Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          N40dP4lSKq8kAVp2E8grRjnozpp3gf3GLfqgvu6MQBA=
Subject key identifier:   BF:AA:3C:EF:00:35:4F:55:64:68:04:57:CC:AD:AB:9D:21:2A:F3:62
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       315E132C3E4BA420C685DB8ADFE2CE9E6E58D088
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa
Signing time:             Fri 31 Mar 2023 07:00:11 +0000
ROA not before:           Fri 31 Mar 2023 06:55:11 +0000
ROA not after:            Fri 29 Mar 2024 07:00:11 +0000
asID:                     20473
IP address blocks:        45.135.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Mar 2023 23:44:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:5e:13:2c:3e:4b:a4:20:c6:85:db:8a:df:e2:ce:9e:6e:58:d0:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 31 06:55:11 2023 GMT
            Not After : Mar 29 07:00:11 2024 GMT
        Subject: CN=BFAA3CEF00354F5564680457CCADAB9D212AF362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cf:c3:b4:f7:2e:ae:23:d3:e2:83:c2:bc:12:
                    3e:18:4c:a6:5e:f0:d3:71:45:03:dd:61:26:d9:5e:
                    1d:1b:a5:d1:af:b4:b6:71:54:2b:76:2b:0e:12:72:
                    9d:c0:23:b2:eb:36:22:3e:fe:2c:76:8c:1f:3c:3e:
                    40:30:8e:f9:48:3f:70:a2:69:fa:ee:35:91:f8:83:
                    2c:54:1a:99:9d:9e:ec:e9:1c:38:50:87:d4:06:b9:
                    0c:1b:2a:71:54:8e:ce:ad:e7:14:74:2f:20:14:c4:
                    c8:4f:52:3a:12:1c:fd:4a:eb:c1:82:c1:7b:9c:a2:
                    6b:58:be:35:08:57:ce:61:00:e8:b6:64:3d:35:31:
                    79:c2:c6:60:21:4a:72:8c:ee:9b:ae:15:8a:73:bf:
                    42:32:ce:f7:59:9c:f9:e8:4e:25:ec:42:c1:ba:d1:
                    f6:f7:8b:e6:2f:91:57:8e:bd:10:0b:d5:1e:87:80:
                    37:5b:fc:9a:8a:bb:e5:63:06:40:f9:5d:f1:e1:35:
                    11:64:ef:3a:0b:08:01:cd:34:6c:20:a2:97:03:9f:
                    34:16:bb:1e:9e:c2:2a:3f:c5:fb:3a:55:cd:7a:25:
                    34:f9:cd:58:f1:a7:72:d1:c2:35:20:c1:74:c3:30:
                    91:e3:16:c8:74:35:54:42:25:98:9f:96:dc:b0:ab:
                    b0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                BF:AA:3C:EF:00:35:4F:55:64:68:04:57:CC:AD:AB:9D:21:2A:F3:62
            X509v3 Authority Key Identifier: 
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:82:34:bb:1d:a8:36:14:52:99:1a:20:b6:5f:f1:eb:a9:24:
         53:dd:83:ef:8c:28:d1:5a:d8:68:cb:97:00:e1:74:f2:87:27:
         4c:68:b0:03:2a:f0:4a:b7:4c:38:70:6f:3c:1e:42:f7:eb:51:
         cc:79:5e:04:c0:80:39:8e:8c:6b:f2:d9:85:33:c5:ad:25:77:
         d5:ba:68:1e:64:fe:f2:1a:a6:79:6b:bc:a8:3c:1b:3b:88:91:
         4b:04:2d:38:02:e5:ae:97:60:76:72:4f:f8:f1:c4:7f:11:df:
         66:ce:9d:e9:28:7d:40:14:52:e2:17:5b:4e:92:1b:cb:e1:f9:
         8c:4f:72:17:cb:8b:76:05:9a:b7:87:be:a8:e5:7c:1d:67:0e:
         f8:8b:b3:95:75:41:61:c8:68:8b:43:15:38:43:f5:51:cc:2f:
         f2:43:23:c1:84:69:49:1b:df:9f:f7:a8:25:23:5e:b4:bc:d3:
         a5:5c:06:4e:a5:07:f3:22:ab:19:15:ef:b5:1e:05:3a:6c:cd:
         be:0f:23:90:00:f2:9d:a1:69:6b:b9:6f:f2:fc:43:5a:c6:7f:
         54:23:0f:d7:b6:b5:c0:4b:74:44:f8:22:70:64:10:6e:06:71:
         7c:51:1b:ca:4c:7c:88:15:c4:95:0b:3f:42:0f:ba:c9:5b:af:
         9e:d6:80:c7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMV4TLD5LpCDGhduK3+LOnm5Y0IgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzAzMzEwNjU1MTFaFw0yNDAzMjkwNzAwMTFaMDMxMTAvBgNV
BAMTKEJGQUEzQ0VGMDAzNTRGNTU2NDY4MDQ1N0NDQURBQjlEMjEyQUYzNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/z8O09y6uI9Pig8K8Ej4YTKZe
8NNxRQPdYSbZXh0bpdGvtLZxVCt2Kw4Scp3AI7LrNiI+/ix2jB88PkAwjvlIP3Ci
afruNZH4gyxUGpmdnuzpHDhQh9QGuQwbKnFUjs6t5xR0LyAUxMhPUjoSHP1K68GC
wXucomtYvjUIV85hAOi2ZD01MXnCxmAhSnKM7puuFYpzv0IyzvdZnPnoTiXsQsG6
0fb3i+YvkVeOvRAL1R6HgDdb/JqKu+VjBkD5XfHhNRFk7zoLCAHNNGwgopcDnzQW
ux6ewio/xfs6Vc16JTT5zVjxp3LRwjUgwXTDMJHjFsh0NVRCJZifltywq7AhAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUv6o87wA1T1VkaARXzK2rnSEq82IwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAth/ow
DQYJKoZIhvcNAQELBQADggEBADaCNLsdqDYUUpkaILZf8eupJFPdg++MKNFa2GjL
lwDhdPKHJ0xosAMq8Eq3TDhwbzweQvfrUcx5XgTAgDmOjGvy2YUzxa0ld9W6aB5k
/vIapnlrvKg8GzuIkUsELTgC5a6XYHZyT/jxxH8R32bOnekofUAUUuIXW06SG8vh
+YxPchfLi3YFmreHvqjlfB1nDviLs5V1QWHIaItDFThD9VHML/JDI8GEaUkb35/3
qCUjXrS806VcBk6lB/MiqxkV77UeBTpszb4PI5AA8p2haWu5b/L8Q1rGf1QjD9e2
tcBLdET4InBkEG4GcXxRG8pMfIgVxJULP0IPuslbr57WgMc=
-----END CERTIFICATE-----