Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa
File:                     AS216458.roa (raw, json)
Hash identifier:          c3AfwnZwJK3xjESibxXY97NV6uxWORAPk6LKrz8PsIA=
Subject key identifier:   B2:CD:68:C2:06:4F:6A:2E:F0:DC:6A:78:CA:D9:07:65:54:DC:22:63
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       564213F26B63043239CC6ED603AFF0A4B84FFADF
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa
Signing time:             Fri 13 Sep 2024 14:23:40 +0000
ROA not before:           Fri 13 Sep 2024 14:18:40 +0000
ROA not after:            Fri 12 Sep 2025 14:23:40 +0000
asID:                     216458
IP address blocks:        194.147.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:42:13:f2:6b:63:04:32:39:cc:6e:d6:03:af:f0:a4:b8:4f:fa:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 13 14:18:40 2024 GMT
            Not After : Sep 12 14:23:40 2025 GMT
        Subject: CN=B2CD68C2064F6A2EF0DC6A78CAD9076554DC2263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8e:1d:5a:24:31:f0:9f:4e:13:3f:20:5f:cc:
                    ea:69:cc:39:df:6c:fe:b6:8f:16:6a:83:6d:5c:f8:
                    2b:74:af:da:8f:62:fe:22:3d:e7:a1:2b:88:e5:3c:
                    33:9d:43:10:1a:3d:a6:5e:e7:16:3d:df:70:bf:50:
                    a4:5a:45:60:79:67:5e:a4:9c:21:e8:f1:8f:6d:3e:
                    64:29:b3:f2:5b:58:27:a4:da:2a:ba:49:61:56:59:
                    83:cc:6f:74:45:78:38:f8:39:bc:ea:58:8c:91:dd:
                    54:4d:6d:36:f8:eb:87:c0:4f:19:d6:fb:e5:57:ec:
                    9d:77:8a:65:41:d6:b4:16:9a:e8:fe:17:de:8b:5d:
                    dd:33:a6:5f:12:99:47:5b:91:b9:bb:f3:d3:af:85:
                    74:be:e4:e0:a1:ca:b0:13:1f:23:14:60:78:88:4f:
                    67:3b:15:94:93:ca:ee:83:53:bb:6a:32:cd:f5:7c:
                    aa:5e:98:28:51:77:b1:40:7c:f8:6a:0c:f9:6e:f2:
                    ba:37:97:af:d7:66:b4:fd:de:a1:4e:16:06:0d:71:
                    c6:92:91:63:0d:41:10:9e:e2:3c:e4:59:5c:9f:87:
                    41:1b:de:80:44:8c:fd:db:9a:64:f8:f1:e7:c2:17:
                    e8:a4:da:93:9a:04:57:54:4e:48:16:11:ab:8c:58:
                    1a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CD:68:C2:06:4F:6A:2E:F0:DC:6A:78:CA:D9:07:65:54:DC:22:63
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS216458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ad:97:2a:8d:5c:49:af:05:4a:e3:d0:39:aa:1e:70:a9:3b:
         84:3f:14:1c:77:55:30:9c:a7:bd:45:5f:77:ee:c4:55:d6:b7:
         7d:94:bb:61:97:c1:de:9f:c7:37:da:82:b4:07:c9:20:94:3e:
         6a:35:1c:e0:22:b9:f4:41:70:a8:63:d4:5a:be:55:ee:2d:41:
         15:d7:23:f4:49:71:8c:b8:05:eb:d3:ab:40:5a:16:5e:f6:08:
         fa:52:18:40:36:7f:7f:e8:21:76:18:04:59:20:25:2b:1c:f1:
         76:ce:b8:02:99:17:6a:8e:fb:56:79:e9:a3:30:87:0f:a9:d8:
         2c:3d:99:09:68:29:a6:4b:c4:fb:25:81:e4:a1:2d:7b:c8:26:
         d6:96:af:a1:91:05:46:c0:2a:d1:87:d2:83:9e:ae:be:c5:5a:
         2c:98:96:69:b5:16:4e:4c:6f:da:b2:ab:a7:05:17:19:af:e4:
         59:1c:8b:e8:3a:e7:fe:14:25:e4:dc:0a:36:76:d4:7e:9c:fd:
         0d:04:6f:37:a3:48:2d:2c:48:bf:b7:b9:04:cc:75:d9:28:c6:
         12:19:e9:12:c2:51:5a:f9:a8:f6:ce:01:85:17:07:71:ba:0a:
         b5:13:b6:2b:58:db:c8:79:2d:79:c9:46:11:07:fc:b3:e5:a6:
         bb:31:b0:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVkIT8mtjBDI5zG7WA6/wpLhP+t8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA5MTMxNDE4NDBaFw0yNTA5MTIxNDIzNDBaMDMxMTAvBgNV
BAMTKEIyQ0Q2OEMyMDY0RjZBMkVGMERDNkE3OENBRDkwNzY1NTREQzIyNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwjh1aJDHwn04TPyBfzOppzDnf
bP62jxZqg21c+Ct0r9qPYv4iPeehK4jlPDOdQxAaPaZe5xY933C/UKRaRWB5Z16k
nCHo8Y9tPmQps/JbWCek2iq6SWFWWYPMb3RFeDj4ObzqWIyR3VRNbTb464fATxnW
++VX7J13imVB1rQWmuj+F96LXd0zpl8SmUdbkbm789OvhXS+5OChyrATHyMUYHiI
T2c7FZSTyu6DU7tqMs31fKpemChRd7FAfPhqDPlu8ro3l6/XZrT93qFOFgYNccaS
kWMNQRCe4jzkWVyfh0Eb3oBEjP3bmmT48efCF+ik2pOaBFdUTkgWEauMWBobAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUss1owgZPai7w3Gp4ytkHZVTcImMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE2NDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpMF
MA0GCSqGSIb3DQEBCwUAA4IBAQCSrZcqjVxJrwVK49A5qh5wqTuEPxQcd1UwnKe9
RV937sRV1rd9lLthl8Hen8c32oK0B8kglD5qNRzgIrn0QXCoY9RavlXuLUEV1yP0
SXGMuAXr06tAWhZe9gj6UhhANn9/6CF2GARZICUrHPF2zrgCmRdqjvtWeemjMIcP
qdgsPZkJaCmmS8T7JYHkoS17yCbWlq+hkQVGwCrRh9KDnq6+xVosmJZptRZOTG/a
squnBRcZr+RZHIvoOuf+FCXk3Ao2dtR+nP0NBG83o0gtLEi/t7kEzHXZKMYSGekS
wlFa+aj2zgGFFwdxugq1E7YrWNvIeS15yUYRB/yz5aa7MbAc
-----END CERTIFICATE-----