Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          K6Ta2aOHT2dEy5HeMVtW+yMvxQazhcJrac28DhWcTQM=
Subject key identifier:   BF:C7:B2:72:DF:65:61:75:D0:94:F1:15:C7:A9:A4:20:12:84:1D:6E
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7B50EBF02BA0431C657EEF0B64B9ADC2EF8A501F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS202662.roa
Signing time:             Wed 21 Feb 2024 18:05:12 +0000
ROA not before:           Wed 21 Feb 2024 18:00:12 +0000
ROA not after:            Wed 19 Feb 2025 18:05:12 +0000
asID:                     202662
IP address blocks:        192.166.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:50:eb:f0:2b:a0:43:1c:65:7e:ef:0b:64:b9:ad:c2:ef:8a:50:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 21 18:00:12 2024 GMT
            Not After : Feb 19 18:05:12 2025 GMT
        Subject: CN=BFC7B272DF656175D094F115C7A9A42012841D6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b7:e8:c7:41:a6:c7:05:2d:fb:4f:5e:f0:45:
                    7b:a7:d4:77:44:3c:e4:0e:e5:ac:7d:a0:32:33:3e:
                    f3:e2:07:63:b7:f1:e8:7f:d7:d1:d4:b5:c1:c5:c2:
                    c9:28:30:9e:fe:a7:53:0c:24:e0:1b:fb:aa:8d:99:
                    e8:0f:37:96:3b:80:6a:d9:42:2e:6f:23:c2:b7:89:
                    ba:b2:db:7b:e6:5d:05:dc:cd:26:59:f9:8b:1d:ef:
                    37:b9:67:cc:f8:39:82:52:f5:f3:85:ac:d2:28:ed:
                    e0:7c:6e:ac:79:ae:8d:be:08:74:23:7b:eb:08:1f:
                    7f:e3:2e:49:33:7e:f6:35:fc:b0:9f:fd:5d:16:34:
                    e5:60:91:a0:52:0f:2c:8b:18:73:08:3a:f6:8e:d7:
                    ed:e6:5b:31:1f:c0:d0:a9:00:ce:bb:a8:6b:5d:88:
                    c7:dd:10:e1:17:dc:cf:32:5b:0b:02:87:7d:5b:18:
                    d6:b2:eb:84:08:8f:d6:f5:2e:78:b6:be:92:4b:1c:
                    11:53:4a:2d:46:91:76:45:58:f5:cc:5f:06:24:ef:
                    b4:be:ca:d9:80:62:5f:26:0c:8a:f9:46:03:a2:36:
                    96:a4:e8:67:f6:6e:aa:2d:f5:51:a0:30:ce:e0:ef:
                    c3:47:1f:22:65:f8:7d:36:90:af:48:02:f2:76:ed:
                    98:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C7:B2:72:DF:65:61:75:D0:94:F1:15:C7:A9:A4:20:12:84:1D:6E
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:59:ec:70:1f:25:c7:e5:db:d0:97:43:c0:25:25:6f:61:dd:
         52:69:0f:2e:4e:29:a7:aa:13:f8:16:60:35:7b:be:9c:b6:54:
         60:8f:99:a6:22:e5:59:8b:f9:bd:b9:52:16:7f:66:43:1e:e9:
         71:f5:89:7d:b5:4b:51:c3:20:47:2f:88:af:29:f1:35:cd:c1:
         e6:84:b0:c6:52:8b:0e:31:90:8d:2f:9c:93:23:76:2a:0a:d0:
         1c:e3:61:60:ae:4d:c6:32:10:5d:ec:e9:d0:bf:17:93:29:c1:
         ff:44:57:7b:c1:e3:7b:df:dd:2b:67:7a:50:54:4b:6a:10:d3:
         58:9a:a0:dd:bf:62:d0:fb:f4:62:b8:b4:50:f1:6d:96:c2:0c:
         01:b8:4f:dd:ad:67:83:05:27:6c:bf:2a:a3:05:50:a0:9e:ee:
         3f:85:5a:1a:a8:bd:0b:98:e9:2e:1b:c1:1c:84:51:b2:d5:0d:
         3d:71:94:5d:62:2e:12:5c:7e:7d:81:a3:4c:c4:2d:75:ba:13:
         97:3d:c4:05:db:ce:7a:49:b8:98:e1:96:75:99:9d:6b:9e:cf:
         95:83:11:bf:a9:5e:4c:53:bc:70:e6:f3:41:0f:a3:fa:30:ec:
         8c:cf:0e:e2:07:8d:50:63:41:a6:f7:3e:1b:a9:08:0a:5b:37:
         94:07:9e:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUe1Dr8CugQxxlfu8LZLmtwu+KUB8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDAyMjExODAwMTJaFw0yNTAyMTkxODA1MTJaMDMxMTAvBgNV
BAMTKEJGQzdCMjcyREY2NTYxNzVEMDk0RjExNUM3QTlBNDIwMTI4NDFENkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpt+jHQabHBS37T17wRXun1HdE
POQO5ax9oDIzPvPiB2O38eh/19HUtcHFwskoMJ7+p1MMJOAb+6qNmegPN5Y7gGrZ
Qi5vI8K3ibqy23vmXQXczSZZ+Ysd7ze5Z8z4OYJS9fOFrNIo7eB8bqx5ro2+CHQj
e+sIH3/jLkkzfvY1/LCf/V0WNOVgkaBSDyyLGHMIOvaO1+3mWzEfwNCpAM67qGtd
iMfdEOEX3M8yWwsCh31bGNay64QIj9b1Lni2vpJLHBFTSi1GkXZFWPXMXwYk77S+
ytmAYl8mDIr5RgOiNpak6Gf2bqot9VGgMM7g78NHHyJl+H02kK9IAvJ27ZgNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUv8eyct9lYXXQlPEVx6mkIBKEHW4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKZy
MA0GCSqGSIb3DQEBCwUAA4IBAQAAWexwHyXH5dvQl0PAJSVvYd1SaQ8uTimnqhP4
FmA1e76ctlRgj5mmIuVZi/m9uVIWf2ZDHulx9Yl9tUtRwyBHL4ivKfE1zcHmhLDG
UosOMZCNL5yTI3YqCtAc42Fgrk3GMhBd7OnQvxeTKcH/RFd7weN7390rZ3pQVEtq
ENNYmqDdv2LQ+/RiuLRQ8W2WwgwBuE/drWeDBSdsvyqjBVCgnu4/hVoaqL0LmOku
G8EchFGy1Q09cZRdYi4SXH59gaNMxC11uhOXPcQF2856SbiY4ZZ1mZ1rns+VgxG/
qV5MU7xw5vNBD6P6MOyMzw7iB41QY0Gm9z4bqQgKWzeUB54Y
-----END CERTIFICATE-----