Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
File:                     AS216183.roa (raw, json)
Hash identifier:          SXCPmF/UitoWhCehnuA/CVeAqqwRBkFtJgZF+XqGh8M=
Subject key identifier:   80:B5:D3:E4:3D:E7:F2:FB:49:DB:03:1D:48:AE:ED:93:34:D3:C4:C2
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       126273C4BCC4E320346BD4B50AF5967CC34A498D
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa
Signing time:             Mon 18 Dec 2023 15:30:30 +0000
ROA not before:           Mon 18 Dec 2023 15:25:30 +0000
ROA not after:            Mon 16 Dec 2024 15:30:30 +0000
asID:                     216183
IP address blocks:        45.153.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:62:73:c4:bc:c4:e3:20:34:6b:d4:b5:0a:f5:96:7c:c3:4a:49:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 18 15:25:30 2023 GMT
            Not After : Dec 16 15:30:30 2024 GMT
        Subject: CN=80B5D3E43DE7F2FB49DB031D48AEED9334D3C4C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:55:cf:c2:15:07:aa:8b:a9:a5:ad:35:e3:d1:
                    4c:95:e0:85:28:84:40:df:47:2a:44:0b:db:af:6f:
                    e0:49:e1:17:25:c3:e7:2a:1c:19:4f:8e:f8:df:fa:
                    25:3e:2c:5f:56:4d:6a:2b:a7:8d:eb:df:03:88:30:
                    27:76:25:77:22:5f:b9:70:02:e0:e1:a1:ff:09:cb:
                    54:b1:98:ed:fc:96:dc:65:14:64:d6:4f:95:a6:2e:
                    c7:d1:13:ae:df:a6:82:2c:a3:c3:51:84:4f:ae:9a:
                    e1:2a:ce:76:71:7a:04:ca:77:0a:b4:12:bc:b1:8e:
                    1b:3f:bd:c0:de:0d:0d:7d:25:a7:7b:ca:f1:44:75:
                    bf:23:da:f3:0b:d0:f1:0f:c4:04:a6:96:6d:e1:00:
                    dc:60:21:a1:cf:6e:98:46:27:55:13:5c:d2:31:22:
                    e9:f4:e2:0c:95:52:48:e6:11:2d:96:92:71:84:2d:
                    c6:d8:6b:93:58:16:ef:a9:a4:9a:75:ac:ab:f3:d4:
                    69:9c:55:d6:cf:94:02:4c:4b:e8:8c:16:ab:6e:13:
                    41:31:70:c7:57:b7:4a:9a:d2:03:28:21:ca:59:ca:
                    13:a7:14:8c:18:37:8f:a9:57:31:15:a2:2b:83:e0:
                    73:aa:3d:f6:54:96:4e:8e:d7:8a:e7:06:65:d7:76:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:B5:D3:E4:3D:E7:F2:FB:49:DB:03:1D:48:AE:ED:93:34:D3:C4:C2
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:85:a8:24:85:b9:a0:da:99:d4:22:ee:12:9d:ac:e9:69:79:
         60:34:66:58:74:2e:75:8e:07:b8:91:fb:ef:97:ab:af:b3:c7:
         dd:fc:95:22:e2:93:9e:bf:de:fe:38:36:6e:32:a4:61:b2:14:
         3c:68:cf:fc:7f:3a:b9:be:e1:ad:44:df:3a:77:40:d4:63:35:
         cc:1e:74:8e:c2:c1:3f:72:67:5a:87:8e:20:f0:ec:f6:cb:02:
         b0:8e:e7:f8:65:e3:0c:aa:4e:b3:46:06:1b:22:2e:45:05:0e:
         cf:54:02:6c:23:02:4e:fc:e1:3d:de:d7:0d:f3:89:a2:b6:f5:
         4a:52:2d:86:1d:ae:1f:89:00:bb:a1:36:ec:a4:d2:10:be:52:
         cc:fb:24:7a:e9:30:3d:b9:2c:b8:db:75:e1:20:a3:65:b1:12:
         77:b5:d0:c4:43:38:cd:da:60:47:a2:f0:ec:fc:30:6f:e3:08:
         51:8b:82:7e:7d:e5:14:91:fb:1a:bb:0f:72:14:b1:99:3b:91:
         a4:cc:3c:5e:9a:04:20:b5:80:4a:05:00:31:18:05:26:30:db:
         fc:ae:7d:62:f0:0b:84:6f:f1:8c:ab:3f:00:05:d5:10:20:83:
         64:21:20:39:42:ba:dc:da:04:2c:a0:b4:08:54:2f:ae:9b:74:
         d6:98:1d:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEmJzxLzE4yA0a9S1CvWWfMNKSY0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMTgxNTI1MzBaFw0yNDEyMTYxNTMwMzBaMDMxMTAvBgNV
BAMTKDgwQjVEM0U0M0RFN0YyRkI0OURCMDMxRDQ4QUVFRDkzMzREM0M0QzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjVc/CFQeqi6mlrTXj0UyV4IUo
hEDfRypEC9uvb+BJ4Rclw+cqHBlPjvjf+iU+LF9WTWorp43r3wOIMCd2JXciX7lw
AuDhof8Jy1SxmO38ltxlFGTWT5WmLsfRE67fpoIso8NRhE+umuEqznZxegTKdwq0
Eryxjhs/vcDeDQ19Jad7yvFEdb8j2vML0PEPxASmlm3hANxgIaHPbphGJ1UTXNIx
Iun04gyVUkjmES2WknGELcbYa5NYFu+ppJp1rKvz1GmcVdbPlAJMS+iMFqtuE0Ex
cMdXt0qa0gMoIcpZyhOnFIwYN4+pVzEVoiuD4HOqPfZUlk6O14rnBmXXduKHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgLXT5D3n8vtJ2wMdSK7tkzTTxMIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MTgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZkF
MA0GCSqGSIb3DQEBCwUAA4IBAQA3hagkhbmg2pnUIu4SnazpaXlgNGZYdC51jge4
kfvvl6uvs8fd/JUi4pOev97+ODZuMqRhshQ8aM/8fzq5vuGtRN86d0DUYzXMHnSO
wsE/cmdah44g8Oz2ywKwjuf4ZeMMqk6zRgYbIi5FBQ7PVAJsIwJO/OE93tcN84mi
tvVKUi2GHa4fiQC7oTbspNIQvlLM+yR66TA9uSy423XhIKNlsRJ3tdDEQzjN2mBH
ovDs/DBv4whRi4J+feUUkfsauw9yFLGZO5GkzDxemgQgtYBKBQAxGAUmMNv8rn1i
8AuEb/GMqz8ABdUQIINkISA5Qrrc2gQsoLQIVC+um3TWmB33
-----END CERTIFICATE-----