Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa
File:                     AS216325.roa (raw, json)
Hash identifier:          Bj8aHSEXWybDR1XIbV+6PSQhHY7NV1TsNeAwqb8iGhw=
Subject key identifier:   CF:4A:38:EC:18:0F:B1:C3:A8:3A:E0:99:76:F2:72:60:53:C2:3E:17
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       434A37AF104A4F704A856EF7F48008594055BD56
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa
Signing time:             Wed 28 Aug 2024 10:05:19 +0000
ROA not before:           Wed 28 Aug 2024 10:00:19 +0000
ROA not after:            Wed 27 Aug 2025 10:05:19 +0000
asID:                     216325
IP address blocks:        195.206.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:4a:37:af:10:4a:4f:70:4a:85:6e:f7:f4:80:08:59:40:55:bd:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 28 10:00:19 2024 GMT
            Not After : Aug 27 10:05:19 2025 GMT
        Subject: CN=CF4A38EC180FB1C3A83AE09976F2726053C23E17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8e:2f:b0:68:02:00:38:19:bd:f1:b0:d8:a0:
                    f7:d5:bb:dd:10:06:6b:e1:25:78:f4:0f:da:60:bb:
                    71:b9:24:1d:fb:01:48:53:92:02:55:4f:9f:c2:e2:
                    10:3d:4d:71:25:62:51:58:f1:88:2f:9e:c7:8d:02:
                    59:56:c9:f9:74:73:c8:84:9a:f3:b9:7d:74:ad:da:
                    f2:16:a6:47:80:d2:fc:29:79:6c:d3:4c:be:88:95:
                    09:04:4c:03:54:81:dd:a5:2b:b7:c3:3f:0a:9e:c5:
                    a2:1e:4c:30:3f:1d:e3:e3:39:85:5b:8e:5a:7e:8a:
                    fd:d3:c2:cc:e7:be:b5:9c:ae:08:8f:3a:f3:c8:3d:
                    ff:6b:db:1f:35:7a:af:18:90:bc:b7:18:69:08:07:
                    0a:e5:4f:4b:c2:48:4a:fe:36:7e:74:73:14:41:1d:
                    43:13:3b:70:4e:eb:05:8d:bf:ed:75:98:16:80:da:
                    66:52:f6:3e:78:a8:28:39:6f:18:fe:0f:4c:b7:20:
                    14:57:ba:0a:5f:7e:83:04:15:90:e1:e9:c5:f8:6f:
                    4c:d8:03:d9:d3:b3:94:df:c4:f2:2b:92:79:21:46:
                    ab:35:4a:d1:66:54:af:34:06:40:14:f1:40:91:d2:
                    ae:8f:35:6c:0f:74:df:7b:5f:e2:86:07:d3:5a:72:
                    d1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4A:38:EC:18:0F:B1:C3:A8:3A:E0:99:76:F2:72:60:53:C2:3E:17
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216325.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:9d:d7:5b:11:7a:1c:86:55:9a:44:2c:f4:1c:0e:29:9c:d5:
         03:80:48:b3:16:b7:c0:b5:c1:a8:ce:db:e0:e3:73:95:e5:a7:
         f6:01:c1:3e:85:83:6c:2d:f7:2e:fa:5d:57:98:7f:68:61:2e:
         92:85:0e:13:19:27:7a:8b:5b:f4:7b:a7:80:39:d9:fb:b2:ec:
         a9:b9:b7:ea:a5:93:e5:39:a0:3f:e3:5c:fb:24:98:3c:e8:28:
         de:65:9a:a7:74:61:56:4d:50:31:bf:9d:d2:2b:74:a6:9f:ab:
         01:e0:4d:50:eb:a5:a7:9a:6a:b2:68:32:44:28:0e:c4:96:54:
         01:2b:89:af:c9:32:8b:25:c0:dd:d0:83:02:f0:5b:08:03:13:
         a1:f6:44:71:b3:be:16:8e:95:d3:87:3f:58:6e:63:83:97:ff:
         88:26:c2:e4:43:96:34:d5:a9:f8:b9:f7:44:f8:31:f1:08:bc:
         b8:bb:2a:31:02:83:64:c0:03:7e:82:03:93:14:cc:00:25:8e:
         f1:d0:4e:44:ba:83:90:71:a8:51:fa:7a:6d:29:89:e3:af:72:
         85:e7:b7:1b:69:98:09:ee:6d:64:e6:0b:e6:4f:c1:80:13:af:
         46:45:20:42:1e:85:83:4f:c2:fb:93:fb:5e:c8:9a:dd:1b:61:
         97:e8:12:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ0o3rxBKT3BKhW739IAIWUBVvVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MjgxMDAwMTlaFw0yNTA4MjcxMDA1MTlaMDMxMTAvBgNV
BAMTKENGNEEzOEVDMTgwRkIxQzNBODNBRTA5OTc2RjI3MjYwNTNDMjNFMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwji+waAIAOBm98bDYoPfVu90Q
BmvhJXj0D9pgu3G5JB37AUhTkgJVT5/C4hA9TXElYlFY8YgvnseNAllWyfl0c8iE
mvO5fXSt2vIWpkeA0vwpeWzTTL6IlQkETANUgd2lK7fDPwqexaIeTDA/HePjOYVb
jlp+iv3TwsznvrWcrgiPOvPIPf9r2x81eq8YkLy3GGkIBwrlT0vCSEr+Nn50cxRB
HUMTO3BO6wWNv+11mBaA2mZS9j54qCg5bxj+D0y3IBRXugpffoMEFZDh6cX4b0zY
A9nTs5TfxPIrknkhRqs1StFmVK80BkAU8UCR0q6PNWwPdN97X+KGB9NactElAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUz0o47BgPscOoOuCZdvJyYFPCPhcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2MzI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw87q
MA0GCSqGSIb3DQEBCwUAA4IBAQCInddbEXochlWaRCz0HA4pnNUDgEizFrfAtcGo
ztvg43OV5af2AcE+hYNsLfcu+l1XmH9oYS6ShQ4TGSd6i1v0e6eAOdn7suypubfq
pZPlOaA/41z7JJg86CjeZZqndGFWTVAxv53SK3Smn6sB4E1Q66WnmmqyaDJEKA7E
llQBK4mvyTKLJcDd0IMC8FsIAxOh9kRxs74WjpXThz9YbmODl/+IJsLkQ5Y01an4
ufdE+DHxCLy4uyoxAoNkwAN+ggOTFMwAJY7x0E5EuoOQcahR+nptKYnjr3KF57cb
aZgJ7m1k5gvmT8GAE69GRSBCHoWDT8L7k/teyJrdG2GX6BIU
-----END CERTIFICATE-----