Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201364.roa
File:                     AS201364.roa (raw, json)
Hash identifier:          4m2W/InOtjZswmZ/trYdC8XuYYT864sVDwy6WeDLYew=
Subject key identifier:   CA:A0:E1:23:EC:F4:AE:D0:79:09:5A:1B:5D:7E:FC:13:29:41:CE:4B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6AF7987974628DD2A79F1EADDEA398AC190722C2
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201364.roa
Signing time:             Thu 31 Oct 2024 13:43:26 +0000
ROA not before:           Thu 31 Oct 2024 13:38:26 +0000
ROA not after:            Thu 30 Oct 2025 13:43:26 +0000
asID:                     201364
IP address blocks:        195.206.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f7:98:79:74:62:8d:d2:a7:9f:1e:ad:de:a3:98:ac:19:07:22:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 31 13:38:26 2024 GMT
            Not After : Oct 30 13:43:26 2025 GMT
        Subject: CN=CAA0E123ECF4AED079095A1B5D7EFC132941CE4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e1:88:c0:4d:fc:42:47:9e:1d:fa:c4:fb:cd:
                    18:7c:ae:86:86:eb:f8:90:c0:86:8e:ad:c4:7c:2b:
                    ea:66:33:da:f9:e0:19:56:1d:44:49:ac:ee:1b:0f:
                    06:f4:ed:5a:20:22:05:cc:bf:23:ed:1a:74:e1:ab:
                    ae:d4:99:17:04:ef:08:09:b2:00:80:c0:32:3f:60:
                    1f:11:b1:da:03:47:ef:ab:46:c6:5e:1d:2f:64:b6:
                    92:0b:8d:38:cc:ad:0e:ef:81:ed:1e:52:7a:e9:ef:
                    a9:68:38:f1:52:44:31:a7:e0:4c:cf:42:9e:b1:41:
                    29:62:47:dd:f5:8f:92:51:b5:d9:27:84:d1:c1:27:
                    f1:c7:11:0e:ba:3b:32:15:50:7d:58:c0:8a:66:d9:
                    9d:22:d5:1c:e9:17:0b:2f:15:8e:3b:ae:ff:82:a0:
                    6a:d1:c3:41:e3:f4:5c:b3:f6:cf:ad:4a:3f:20:e8:
                    04:9a:07:89:4f:01:c6:eb:0f:69:82:39:04:cf:89:
                    37:e8:9b:fb:ab:e9:9e:21:03:d0:e9:2c:04:54:50:
                    50:62:3f:35:1a:f3:92:e2:66:7b:e2:1f:c0:96:c1:
                    8c:7a:ee:55:ab:cb:59:a9:68:1e:c4:a6:8c:ad:d1:
                    c1:c5:97:d4:ab:e1:23:c1:21:62:7b:9b:4b:55:0a:
                    8f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A0:E1:23:EC:F4:AE:D0:79:09:5A:1B:5D:7E:FC:13:29:41:CE:4B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS201364.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3a:4b:9a:7a:52:a0:71:8c:d8:95:7c:e8:52:24:6a:87:9d:
         75:63:b4:e9:9d:97:d4:d4:f4:a4:ea:82:b7:d6:58:a5:67:aa:
         c9:8a:56:5e:69:1b:04:40:cb:59:d2:63:d8:15:2e:7e:f1:cd:
         c8:20:56:ec:c7:d1:9f:d1:a9:87:22:1b:2d:73:a1:5d:2e:eb:
         9d:59:10:ad:2c:02:0c:a6:31:71:ff:ac:ce:c8:cb:d3:6e:de:
         40:d7:34:b4:01:e4:50:11:cc:5c:b9:7b:c9:3c:8a:27:ea:48:
         62:08:c6:ee:c0:ac:18:3b:c2:d8:59:8e:f5:9c:1d:ca:d6:54:
         e4:0e:c2:4a:44:03:31:90:cd:f1:3f:fe:e0:76:24:9d:1a:eb:
         46:e3:da:75:a5:a0:f2:ee:0f:ce:8d:cd:43:00:34:2f:52:09:
         96:9c:3b:5c:0e:2f:13:f3:95:6d:d5:69:3a:7c:b9:8f:fc:19:
         2f:57:c6:4b:06:f5:6e:57:fd:f3:40:fd:b2:74:f6:8d:20:61:
         21:3c:e0:e6:22:39:fd:13:33:71:14:60:f4:e1:d0:3b:c3:1e:
         09:4a:4c:38:97:ea:3d:11:e1:a9:36:1a:93:8d:49:a7:0d:15:
         38:61:60:89:be:c5:8c:8b:e4:08:fc:45:3f:0c:87:b1:b6:36:
         69:1b:e9:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaveYeXRijdKnnx6t3qOYrBkHIsIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMzExMzM4MjZaFw0yNTEwMzAxMzQzMjZaMDMxMTAvBgNV
BAMTKENBQTBFMTIzRUNGNEFFRDA3OTA5NUExQjVEN0VGQzEzMjk0MUNFNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV4YjATfxCR54d+sT7zRh8roaG
6/iQwIaOrcR8K+pmM9r54BlWHURJrO4bDwb07VogIgXMvyPtGnThq67UmRcE7wgJ
sgCAwDI/YB8RsdoDR++rRsZeHS9ktpILjTjMrQ7vge0eUnrp76loOPFSRDGn4EzP
Qp6xQSliR931j5JRtdknhNHBJ/HHEQ66OzIVUH1YwIpm2Z0i1RzpFwsvFY47rv+C
oGrRw0Hj9Fyz9s+tSj8g6ASaB4lPAcbrD2mCOQTPiTfom/ur6Z4hA9DpLARUUFBi
PzUa85LiZnviH8CWwYx67lWry1mpaB7Epoyt0cHFl9Sr4SPBIWJ7m0tVCo+vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyqDhI+z0rtB5CVobXX78EylBzkswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAxMzY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw87r
MA0GCSqGSIb3DQEBCwUAA4IBAQABOkuaelKgcYzYlXzoUiRqh511Y7TpnZfU1PSk
6oK31lilZ6rJilZeaRsEQMtZ0mPYFS5+8c3IIFbsx9Gf0amHIhstc6FdLuudWRCt
LAIMpjFx/6zOyMvTbt5A1zS0AeRQEcxcuXvJPIon6khiCMbuwKwYO8LYWY71nB3K
1lTkDsJKRAMxkM3xP/7gdiSdGutG49p1paDy7g/Ojc1DADQvUgmWnDtcDi8T85Vt
1Wk6fLmP/BkvV8ZLBvVuV/3zQP2ydPaNIGEhPODmIjn9EzNxFGD04dA7wx4JSkw4
l+o9EeGpNhqTjUmnDRU4YWCJvsWMi+QI/EU/DIextjZpG+kh
-----END CERTIFICATE-----
Generated at Mon Nov 25 04:59:51 2024 by rpki-client on console-fra.rpki-client.org