Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
File:                     AS396362.roa (raw, json)
Hash identifier:          z+cBiuvZ8VaTcIrmZ0o9YLQF5VJIMVpbqqbA8excYJA=
Subject key identifier:   6C:E2:4A:F7:95:77:56:5E:49:64:8A:91:29:43:B6:33:2E:C5:93:A4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       06BF0C6794FEAAACF32A56F2947A02FEAFE75925
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     396362
IP address blocks:        185.141.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 17:37:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:bf:0c:67:94:fe:aa:ac:f3:2a:56:f2:94:7a:02:fe:af:e7:59:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=6CE24AF79577565E49648A912943B6332EC593A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:97:f0:2d:d5:e2:46:a5:48:87:d6:26:b5:
                    06:04:70:eb:6a:6c:d2:46:2c:7d:af:ed:67:df:1d:
                    58:70:05:a3:7e:2c:1c:ea:30:d1:f3:52:73:1e:e5:
                    4b:10:5e:b4:7e:25:a6:5f:c1:a6:80:22:be:45:26:
                    30:33:f4:3e:44:c1:a3:2e:e9:02:f2:ee:47:64:0b:
                    69:ef:53:10:27:78:b0:95:0c:78:4a:2e:a9:8d:96:
                    b3:bd:61:b3:19:01:18:0b:d0:5a:2f:18:fb:6e:76:
                    47:2f:5c:4b:75:5d:d9:ba:be:b7:41:6f:31:8e:12:
                    06:43:51:d9:3f:71:f6:3b:ec:56:cf:ba:09:54:66:
                    64:27:e3:99:8d:e6:68:93:c7:d1:ff:31:3b:77:e6:
                    60:12:6c:c9:90:a0:ab:f8:7c:48:de:eb:9c:77:fc:
                    4c:5c:49:c0:a2:d1:27:36:23:be:3b:50:38:ac:2d:
                    ec:17:47:24:16:a9:b8:76:8d:70:3f:32:10:11:49:
                    bb:8d:a9:b4:7a:64:19:99:74:a0:7f:3b:e9:1e:d7:
                    4f:f1:73:d3:e0:54:0c:f8:e3:63:52:f8:d0:cc:20:
                    28:41:9d:a8:f8:25:de:c8:0c:b2:c3:5e:b1:50:9a:
                    48:93:8e:11:21:ae:92:35:04:83:dd:36:96:9b:f6:
                    19:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:4A:F7:95:77:56:5E:49:64:8A:91:29:43:B6:33:2E:C5:93:A4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ce:a9:4f:9e:03:b8:19:62:33:48:2e:0c:c6:3e:99:34:67:
         15:0e:d0:ba:2d:d1:da:70:c8:79:9a:7a:29:e6:19:99:b5:09:
         90:cf:f5:dd:b9:b5:80:af:b0:bb:eb:e1:83:8b:ac:32:34:04:
         1c:f4:56:85:9d:66:b6:6c:3c:37:2d:c3:01:86:51:7f:e9:9f:
         86:78:0a:6f:15:b0:4e:9b:68:39:d3:b6:dc:14:63:a0:6f:01:
         63:d8:ea:ae:0b:d6:de:33:b8:40:9c:9b:14:05:bd:d6:de:d5:
         70:f1:58:0a:dc:91:2c:f4:df:56:67:10:1e:2d:9c:d1:ab:10:
         5a:98:08:77:0b:bb:8e:da:d1:1c:57:c7:07:4a:f4:20:29:99:
         65:60:44:f0:b2:da:7e:34:5c:73:12:f2:b4:d3:93:f2:b4:9b:
         82:01:81:35:e4:b3:63:92:91:4e:b1:4b:4b:ec:84:a3:13:1e:
         62:01:ea:5d:70:cc:72:af:20:97:62:cf:9b:78:55:09:6b:b4:
         74:db:14:a2:2f:43:21:87:7b:17:1d:96:98:da:34:da:b9:8b:
         18:85:f3:b0:71:80:e8:93:69:92:f5:49:65:3a:d9:0a:81:fc:
         f4:92:e1:7f:73:e9:48:dd:a9:a4:a1:15:f0:8f:80:9a:48:cd:
         2d:73:1c:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBr8MZ5T+qqzzKlbylHoC/q/nWSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDZDRTI0QUY3OTU3NzU2NUU0OTY0OEE5MTI5NDNCNjMzMkVDNTkzQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0zJfwLdXiRqVIh9YmtQYEcOtq
bNJGLH2v7WffHVhwBaN+LBzqMNHzUnMe5UsQXrR+JaZfwaaAIr5FJjAz9D5EwaMu
6QLy7kdkC2nvUxAneLCVDHhKLqmNlrO9YbMZARgL0FovGPtudkcvXEt1Xdm6vrdB
bzGOEgZDUdk/cfY77FbPuglUZmQn45mN5miTx9H/MTt35mASbMmQoKv4fEje65x3
/ExcScCi0Sc2I747UDisLewXRyQWqbh2jXA/MhARSbuNqbR6ZBmZdKB/O+ke10/x
c9PgVAz442NS+NDMIChBnaj4Jd7IDLLDXrFQmkiTjhEhrpI1BIPdNpab9hmjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbOJK95V3Vl5JZIqRKUO2My7Fk6QwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY2m
MA0GCSqGSIb3DQEBCwUAA4IBAQBCzqlPngO4GWIzSC4Mxj6ZNGcVDtC6LdHacMh5
mnop5hmZtQmQz/XdubWAr7C76+GDi6wyNAQc9FaFnWa2bDw3LcMBhlF/6Z+GeApv
FbBOm2g507bcFGOgbwFj2OquC9beM7hAnJsUBb3W3tVw8VgK3JEs9N9WZxAeLZzR
qxBamAh3C7uO2tEcV8cHSvQgKZllYETwstp+NFxzEvK005PytJuCAYE15LNjkpFO
sUtL7ISjEx5iAepdcMxyryCXYs+beFUJa7R02xSiL0Mhh3sXHZaY2jTauYsYhfOw
cYDok2mS9UllOtkKgfz0kuF/c+lI3amkoRXwj4CaSM0tcxwa
-----END CERTIFICATE-----