Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa
File:                     AS203758.roa (raw, json)
Hash identifier:          cjztNV8WZRDTzhoUXwKMxfEyX1lQU42e5Ei6aOUCibA=
Subject key identifier:   B4:30:34:70:5C:8D:A1:0B:7F:0D:D2:E0:1E:18:F4:FD:C6:5F:26:D2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1898184F47FDA825E6F4E19FEEE5D40AD46135B2
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa
Signing time:             Tue 27 Aug 2024 14:05:19 +0000
ROA not before:           Tue 27 Aug 2024 14:00:19 +0000
ROA not after:            Tue 26 Aug 2025 14:05:19 +0000
asID:                     203758
IP address blocks:        141.98.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:98:18:4f:47:fd:a8:25:e6:f4:e1:9f:ee:e5:d4:0a:d4:61:35:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 27 14:00:19 2024 GMT
            Not After : Aug 26 14:05:19 2025 GMT
        Subject: CN=B43034705C8DA10B7F0DD2E01E18F4FDC65F26D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:43:ee:70:c5:e3:4f:77:55:65:68:58:33:6f:
                    e3:70:b9:25:6f:89:ec:80:aa:fe:84:e1:bb:91:d9:
                    88:f2:0e:41:6f:b3:f8:8a:43:ec:23:46:71:c5:98:
                    fc:7a:89:ef:75:85:48:e8:f8:c1:f0:7a:47:87:5b:
                    21:a2:1b:2c:aa:36:bf:67:7a:ea:f4:67:64:82:23:
                    1f:94:b7:30:c4:b3:03:97:33:65:9e:20:c7:1a:cd:
                    47:cb:7f:7e:da:5b:74:3d:04:42:92:e8:7b:38:0e:
                    2b:00:e7:89:4f:2b:e0:df:91:17:f2:75:b5:38:95:
                    b2:ea:f4:5e:a9:96:32:0b:db:64:a2:58:1d:06:88:
                    e4:52:00:90:b1:58:fb:99:23:32:45:59:92:49:ca:
                    4a:b8:3d:c7:57:8f:f2:14:ed:77:a7:9f:cf:d4:ec:
                    73:b2:45:75:dd:85:1c:56:22:34:05:19:e8:b2:4a:
                    03:4e:b6:07:2f:96:51:ae:cb:e2:1d:23:d9:9b:2b:
                    3e:38:bd:16:2c:9c:fc:72:56:0c:0b:69:40:5d:ed:
                    04:ed:76:44:94:38:81:ae:32:d2:f2:ec:b8:8f:8c:
                    1d:12:a3:2a:5e:1a:58:18:9e:e6:74:15:65:da:ef:
                    80:55:55:e3:90:d8:de:69:57:d3:cf:63:15:b0:5b:
                    35:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:30:34:70:5C:8D:A1:0B:7F:0D:D2:E0:1E:18:F4:FD:C6:5F:26:D2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS203758.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b3:ec:95:1c:cf:f3:df:b7:3c:12:97:24:81:b7:16:70:15:
         b9:bb:10:a2:de:d5:77:62:d4:c8:83:ba:b1:de:b5:e7:7b:c5:
         92:4b:eb:2f:dc:95:b4:08:5e:38:38:86:23:64:07:2e:e1:59:
         9e:68:3c:79:fe:8a:60:d8:de:ff:58:06:c1:90:69:d0:3f:f5:
         ab:63:8c:ae:64:c0:d3:0b:19:b5:5f:87:dc:26:9e:e4:e7:00:
         03:c4:48:72:05:a0:5b:22:ea:7e:71:07:72:fd:06:a8:cf:fd:
         28:4b:fd:9d:c1:ce:e9:50:86:de:e7:ba:aa:8f:f7:9a:6e:12:
         54:30:25:2f:7e:8e:c1:e8:2c:22:59:21:1a:87:c4:0c:0c:85:
         b8:81:a8:90:d6:7d:70:82:9d:40:77:14:ba:42:f8:2d:ca:7a:
         d6:d7:45:99:ea:44:3a:84:38:42:25:2c:8d:ef:4c:cb:f8:a4:
         62:84:21:79:d5:be:af:a7:48:91:74:48:df:61:64:6b:4b:a2:
         24:4d:aa:64:c5:95:ad:ad:3e:5c:20:c0:44:ad:fb:bc:07:16:
         31:c7:8a:59:c7:ad:03:27:00:c8:24:7d:68:7c:3c:a2:28:b0:
         fc:1f:10:0d:da:d5:34:d0:37:fe:00:3c:f1:b6:10:59:b8:0c:
         3b:c0:3d:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGJgYT0f9qCXm9OGf7uXUCtRhNbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MjcxNDAwMTlaFw0yNTA4MjYxNDA1MTlaMDMxMTAvBgNV
BAMTKEI0MzAzNDcwNUM4REExMEI3RjBERDJFMDFFMThGNEZEQzY1RjI2RDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOQ+5wxeNPd1VlaFgzb+NwuSVv
ieyAqv6E4buR2YjyDkFvs/iKQ+wjRnHFmPx6ie91hUjo+MHwekeHWyGiGyyqNr9n
eur0Z2SCIx+UtzDEswOXM2WeIMcazUfLf37aW3Q9BEKS6Hs4DisA54lPK+DfkRfy
dbU4lbLq9F6pljIL22SiWB0GiORSAJCxWPuZIzJFWZJJykq4PcdXj/IU7Xenn8/U
7HOyRXXdhRxWIjQFGeiySgNOtgcvllGuy+IdI9mbKz44vRYsnPxyVgwLaUBd7QTt
dkSUOIGuMtLy7LiPjB0SoypeGlgYnuZ0FWXa74BVVeOQ2N5pV9PPYxWwWzUnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtDA0cFyNoQt/DdLgHhj0/cZfJtIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjAzNzU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKd
MA0GCSqGSIb3DQEBCwUAA4IBAQBZs+yVHM/z37c8EpckgbcWcBW5uxCi3tV3YtTI
g7qx3rXne8WSS+sv3JW0CF44OIYjZAcu4VmeaDx5/opg2N7/WAbBkGnQP/WrY4yu
ZMDTCxm1X4fcJp7k5wADxEhyBaBbIup+cQdy/Qaoz/0oS/2dwc7pUIbe57qqj/ea
bhJUMCUvfo7B6CwiWSEah8QMDIW4gaiQ1n1wgp1AdxS6QvgtynrW10WZ6kQ6hDhC
JSyN70zL+KRihCF51b6vp0iRdEjfYWRrS6IkTapkxZWtrT5cIMBErfu8BxYxx4pZ
x60DJwDIJH1ofDyiKLD8HxAN2tU00Df+ADzxthBZuAw7wD07
-----END CERTIFICATE-----