Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
File:                     AS57814.roa (raw, json)
Hash identifier:          sXeG/KGk80b8NJ6z2bTMpYYhctJBGCMBEh4tIjMJwBE=
Subject key identifier:   AF:3F:ED:34:C8:8F:9D:3B:3C:C5:85:F7:04:AB:58:39:2A:31:BC:16
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       39A4E662BC3EFE966734A35B5F14B23E78DEAE4C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
Signing time:             Thu 13 Jul 2023 08:40:16 +0000
ROA not before:           Thu 13 Jul 2023 08:35:16 +0000
ROA not after:            Thu 11 Jul 2024 08:40:16 +0000
asID:                     57814
IP address blocks:        45.95.20.0/24 maxlen: 24
                          109.106.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:a4:e6:62:bc:3e:fe:96:67:34:a3:5b:5f:14:b2:3e:78:de:ae:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 13 08:35:16 2023 GMT
            Not After : Jul 11 08:40:16 2024 GMT
        Subject: CN=AF3FED34C88F9D3B3CC585F704AB58392A31BC16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:65:88:90:9e:ad:cf:4b:cc:88:73:e1:f7:e8:
                    f6:71:b2:9a:9d:b9:54:8b:1c:45:e3:ce:30:63:4b:
                    ef:8f:1f:69:46:23:4e:b1:35:a8:e2:e7:74:2f:16:
                    d6:4b:3f:70:44:05:4b:4e:43:84:bf:42:b6:b1:a0:
                    d5:e1:58:76:54:e4:c2:8c:48:04:71:4f:2b:2a:84:
                    c3:f4:b1:b0:37:a1:91:57:cf:02:09:67:90:19:fb:
                    32:19:3d:9b:b8:1a:a4:57:0a:d0:01:62:c3:c2:ca:
                    de:90:1e:09:8a:ac:10:f0:0e:fd:c1:f7:9c:18:90:
                    d8:02:18:e7:d4:3e:2c:dc:ab:81:d9:a6:5b:14:3c:
                    f5:0a:ab:3a:b8:df:d0:86:5c:31:35:9f:a5:b0:75:
                    39:03:be:fa:3a:b2:bc:15:6c:ff:6c:6e:e8:f9:8b:
                    2a:47:c8:64:db:c9:b6:96:ef:c9:d6:88:fa:7c:e9:
                    9b:59:d0:39:e9:bb:cf:ce:31:b4:37:8c:98:35:62:
                    ce:94:ac:f3:fc:b1:12:00:70:3d:01:2f:81:5b:30:
                    09:de:dd:89:55:f3:11:e8:02:f5:ba:c4:26:9e:b6:
                    d6:7b:34:36:18:5d:6d:c0:0c:21:05:0f:40:dd:01:
                    62:ee:47:8f:bc:77:37:72:fd:15:0e:31:48:be:d5:
                    56:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3F:ED:34:C8:8F:9D:3B:3C:C5:85:F7:04:AB:58:39:2A:31:BC:16
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.20.0/24
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:30:9d:60:75:45:47:6d:32:33:44:28:e5:3a:53:50:c1:f9:
         35:f9:97:40:eb:72:22:3e:cc:44:f2:a9:46:48:2b:78:ff:ef:
         b6:dc:7d:e4:4e:bc:63:1e:e6:30:09:4c:19:4d:88:12:22:e3:
         5f:05:40:1a:7b:2f:a6:88:06:84:5f:75:11:c9:ce:a0:92:85:
         6c:cb:bb:6a:06:45:6b:6f:41:16:c0:76:6a:da:1d:f1:0d:53:
         e8:3a:d6:d5:08:84:ef:01:e4:be:49:40:84:74:f6:58:e1:a4:
         18:96:4e:81:54:34:3f:f2:29:76:c2:42:1e:2c:2a:94:dd:14:
         72:05:6e:25:58:aa:ea:d3:61:a6:1f:90:51:d1:00:14:42:f8:
         37:ac:64:6e:e7:e5:eb:91:05:32:fd:f4:0f:f2:aa:bb:c3:8c:
         e7:47:61:15:94:3f:30:3a:13:17:3a:76:da:4d:01:48:ff:93:
         97:c7:86:f3:3d:90:7d:31:58:0d:77:3c:91:7a:16:45:e9:4e:
         b8:7e:b1:1e:16:a6:8c:23:9b:16:97:a6:cf:22:3d:f4:c5:1d:
         fd:48:b4:9b:11:f3:21:82:2d:41:f3:e7:87:04:29:4a:5a:93:
         fd:f2:98:97:dc:6e:9d:48:94:24:e3:c0:1c:e2:a0:4f:2a:9a:
         ef:ca:58:f7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUOaTmYrw+/pZnNKNbXxSyPnjerkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MTMwODM1MTZaFw0yNDA3MTEwODQwMTZaMDMxMTAvBgNV
BAMTKEFGM0ZFRDM0Qzg4RjlEM0IzQ0M1ODVGNzA0QUI1ODM5MkEzMUJDMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ZYiQnq3PS8yIc+H36PZxspqd
uVSLHEXjzjBjS++PH2lGI06xNaji53QvFtZLP3BEBUtOQ4S/QraxoNXhWHZU5MKM
SARxTysqhMP0sbA3oZFXzwIJZ5AZ+zIZPZu4GqRXCtABYsPCyt6QHgmKrBDwDv3B
95wYkNgCGOfUPizcq4HZplsUPPUKqzq439CGXDE1n6WwdTkDvvo6srwVbP9sbuj5
iypHyGTbybaW78nWiPp86ZtZ0Dnpu8/OMbQ3jJg1Ys6UrPP8sRIAcD0BL4FbMAne
3YlV8xHoAvW6xCaettZ7NDYYXW3ADCEFD0DdAWLuR4+8dzdy/RUOMUi+1Va/AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUrz/tNMiPnTs8xYX3BKtYOSoxvBYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc4MTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtXxQD
BABtagAwDQYJKoZIhvcNAQELBQADggEBAEownWB1RUdtMjNEKOU6U1DB+TX5l0Dr
ciI+zETyqUZIK3j/77bcfeROvGMe5jAJTBlNiBIi418FQBp7L6aIBoRfdRHJzqCS
hWzLu2oGRWtvQRbAdmraHfENU+g61tUIhO8B5L5JQIR09ljhpBiWToFUND/yKXbC
Qh4sKpTdFHIFbiVYqurTYaYfkFHRABRC+DesZG7n5euRBTL99A/yqrvDjOdHYRWU
PzA6Exc6dtpNAUj/k5fHhvM9kH0xWA13PJF6FkXpTrh+sR4WpowjmxaXps8iPfTF
Hf1ItJsR8yGCLUHz54cEKUpak/3ymJfcbp1IlCTjwBzioE8qmu/KWPc=
-----END CERTIFICATE-----