Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395899.roa
File:                     AS395899.roa (raw, json)
Hash identifier:          7or5AfpBaO/F+D4AKcZ6Uu0Lm4AhYybnZuYnuyoYymQ=
Subject key identifier:   05:30:11:AD:B4:46:A6:32:14:87:3B:7A:7A:31:04:AF:C6:33:C2:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       785BF1FD9D5498880CB26A85AAAE354D662F901D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395899.roa
Signing time:             Thu 04 Apr 2024 21:41:53 +0000
ROA not before:           Thu 04 Apr 2024 21:36:53 +0000
ROA not after:            Thu 03 Apr 2025 21:41:53 +0000
asID:                     395899
IP address blocks:        191.101.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5b:f1:fd:9d:54:98:88:0c:b2:6a:85:aa:ae:35:4d:66:2f:90:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  4 21:36:53 2024 GMT
            Not After : Apr  3 21:41:53 2025 GMT
        Subject: CN=053011ADB446A63214873B7A7A3104AFC633C206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5b:ae:9b:1f:81:6b:08:2b:8f:a4:5a:93:af:
                    a5:fa:d3:a6:4a:93:d3:42:83:c8:46:3d:a8:a8:2c:
                    c2:52:44:c6:e0:9e:34:e9:a4:6e:71:5b:1f:0f:dd:
                    63:27:34:02:9c:c2:1f:cc:13:cc:7a:21:a3:ed:f9:
                    68:34:83:55:63:08:6b:22:01:3a:e0:38:0c:fe:8b:
                    f2:f8:79:d7:3f:af:18:92:19:90:76:63:59:64:d3:
                    ba:33:0a:fe:d9:2b:70:3c:3a:2e:97:ce:cb:41:44:
                    c1:00:6c:6d:55:32:0f:5e:c8:13:76:a6:11:0b:61:
                    50:8e:d8:1b:bb:d0:66:54:8d:7d:f1:62:0e:42:c8:
                    26:0d:97:63:87:0d:a2:48:db:76:7f:39:2f:61:e4:
                    e9:19:b8:40:6d:7b:65:21:cc:95:2c:1f:cc:c3:63:
                    b1:82:2c:ab:7b:08:77:ed:0d:a7:cc:7e:0b:52:0d:
                    0a:62:8e:ff:18:4f:24:be:ac:3d:53:f7:a0:24:44:
                    0c:19:05:90:71:b1:94:91:c1:cd:95:ee:9c:09:aa:
                    88:28:5f:ad:d0:59:11:7c:e3:d3:28:77:81:c6:16:
                    76:5c:b5:4b:76:6c:e2:84:9c:52:4e:8e:71:50:e8:
                    46:14:99:59:e1:c7:bc:61:9a:73:c5:33:09:27:7f:
                    8e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:30:11:AD:B4:46:A6:32:14:87:3B:7A:7A:31:04:AF:C6:33:C2:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395899.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:49:b9:8e:a9:06:e9:5c:91:bc:4b:b6:c8:64:36:35:c0:41:
         3c:ef:a9:16:92:13:a6:32:aa:6c:47:3b:6a:39:23:36:a8:25:
         44:5b:41:c3:8c:9c:d5:9f:ce:c2:25:c3:3f:5a:91:80:b3:16:
         5a:d4:0f:ba:de:86:63:92:35:12:b7:dc:83:6a:b1:2a:1e:15:
         a6:b7:4a:37:a9:c6:6e:c1:c4:c4:6b:ef:e1:03:e5:fc:ba:92:
         b9:c5:ea:23:f4:bb:7a:71:b4:13:2b:60:ef:49:21:e1:4d:93:
         dd:32:a4:aa:8d:ae:4d:f9:9f:bf:d6:b3:86:0a:4b:7c:77:3c:
         fe:47:62:b8:b2:c9:3d:29:6b:82:18:42:cf:c1:9e:9c:46:89:
         6b:fc:f7:2f:47:8c:66:b4:e0:7a:8c:01:ff:bc:42:11:f0:f6:
         13:c7:e3:eb:eb:18:a9:e2:af:c4:c9:a0:64:63:b2:a0:29:3e:
         de:c4:ed:c2:f8:c0:e0:64:ec:87:3b:b4:71:99:75:9d:1e:7b:
         df:e1:73:2a:d1:04:d3:37:18:d3:9f:60:69:8c:35:17:39:1b:
         f1:ba:7d:5f:f0:5d:af:9b:07:87:25:4d:99:19:62:dd:ec:69:
         0b:bb:a5:e5:34:c7:44:29:30:e4:85:8e:f4:b3:ef:79:a2:58:
         b3:b3:92:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeFvx/Z1UmIgMsmqFqq41TWYvkB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDQyMTM2NTNaFw0yNTA0MDMyMTQxNTNaMDMxMTAvBgNV
BAMTKDA1MzAxMUFEQjQ0NkE2MzIxNDg3M0I3QTdBMzEwNEFGQzYzM0MyMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvW66bH4FrCCuPpFqTr6X606ZK
k9NCg8hGPaioLMJSRMbgnjTppG5xWx8P3WMnNAKcwh/ME8x6IaPt+Wg0g1VjCGsi
ATrgOAz+i/L4edc/rxiSGZB2Y1lk07ozCv7ZK3A8Oi6XzstBRMEAbG1VMg9eyBN2
phELYVCO2Bu70GZUjX3xYg5CyCYNl2OHDaJI23Z/OS9h5OkZuEBte2UhzJUsH8zD
Y7GCLKt7CHftDafMfgtSDQpijv8YTyS+rD1T96AkRAwZBZBxsZSRwc2V7pwJqogo
X63QWRF849Mod4HGFnZctUt2bOKEnFJOjnFQ6EYUmVnhx7xhmnPFMwknf46LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBTARrbRGpjIUhzt6ejEEr8YzwgYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk1ODk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Up
MA0GCSqGSIb3DQEBCwUAA4IBAQAiSbmOqQbpXJG8S7bIZDY1wEE876kWkhOmMqps
RztqOSM2qCVEW0HDjJzVn87CJcM/WpGAsxZa1A+63oZjkjUSt9yDarEqHhWmt0o3
qcZuwcTEa+/hA+X8upK5xeoj9Lt6cbQTK2DvSSHhTZPdMqSqja5N+Z+/1rOGCkt8
dzz+R2K4ssk9KWuCGELPwZ6cRolr/PcvR4xmtOB6jAH/vEIR8PYTx+Pr6xip4q/E
yaBkY7KgKT7exO3C+MDgZOyHO7RxmXWdHnvf4XMq0QTTNxjTn2BpjDUXORvxun1f
8F2vmweHJU2ZGWLd7GkLu6XlNMdEKTDkhY70s+95olizs5L2
-----END CERTIFICATE-----