Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3223.roa
File:                     AS3223.roa (raw, json)
Hash identifier:          V6Nr0rZIVuamJLsfuCk+cUvq2U9tf65CshSJ551tiaw=
Subject key identifier:   93:D7:6A:A5:21:A8:FF:66:E2:BE:1E:40:26:91:05:C9:25:16:DE:97
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4A2BAE59DECD0C656A08F24E9EDBD8CC5BEFF797
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3223.roa
Signing time:             Tue 03 Sep 2024 09:58:52 +0000
ROA not before:           Tue 03 Sep 2024 09:53:52 +0000
ROA not after:            Tue 02 Sep 2025 09:58:52 +0000
asID:                     3223
IP address blocks:        191.101.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:2b:ae:59:de:cd:0c:65:6a:08:f2:4e:9e:db:d8:cc:5b:ef:f7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  3 09:53:52 2024 GMT
            Not After : Sep  2 09:58:52 2025 GMT
        Subject: CN=93D76AA521A8FF66E2BE1E40269105C92516DE97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:66:cc:ac:aa:72:5b:1d:30:97:33:89:17:00:
                    8b:46:42:a8:e1:7e:c0:f2:05:ce:91:29:af:0c:05:
                    98:9c:cf:8b:06:c3:a6:7f:73:77:ca:4f:78:74:4e:
                    52:24:e3:77:4e:93:ad:26:bd:27:be:31:b0:f0:f6:
                    26:c1:66:96:9d:ce:bb:e7:4e:a9:e5:17:eb:73:87:
                    d1:4f:ea:88:80:5b:eb:95:22:b0:de:71:87:93:44:
                    ab:72:34:64:6d:0b:81:de:f5:ed:b8:56:04:19:45:
                    75:e8:7e:e2:a8:2e:30:14:8f:d7:0f:48:cf:12:5b:
                    bc:37:a8:c0:e8:5a:ff:7f:78:e4:76:ff:79:b2:50:
                    03:78:2f:20:d6:bc:d7:6c:1b:a3:26:5e:75:62:a9:
                    f7:17:90:3d:e4:f9:30:73:c9:c7:23:91:13:a0:27:
                    23:54:6e:b6:c4:5e:f8:d1:59:66:69:70:50:cf:6a:
                    94:7a:12:df:78:ed:ca:a5:e1:db:e9:e1:c5:c6:3e:
                    d6:09:e8:7e:3c:f5:58:bd:03:6a:40:aa:96:91:d2:
                    9e:c0:91:17:d1:90:81:f3:e5:3e:79:1f:66:7e:e1:
                    39:fd:a2:9a:23:3d:17:77:be:d1:d1:94:f6:dc:1e:
                    3c:37:57:94:4f:ab:db:22:c5:75:3e:d5:fc:b1:02:
                    24:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D7:6A:A5:21:A8:FF:66:E2:BE:1E:40:26:91:05:C9:25:16:DE:97
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ad:67:66:79:50:11:a8:d8:b1:d0:47:40:d9:b4:ee:5e:bb:
         73:0a:71:c5:a6:60:11:56:0c:5a:df:f8:39:db:da:b1:56:72:
         96:6a:b1:80:c4:0a:17:ef:9c:01:2e:3b:d3:33:c0:87:0c:cb:
         46:7c:04:60:4f:be:4e:0a:d6:85:54:6c:42:02:3e:4d:8f:0b:
         d7:b7:8e:1b:7c:57:ae:53:b4:a8:a7:e7:24:6c:40:91:96:c4:
         6d:f7:90:d1:4b:3a:4d:b7:a5:a4:ae:8f:64:aa:d3:fc:3f:12:
         9d:a7:e0:88:32:3f:ca:69:fa:89:ac:86:97:93:e0:5f:d4:88:
         6a:be:92:59:14:7c:56:41:58:bd:31:41:32:ea:2a:04:39:d9:
         3b:46:12:63:fc:61:36:7c:7d:8c:47:6e:c8:9a:4c:d5:d3:f9:
         75:8d:e8:ff:ca:b7:7e:1e:ab:a9:44:cb:0c:c4:5b:ba:86:c9:
         d4:50:b3:25:25:81:3d:e3:85:2d:49:1e:e9:0b:58:a4:e7:3c:
         fe:34:b3:a3:f1:ae:be:06:0a:28:fe:d6:89:aa:27:0a:69:9c:
         90:1c:0c:93:47:ab:cf:ce:19:d2:91:1f:84:fc:7f:92:94:e7:
         0d:aa:f2:f6:66:87:ed:39:07:8f:0b:7c:1d:9a:cd:d4:69:6a:
         ee:90:15:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUSiuuWd7NDGVqCPJOntvYzFvv95cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MDMwOTUzNTJaFw0yNTA5MDIwOTU4NTJaMDMxMTAvBgNV
BAMTKDkzRDc2QUE1MjFBOEZGNjZFMkJFMUU0MDI2OTEwNUM5MjUxNkRFOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9ZsysqnJbHTCXM4kXAItGQqjh
fsDyBc6RKa8MBZicz4sGw6Z/c3fKT3h0TlIk43dOk60mvSe+MbDw9ibBZpadzrvn
TqnlF+tzh9FP6oiAW+uVIrDecYeTRKtyNGRtC4He9e24VgQZRXXofuKoLjAUj9cP
SM8SW7w3qMDoWv9/eOR2/3myUAN4LyDWvNdsG6MmXnViqfcXkD3k+TBzyccjkROg
JyNUbrbEXvjRWWZpcFDPapR6Et947cql4dvp4cXGPtYJ6H489Vi9A2pAqpaR0p7A
kRfRkIHz5T55H2Z+4Tn9opojPRd3vtHRlPbcHjw3V5RPq9sixXU+1fyxAiTFAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUk9dqpSGo/2bivh5AJpEFySUW3pcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzIyMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9l8jAN
BgkqhkiG9w0BAQsFAAOCAQEAsq1nZnlQEajYsdBHQNm07l67cwpxxaZgEVYMWt/4
OdvasVZylmqxgMQKF++cAS470zPAhwzLRnwEYE++TgrWhVRsQgI+TY8L17eOG3xX
rlO0qKfnJGxAkZbEbfeQ0Us6TbelpK6PZKrT/D8SnafgiDI/ymn6iayGl5PgX9SI
ar6SWRR8VkFYvTFBMuoqBDnZO0YSY/xhNnx9jEduyJpM1dP5dY3o/8q3fh6rqUTL
DMRbuobJ1FCzJSWBPeOFLUke6QtYpOc8/jSzo/GuvgYKKP7WiaonCmmckBwMk0er
z84Z0pEfhPx/kpTnDary9maH7TkHjwt8HZrN1Glq7pAV6Q==
-----END CERTIFICATE-----