After : Jul  3 13:26:32 2024 GMT
        Subject: CN=BB8A21C17BFB2ADA3DBD13E0FB6B1BF22BCEB9A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:77:86:46:53:09:ac:7a:33:e8:93:71:b5:09:
                    ec:15:3c:5d:eb:86:bb:ab:62:ac:f1:48:b1:da:50:
                    d2:45:c6:07:35:b4:4a:97:b7:31:3e:d4:5a:8e:75:
                    a3:c1:a5:19:54:db:09:fc:d7:ab:22:c0:c3:13:19:
                    8c:7f:df:ee:a9:69:7e:72:8c:f4:dc:16:b4:8f:26:
                    56:27:47:8d:a7:66:4e:0e:98:f7:ba:96:31:ed:65:
                    e1:c9:21:06:00:6c:76:79:1f:d4:ff:90:c4:47:fd:
                    56:27:45:23:4e:e4:76:81:79:62:57:28:04:a8:be:
                    2a:df:23:66:52:99:5b:5d:60:8c:6a:d8:e3:37:a1:
                    af:31:ea:49:c6:2b:0c:f6:fc:b3:e9:7f:87:04:8e:
                    a7:76:bc:c8:58:ea:e0:3b:0c:af:b8:33:b9:59:25:
                    c3:45:3f:b9:c1:28:85:35:4e:91:2f:9e:3f:6e:10:
                    e7:40:d9:fc:4f:7d:16:81:83:53:e4:81:ab:ea:a8:
                    a3:2b:b6:53:f6:ad:52:2a:5c:7e:a8:f4:64:6f:93:
                    72:8e:c2:13:74:78:e1:9e:33:2a:48:9e:c4:d3:b3:
                    50:0a:af:71:ff:70:ec:c2:f7:0a:bf:91:07:55:34:
                    82:f3:63:97:34:cb:b8:45:0f:b8:b8:d0:d2:b2:c1:
                    41:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:8A:21:C1:7B:FB:2A:DA:3D:BD:13:E0:FB:6B:1B:F2:2B:CE:B9:A3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS271965.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:5b:58:21:53:37:87:80:80:de:06:d7:a4:d9:17:5f:4c:09:
         76:70:c4:c6:45:32:42:45:18:e4:9b:ed:e8:d6:fe:d2:5b:a4:
         be:b9:fc:24:80:3c:df:e8:4f:c8:24:66:66:e5:44:0f:9e:39:
         25:7e:0a:ee:73:e4:9a:fd:cb:76:72:31:8d:08:d1:02:be:3e:
         41:a8:5f:8b:09:63:5a:14:bf:82:fc:dd:de:21:b1:3a:f5:45:
         07:12:7c:6c:0f:b8:e6:dc:94:69:e6:18:03:6b:af:ec:d7:79:
         71:7b:9d:7a:97:b4:ef:e8:49:ae:3b:ec:c4:42:84:59:32:52:
         0c:1c:2f:3d:77:4e:73:78:4a:56:0c:42:66:f4:1a:9f:b3:0f:
         c9:71:9d:32:14:75:2d:53:91:73:18:50:93:b0:90:75:9e:da:
         bf:1f:79:f1:7e:bf:a1:ac:db:df:5a:2d:39:cd:5c:0a:82:14:
         f0:cd:51:ca:83:f2:c4:b6:e1:2c:13:bf:c7:f9:91:22:b8:0e:
         3c:a6:99:5c:69:6c:c7:3b:75:08:ad:63:c4:52:a5:9a:1e:25:
         9a:88:2f:c9:8a:7e:c1:69:e9:8a:ce:3f:7a:1c:7f:21:fb:ed:
         25:de:8c:e8:2d:26:b1:68:66:af:0d:7e:b7:fc:16:7e:c6:7f:
         5b:02:d6:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQUBfd4wKpJe+T88U8pshJMtmuB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MDUxMzIxMzJaFw0yNDA3MDMxMzI2MzJaMDMxMTAvBgNV
BAMTKEJCOEEyMUMxN0JGQjJBREEzREJEMTNFMEZCNkIxQkYyMkJDRUI5QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJd4ZGUwmsejPok3G1CewVPF3r
hrurYqzxSLHaUNJFxgc1tEqXtzE+1FqOdaPBpRlU2wn816siwMMTGYx/3+6paX5y
jPTcFrSPJlYnR42nZk4OmPe6ljHtZeHJIQYAbHZ5H9T/kMRH/VYnRSNO5HaBeWJX
KASovirfI2ZSmVtdYIxq2OM3oa8x6knGKwz2/LPpf4cEjqd2vMhY6uA7DK+4M7lZ
JcNFP7nBKIU1TpEvnj9uEOdA2fxPfRaBg1PkgavqqKMrtlP2rVIqXH6o9GRvk3KO
whN0eOGeMypInsTTs1AKr3H/cOzC9wq/kQdVNILzY5c0y7hFD7i40NKywUH3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUu4ohwXv7Kto9vRPg+2sb8ivOuaMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjcxOTY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Um
MA0GCSqGSIb3DQEBCwUAA4IBAQAsW1ghUzeHgIDeBtek2RdfTAl2cMTGRTJCRRjk
m+3o1v7SW6S+ufwkgDzf6E/IJGZm5UQPnjklfgruc+Sa/ct2cjGNCNECvj5BqF+L
CWNaFL+C/N3eIbE69UUHEnxsD7jm3JRp5hgDa6/s13lxe516l7Tv6EmuO+zEQoRZ
MlIMHC89d05zeEpWDEJm9Bqfsw/JcZ0yFHUtU5FzGFCTsJB1ntq/H3nxfr+hrNvf
Wi05zVwKghTwzVHKg/LEtuEsE7/H+ZEiuA48pplcaWzHO3UIrWPEUqWaHiWaiC/J
in7BaemKzj96HH8h++0l3ozoLSaxaGavDX63/BZ+xn9bAtam
-----END CERTIFICATE-----