Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9028.roa
File:                     AS9028.roa (raw, json)
Hash identifier:          qjkSqGI/p0gDiENNkb8T5AJmFyMtQyHgNH7lpDzCteg=
Subject key identifier:   93:EC:A9:05:83:F6:23:24:1A:9A:E8:B2:BA:60:6A:4F:58:A2:25:AE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1251BC161C4E70D5C108771A872A28B5D56DBE6F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9028.roa
Signing time:             Thu 11 Jan 2024 23:22:51 +0000
ROA not before:           Thu 11 Jan 2024 23:17:51 +0000
ROA not after:            Thu 09 Jan 2025 23:22:51 +0000
asID:                     9028
IP address blocks:        193.31.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:51:bc:16:1c:4e:70:d5:c1:08:77:1a:87:2a:28:b5:d5:6d:be:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 11 23:17:51 2024 GMT
            Not After : Jan  9 23:22:51 2025 GMT
        Subject: CN=93ECA90583F623241A9AE8B2BA606A4F58A225AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:46:80:2c:37:1f:e7:0a:86:00:5d:6c:d2:ca:
                    5c:46:34:60:77:4a:b7:94:6a:95:c9:42:43:bc:64:
                    25:02:6a:ae:e0:bc:72:5a:62:0c:24:06:97:eb:c0:
                    92:1d:32:ad:fd:5d:48:57:cb:a0:f5:f7:3d:d2:bf:
                    f6:d5:52:ec:64:0f:f2:0e:99:47:f0:d4:5e:4d:bf:
                    81:25:67:08:9c:ef:96:d2:b0:82:48:0a:77:a7:67:
                    3e:df:8e:7c:4c:43:0d:59:c3:70:be:4e:2b:92:9f:
                    08:f2:14:42:96:03:04:9c:e6:d8:cb:e4:f7:05:31:
                    97:13:17:b0:57:e3:69:d9:93:bd:a2:d2:b4:00:87:
                    52:f6:6f:5a:e9:35:d2:83:27:43:a5:5a:9a:df:77:
                    15:5b:d6:d8:5e:07:4f:d6:9d:7b:b6:b5:8f:37:fe:
                    5c:fd:48:8f:6e:43:8d:83:1a:65:8d:9f:4a:cd:10:
                    38:ed:45:31:7c:3f:df:ab:fd:8e:1b:d1:17:4d:63:
                    fe:72:93:cb:5e:11:00:77:d7:85:ee:14:95:ac:8c:
                    80:68:1f:92:48:09:e8:b6:fe:01:83:5c:0d:61:0f:
                    47:a1:60:d3:13:cf:bb:0d:05:aa:e2:52:f0:e5:85:
                    21:3c:17:83:a2:85:5c:35:c4:d7:08:e4:d6:b0:6c:
                    29:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:EC:A9:05:83:F6:23:24:1A:9A:E8:B2:BA:60:6A:4F:58:A2:25:AE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS9028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1c:5c:75:2e:5a:1a:b8:5d:d2:c4:4c:0d:45:c0:8b:a0:91:
         24:1a:9a:79:bb:bf:a2:b7:3d:10:fa:21:9b:c5:06:e2:57:d9:
         0c:f4:a0:6f:01:86:8e:08:dc:5c:9b:7e:a0:21:cd:01:96:3e:
         0d:c9:a8:20:63:99:12:2a:39:86:33:a0:ea:d2:8d:5d:42:12:
         a9:88:eb:90:10:dd:89:8e:ac:96:b7:ca:38:a7:1f:1a:59:4c:
         4a:69:dd:1b:54:ea:27:19:2e:19:5d:22:a5:a3:e7:7d:9f:d5:
         31:66:24:5f:39:e2:49:e4:cd:07:20:7f:d0:e2:7e:5c:b9:bc:
         e8:c5:79:1a:93:76:f5:cc:4e:ed:df:5e:73:b9:d1:92:18:3c:
         c3:fd:71:44:d3:f3:d9:f0:eb:f6:77:8a:51:2e:51:01:8d:19:
         df:8b:c4:c0:39:10:bf:17:54:71:4c:5c:e8:0c:dd:2c:f9:69:
         69:02:71:fe:e0:98:be:11:17:7c:e5:7b:c0:71:8b:94:99:89:
         b5:0a:94:53:61:80:10:ae:62:f5:ff:b8:e7:91:68:5f:35:d6:
         e2:45:1b:b6:32:cf:ca:be:3c:1a:2b:3a:0f:84:8a:10:a6:9c:
         23:19:b6:ba:63:05:10:e3:73:ac:6a:2d:9d:82:86:ae:b9:36:
         76:b9:a0:44
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUElG8FhxOcNXBCHcahyootdVtvm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMTEyMzE3NTFaFw0yNTAxMDkyMzIyNTFaMDMxMTAvBgNV
BAMTKDkzRUNBOTA1ODNGNjIzMjQxQTlBRThCMkJBNjA2QTRGNThBMjI1QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgRoAsNx/nCoYAXWzSylxGNGB3
SreUapXJQkO8ZCUCaq7gvHJaYgwkBpfrwJIdMq39XUhXy6D19z3Sv/bVUuxkD/IO
mUfw1F5Nv4ElZwic75bSsIJICnenZz7fjnxMQw1Zw3C+TiuSnwjyFEKWAwSc5tjL
5PcFMZcTF7BX42nZk72i0rQAh1L2b1rpNdKDJ0OlWprfdxVb1theB0/WnXu2tY83
/lz9SI9uQ42DGmWNn0rNEDjtRTF8P9+r/Y4b0RdNY/5yk8teEQB314XuFJWsjIBo
H5JICei2/gGDXA1hD0ehYNMTz7sNBariUvDlhSE8F4OihVw1xNcI5NawbCmRAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUk+ypBYP2IyQamuiyumBqT1iiJa4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTOTAyOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEfKzAN
BgkqhkiG9w0BAQsFAAOCAQEAAxxcdS5aGrhd0sRMDUXAi6CRJBqaebu/orc9EPoh
m8UG4lfZDPSgbwGGjgjcXJt+oCHNAZY+DcmoIGOZEio5hjOg6tKNXUISqYjrkBDd
iY6slrfKOKcfGllMSmndG1TqJxkuGV0ipaPnfZ/VMWYkXzniSeTNByB/0OJ+XLm8
6MV5GpN29cxO7d9ec7nRkhg8w/1xRNPz2fDr9neKUS5RAY0Z34vEwDkQvxdUcUxc
6AzdLPlpaQJx/uCYvhEXfOV7wHGLlJmJtQqUU2GAEK5i9f+455FoXzXW4kUbtjLP
yr48Gis6D4SKEKacIxm2umMFEONzrGotnYKGrrk2drmgRA==
-----END CERTIFICATE-----