Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          7s/rg90Zm3EVmDwWXyxy+JPI4K1o3gD61TAxNoU1BYE=
Subject key identifier:   5D:82:3D:06:5A:A6:52:85:0F:4D:A5:B7:BE:BA:73:7C:10:EB:3C:BB
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3DA1E3188669C35775A795C33483A5D7E2344528
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa
Signing time:             Thu 30 Nov 2023 13:05:07 +0000
ROA not before:           Thu 30 Nov 2023 13:00:07 +0000
ROA not after:            Thu 28 Nov 2024 13:05:07 +0000
asID:                     20860
IP address blocks:        141.98.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a1:e3:18:86:69:c3:57:75:a7:95:c3:34:83:a5:d7:e2:34:45:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 30 13:00:07 2023 GMT
            Not After : Nov 28 13:05:07 2024 GMT
        Subject: CN=5D823D065AA652850F4DA5B7BEBA737C10EB3CBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d1:c2:d0:a3:8e:37:3c:5f:39:96:8c:60:10:
                    f1:40:07:11:f3:3d:46:a6:09:ae:b3:ff:f3:c1:b8:
                    83:a5:78:09:8b:e8:7e:ae:b8:02:d1:a9:c7:42:38:
                    1b:4d:7a:43:51:0d:41:b2:13:c2:b5:80:ef:f4:d7:
                    02:f8:5b:6f:93:c4:b9:b6:19:62:88:f8:b4:00:59:
                    74:97:80:44:ed:c8:68:b4:d8:59:f9:f8:ad:fc:fc:
                    bf:fe:53:41:fe:ea:82:c7:ba:4a:02:e0:ae:3d:38:
                    75:bc:8a:fc:d4:f9:79:4d:7e:d6:53:c5:4c:9a:4f:
                    68:c6:f4:8d:33:4a:61:90:b2:c0:9c:4d:18:c0:ce:
                    78:f0:f6:f0:d5:84:00:07:ec:7d:6d:86:03:3c:56:
                    51:51:fd:22:bc:39:49:d8:5a:62:37:d7:43:c3:24:
                    75:41:7f:b5:2a:4b:18:52:29:b5:34:d4:6b:05:40:
                    37:ad:e1:e8:13:2f:16:3f:c0:4b:32:69:65:70:ea:
                    5f:fc:e3:0a:27:8c:3a:90:40:77:6e:d8:28:48:bf:
                    cd:48:ec:9e:c8:eb:4d:de:8e:98:2a:86:9a:a2:90:
                    ac:a7:2e:1f:cd:18:5f:a2:4e:c1:18:1e:80:9d:a5:
                    7f:1c:ef:0c:6d:7f:df:3b:b4:fc:df:f5:8a:ec:22:
                    1d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:82:3D:06:5A:A6:52:85:0F:4D:A5:B7:BE:BA:73:7C:10:EB:3C:BB
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:12:a2:cb:6d:7e:d7:29:5e:b6:47:a7:b4:1d:6a:66:d1:d6:
         52:bd:02:77:c9:e1:d0:6c:49:18:97:f7:80:26:1f:47:74:4f:
         23:db:6a:e6:1a:38:8a:f7:0c:67:c6:bf:7c:7f:fb:1b:71:8d:
         1c:c0:7c:6e:b0:ea:33:69:0f:18:62:fa:1a:30:50:66:97:3e:
         59:81:f8:73:7d:6f:82:da:a6:9e:c9:d0:23:b4:fb:9f:21:10:
         45:ae:c5:e1:f2:aa:0b:54:50:3b:e8:58:4e:45:c8:02:87:fd:
         6d:60:65:46:bc:2d:53:35:b3:28:c0:38:2b:65:03:e1:02:3c:
         4f:8c:f5:15:6a:f9:b4:52:c2:6c:f9:24:5b:88:f5:4b:cb:b9:
         68:14:ea:05:a2:cb:a2:ad:bd:cc:cb:a2:4d:4a:03:d1:f2:53:
         70:d3:fe:78:04:4d:32:d5:8c:85:7d:13:97:1e:34:77:0d:40:
         d4:38:64:ad:80:22:be:79:dc:4b:65:20:13:91:ae:aa:8a:59:
         bb:44:90:32:05:78:08:39:27:a9:3f:35:99:ce:bd:0e:bc:ba:
         a4:e2:f0:43:cf:f2:46:7c:dc:a8:5d:ef:e9:35:96:e5:18:c7:
         64:e2:55:8b:c0:45:3a:82:4f:d0:00:e1:86:9a:ab:7c:2f:31:
         f0:a4:0b:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPaHjGIZpw1d1p5XDNIOl1+I0RSgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzExMzAxMzAwMDdaFw0yNDExMjgxMzA1MDdaMDMxMTAvBgNV
BAMTKDVEODIzRDA2NUFBNjUyODUwRjREQTVCN0JFQkE3MzdDMTBFQjNDQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK0cLQo443PF85loxgEPFABxHz
PUamCa6z//PBuIOleAmL6H6uuALRqcdCOBtNekNRDUGyE8K1gO/01wL4W2+TxLm2
GWKI+LQAWXSXgETtyGi02Fn5+K38/L/+U0H+6oLHukoC4K49OHW8ivzU+XlNftZT
xUyaT2jG9I0zSmGQssCcTRjAznjw9vDVhAAH7H1thgM8VlFR/SK8OUnYWmI310PD
JHVBf7UqSxhSKbU01GsFQDet4egTLxY/wEsyaWVw6l/84wonjDqQQHdu2ChIv81I
7J7I603ejpgqhpqikKynLh/NGF+iTsEYHoCdpX8c7wxtf987tPzf9YrsIh2tAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUXYI9BlqmUoUPTaW3vrpzfBDrPLswHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNYp4w
DQYJKoZIhvcNAQELBQADggEBABgSosttftcpXrZHp7QdambR1lK9AnfJ4dBsSRiX
94AmH0d0TyPbauYaOIr3DGfGv3x/+xtxjRzAfG6w6jNpDxhi+howUGaXPlmB+HN9
b4Lapp7J0CO0+58hEEWuxeHyqgtUUDvoWE5FyAKH/W1gZUa8LVM1syjAOCtlA+EC
PE+M9RVq+bRSwmz5JFuI9UvLuWgU6gWiy6KtvczLok1KA9HyU3DT/ngETTLVjIV9
E5ceNHcNQNQ4ZK2AIr553EtlIBORrqqKWbtEkDIFeAg5J6k/NZnOvQ68uqTi8EPP
8kZ83Khd7+k1luUYx2TiVYvARTqCT9AA4Yaaq3wvMfCkC5s=
-----END CERTIFICATE-----