Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa
File:                     AS396073.roa (raw, json)
Hash identifier:          4Nf+tYiq/+tBJAOWYrMBmCJGyvKogugkgO5TkJ75lLE=
Subject key identifier:   7C:9B:A8:07:75:19:E9:06:65:95:3C:27:7C:2F:A0:BC:F0:D5:58:C8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7064797E451E227056E9C2726B5AE812471B4886
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     396073
IP address blocks:        191.101.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:64:79:7e:45:1e:22:70:56:e9:c2:72:6b:5a:e8:12:47:1b:48:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=7C9BA8077519E90665953C277C2FA0BCF0D558C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:02:0f:4d:e7:d6:40:b1:58:83:02:dd:30:76:
                    0c:f1:be:4b:46:a5:bc:3e:d9:dd:5f:65:f8:3d:10:
                    02:7d:b8:c7:f7:1e:b9:a2:35:59:87:32:65:f7:07:
                    06:c0:fe:c1:63:ed:4f:a3:e3:44:60:16:da:e3:25:
                    95:be:ce:49:9e:ee:44:63:a6:7a:3e:f9:98:93:30:
                    74:eb:2a:3c:97:f7:6d:e2:47:85:0c:b6:b7:b2:b8:
                    52:6f:55:e1:07:ec:3f:3d:56:fe:86:27:2b:45:33:
                    53:5a:91:10:ef:60:0d:2b:f6:9e:a9:99:7e:97:5d:
                    7a:63:ec:47:ad:78:19:f3:2a:cc:7e:39:6d:e1:57:
                    63:a4:d1:79:03:8e:88:bf:0c:6b:26:d2:09:b8:47:
                    2c:b5:2c:58:9b:3f:60:32:4d:a7:5f:5e:a5:89:50:
                    a4:2e:3e:4b:30:c7:09:8d:f8:bd:24:51:ec:a9:1a:
                    5c:89:19:af:12:55:ce:2f:12:1a:9a:99:46:db:4d:
                    e0:1b:1e:79:87:ba:9f:79:95:90:33:91:b2:6f:04:
                    c2:e4:dc:53:49:8b:ee:a9:0c:c3:10:3a:7a:73:ad:
                    66:0e:32:43:7f:7e:37:81:5c:36:b1:4a:61:19:e0:
                    c4:32:4a:ab:9b:ab:ae:45:d5:42:49:a3:c1:c2:4f:
                    01:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9B:A8:07:75:19:E9:06:65:95:3C:27:7C:2F:A0:BC:F0:D5:58:C8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:28:57:85:79:68:02:f3:f7:dd:52:14:bd:06:3e:99:66:7e:
         75:88:84:d4:d8:8d:3d:fc:47:7f:51:ba:0f:45:7b:88:db:fe:
         71:5e:2b:36:57:c5:59:36:ee:16:5a:9a:40:91:23:77:dd:5d:
         de:83:3a:6f:c6:11:31:2d:00:29:02:88:78:5c:23:ec:47:ba:
         95:39:f3:dc:42:97:00:b6:15:d2:74:39:25:d0:3e:3b:42:8f:
         f7:78:ee:97:68:4a:d6:b9:b4:62:d0:17:00:fe:27:d7:fb:4e:
         b2:05:4e:79:02:a2:f0:73:bb:db:16:a5:c9:f0:02:a5:94:00:
         02:57:a5:85:1f:f8:7f:31:ef:30:a6:e8:dc:f9:d8:6c:31:a3:
         94:40:9e:af:58:6f:d3:b7:df:76:9f:b1:2e:10:ad:10:92:09:
         42:61:9a:66:76:07:7d:b9:1b:16:27:cb:7b:8f:94:1e:87:79:
         9c:c8:52:7b:93:56:ff:8e:c0:d9:3c:45:fe:6c:0a:2f:39:0f:
         21:fd:c9:7b:ee:67:00:91:14:03:4e:47:0f:f9:a6:d4:37:2e:
         e0:4a:c6:a8:be:5b:06:31:c2:d2:f7:99:17:93:60:b9:77:57:
         73:2a:7a:c8:62:18:20:09:29:91:5e:ac:46:fb:dc:a2:9d:c5:
         ae:29:0b:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcGR5fkUeInBW6cJya1roEkcbSIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDdDOUJBODA3NzUxOUU5MDY2NTk1M0MyNzdDMkZBMEJDRjBENTU4QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeAg9N59ZAsViDAt0wdgzxvktG
pbw+2d1fZfg9EAJ9uMf3HrmiNVmHMmX3BwbA/sFj7U+j40RgFtrjJZW+zkme7kRj
pno++ZiTMHTrKjyX923iR4UMtreyuFJvVeEH7D89Vv6GJytFM1NakRDvYA0r9p6p
mX6XXXpj7EeteBnzKsx+OW3hV2Ok0XkDjoi/DGsm0gm4Ryy1LFibP2AyTadfXqWJ
UKQuPkswxwmN+L0kUeypGlyJGa8SVc4vEhqamUbbTeAbHnmHup95lZAzkbJvBMLk
3FNJi+6pDMMQOnpzrWYOMkN/fjeBXDaxSmEZ4MQySqubq65F1UJJo8HCTwE5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfJuoB3UZ6QZllTwnfC+gvPDVWMgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WC
MA0GCSqGSIb3DQEBCwUAA4IBAQCrKFeFeWgC8/fdUhS9Bj6ZZn51iITU2I09/Ed/
UboPRXuI2/5xXis2V8VZNu4WWppAkSN33V3egzpvxhExLQApAoh4XCPsR7qVOfPc
QpcAthXSdDkl0D47Qo/3eO6XaErWubRi0BcA/ifX+06yBU55AqLwc7vbFqXJ8AKl
lAACV6WFH/h/Me8wpujc+dhsMaOUQJ6vWG/Tt992n7EuEK0QkglCYZpmdgd9uRsW
J8t7j5Qeh3mcyFJ7k1b/jsDZPEX+bAovOQ8h/cl77mcAkRQDTkcP+abUNy7gSsao
vlsGMcLS95kXk2C5d1dzKnrIYhggCSmRXqxG+9yincWuKQuG
-----END CERTIFICATE-----