Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7203.roa
File:                     AS7203.roa (raw, json)
Hash identifier:          i+N9arR1hXg59eJvNSqIteJfdLaN4qJ4mK1JnB393mE=
Subject key identifier:   47:7C:E0:29:B4:7E:4A:A8:C8:82:6E:1D:30:50:95:B7:72:49:39:DF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6FFAD2FC223BF9557EA035944455C61CAF6F1604
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7203.roa
Signing time:             Wed 31 Jan 2024 08:05:08 +0000
ROA not before:           Wed 31 Jan 2024 08:00:08 +0000
ROA not after:            Wed 29 Jan 2025 08:05:08 +0000
asID:                     7203
IP address blocks:        191.96.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:fa:d2:fc:22:3b:f9:55:7e:a0:35:94:44:55:c6:1c:af:6f:16:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:08 2024 GMT
            Not After : Jan 29 08:05:08 2025 GMT
        Subject: CN=477CE029B47E4AA8C8826E1D305095B7724939DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5a:2f:55:e0:74:7a:8d:bb:9f:45:fb:4a:bc:
                    ab:41:ce:db:13:39:7a:8f:94:f3:85:7f:a3:3c:ec:
                    57:bb:44:6a:ad:68:4d:94:99:3e:ce:fd:ac:b3:75:
                    78:34:60:57:30:3d:f4:3d:9f:59:e8:c5:7d:07:b3:
                    3c:58:16:91:5b:bd:62:c0:98:ee:51:b1:a7:dd:90:
                    79:73:cd:f6:ac:61:de:90:26:d0:fb:77:4a:20:92:
                    e2:eb:f7:e2:13:95:1d:ce:a4:54:98:a0:a7:30:67:
                    ba:95:38:48:f1:83:1b:16:f6:c5:01:d5:b5:21:ed:
                    78:49:cd:f5:81:18:00:3a:da:9d:c0:6e:d1:64:27:
                    96:3e:de:38:66:cb:5d:88:4f:b2:3f:63:1c:34:0a:
                    cd:49:a5:39:6d:2f:b5:34:46:7a:41:69:34:20:5b:
                    65:bb:35:72:99:84:95:4c:2c:14:22:79:47:f8:e6:
                    77:29:83:53:df:f5:2a:64:ef:0c:3a:9c:2e:1d:5f:
                    92:7e:39:c7:1d:64:a3:47:e3:20:ac:a2:42:1c:4c:
                    dd:57:9e:74:72:ff:d7:2c:11:9a:44:91:6c:3d:cc:
                    02:62:14:a5:65:27:8e:b2:8a:b8:32:5e:f5:71:38:
                    1a:fc:0d:2b:9b:95:2a:72:1d:87:06:3a:c6:10:be:
                    b7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7C:E0:29:B4:7E:4A:A8:C8:82:6E:1D:30:50:95:B7:72:49:39:DF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS7203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:c6:8c:20:9f:4f:53:9c:bd:71:a5:09:be:6c:ee:bf:f0:ab:
         44:07:25:ad:73:4e:d5:7e:28:e8:41:db:1f:f0:c9:24:52:3a:
         b4:8f:3d:bd:ba:7d:b9:f0:1c:5a:a4:e3:bb:7b:42:a0:92:ad:
         d3:12:40:3d:16:56:22:66:07:4f:95:be:35:6a:ca:e3:b8:f7:
         da:91:a5:5f:76:e8:83:ab:8d:63:0b:fc:e9:8a:5a:90:75:6e:
         f9:11:48:bf:7c:81:90:d1:52:e6:01:a3:d3:22:1b:89:06:63:
         a0:90:6e:72:fa:a0:ab:ea:09:89:e4:a2:b0:7c:34:60:4b:91:
         db:e8:a9:d2:d4:c2:93:59:81:96:fd:57:06:33:b1:46:c6:c5:
         aa:88:d7:3a:a3:2b:fb:3e:3d:b9:25:af:8a:4d:2c:9b:7e:18:
         75:46:08:f1:1f:f4:ce:4e:56:7d:b9:8d:50:97:34:23:c7:77:
         4e:86:60:98:16:fd:06:40:78:c7:2c:01:cd:88:d8:f1:9c:53:
         43:36:8a:92:65:61:b0:9d:b7:83:08:5d:ba:ed:73:b4:18:20:
         d6:69:df:ba:f7:6c:4f:8e:e2:2a:17:a2:5c:e1:1b:54:94:43:
         cd:23:04:0a:b5:2d:1c:72:4d:c5:7f:52:92:f0:22:d1:f3:79:
         ce:d1:e2:5c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUb/rS/CI7+VV+oDWURFXGHK9vFgQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDhaFw0yNTAxMjkwODA1MDhaMDMxMTAvBgNV
BAMTKDQ3N0NFMDI5QjQ3RTRBQThDODgyNkUxRDMwNTA5NUI3NzI0OTM5REYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtWi9V4HR6jbufRftKvKtBztsT
OXqPlPOFf6M87Fe7RGqtaE2UmT7O/ayzdXg0YFcwPfQ9n1noxX0HszxYFpFbvWLA
mO5RsafdkHlzzfasYd6QJtD7d0ogkuLr9+ITlR3OpFSYoKcwZ7qVOEjxgxsW9sUB
1bUh7XhJzfWBGAA62p3AbtFkJ5Y+3jhmy12IT7I/Yxw0Cs1JpTltL7U0RnpBaTQg
W2W7NXKZhJVMLBQieUf45ncpg1Pf9Spk7ww6nC4dX5J+OccdZKNH4yCsokIcTN1X
nnRy/9csEZpEkWw9zAJiFKVlJ46yirgyXvVxOBr8DSublSpyHYcGOsYQvrdLAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUR3zgKbR+SqjIgm4dMFCVt3JJOd8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNzIwMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAL9geDAN
BgkqhkiG9w0BAQsFAAOCAQEAe8aMIJ9PU5y9caUJvmzuv/CrRAclrXNO1X4o6EHb
H/DJJFI6tI89vbp9ufAcWqTju3tCoJKt0xJAPRZWImYHT5W+NWrK47j32pGlX3bo
g6uNYwv86YpakHVu+RFIv3yBkNFS5gGj0yIbiQZjoJBucvqgq+oJieSisHw0YEuR
2+ip0tTCk1mBlv1XBjOxRsbFqojXOqMr+z49uSWvik0sm34YdUYI8R/0zk5WfbmN
UJc0I8d3ToZgmBb9BkB4xywBzYjY8ZxTQzaKkmVhsJ23gwhduu1ztBgg1mnfuvds
T47iKheiXOEbVJRDzSMECrUtHHJNxX9SkvAi0fN5ztHiXA==
-----END CERTIFICATE-----