Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
File:                     AS32181.roa (raw, json)
Hash identifier:          RZgiOTGmjEgGfznVQYi3VYLJCJpew1gOE9B1VBcsFys=
Subject key identifier:   56:12:F1:03:97:F6:52:1A:E8:E7:26:3E:26:C7:02:14:9A:F2:D5:C9
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       36E2321FB6EA8B09A90689BA9A4A12C9AF789953
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa
Signing time:             Mon 12 Aug 2024 10:05:19 +0000
ROA not before:           Mon 12 Aug 2024 10:00:19 +0000
ROA not after:            Mon 11 Aug 2025 10:05:19 +0000
asID:                     32181
IP address blocks:        195.20.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:e2:32:1f:b6:ea:8b:09:a9:06:89:ba:9a:4a:12:c9:af:78:99:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 12 10:00:19 2024 GMT
            Not After : Aug 11 10:05:19 2025 GMT
        Subject: CN=5612F10397F6521AE8E7263E26C702149AF2D5C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:70:89:01:ae:90:d3:c2:5f:16:e5:92:04:
                    16:d2:3c:6b:3c:d1:3b:c5:dc:1a:95:59:96:f2:e0:
                    4c:e0:26:20:e5:6d:14:fc:4e:91:c1:67:db:04:36:
                    59:a0:a9:ce:c3:05:a2:24:0b:e6:1c:15:a8:19:cf:
                    31:8f:1b:63:c2:9d:18:73:df:bf:24:d2:8d:ed:85:
                    2e:f8:52:6b:28:c0:66:7c:80:37:41:b1:28:c5:2e:
                    5f:ab:28:50:5a:1f:f0:f1:7d:7d:2a:b4:a1:fc:d4:
                    4d:01:7d:99:95:e8:50:ff:b3:b8:ea:b4:d2:b7:ef:
                    54:ea:64:fa:77:ea:52:9b:ca:87:f3:06:f5:3c:eb:
                    2f:83:b5:35:b3:03:61:2b:c9:1c:43:73:13:fe:ca:
                    56:9a:04:87:4a:cf:10:4d:55:a4:72:94:51:af:93:
                    81:fd:fa:f2:c4:11:1b:1f:bd:c8:24:fc:db:12:25:
                    fa:2a:53:89:10:19:93:d5:9e:21:b7:33:f5:97:0d:
                    71:7a:59:bc:aa:be:8d:82:ee:ce:34:77:33:59:11:
                    03:f0:22:96:0f:0a:06:ad:2c:eb:e8:1b:5a:95:fd:
                    ea:e0:4c:65:8b:d0:25:ea:6e:db:07:b0:60:5b:e2:
                    77:99:c1:bb:82:88:e9:1b:ba:32:b2:c4:f4:e4:6f:
                    3c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:12:F1:03:97:F6:52:1A:E8:E7:26:3E:26:C7:02:14:9A:F2:D5:C9
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS32181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ad:7f:f5:bf:0a:81:9d:2d:7d:02:3d:17:7c:fd:4a:b1:35:
         8b:1a:bf:e4:a7:cb:2a:8b:2e:1c:08:b6:6c:20:63:d1:cb:4b:
         84:f3:57:e4:99:cb:64:aa:1f:d1:75:49:fa:3e:58:80:c4:5d:
         80:5b:3b:09:7f:f7:6a:d2:77:24:4e:75:d3:6b:b9:2a:cd:8b:
         95:37:83:7f:13:f9:c9:15:94:15:bb:c2:56:79:f6:8d:0a:ef:
         79:89:a3:6a:c2:31:1a:bd:d3:cd:a3:b1:5b:2a:f7:e8:66:af:
         4d:da:9c:b1:60:46:21:c2:f4:01:70:1c:c7:19:56:74:bd:5c:
         65:f8:f8:0f:1f:6f:da:5f:6c:c3:2b:df:39:23:75:e6:15:ac:
         34:ea:0b:26:fa:46:b0:89:a5:f7:0a:2f:d3:90:68:5b:6e:ca:
         a5:4a:8e:3d:47:b7:3b:37:1f:02:f9:03:8c:eb:fb:cf:c4:d1:
         b1:9b:81:72:41:6d:2c:2e:87:9a:be:96:c0:1b:6c:e4:5a:86:
         61:b6:09:85:9c:2b:b2:ab:04:58:14:a8:f3:b7:74:6f:ed:2d:
         d7:f2:36:5d:ba:d4:1a:fe:0f:63:4c:61:bc:bf:bf:1e:2f:2f:
         a8:3e:41:4f:fd:e5:9c:3d:55:e6:19:5a:63:46:fb:77:e6:f0:
         61:22:51:23
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNuIyH7bqiwmpBom6mkoSya94mVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA4MTIxMDAwMTlaFw0yNTA4MTExMDA1MTlaMDMxMTAvBgNV
BAMTKDU2MTJGMTAzOTdGNjUyMUFFOEU3MjYzRTI2QzcwMjE0OUFGMkQ1QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39XCJAa6Q08JfFuWSBBbSPGs8
0TvF3BqVWZby4EzgJiDlbRT8TpHBZ9sENlmgqc7DBaIkC+YcFagZzzGPG2PCnRhz
378k0o3thS74UmsowGZ8gDdBsSjFLl+rKFBaH/DxfX0qtKH81E0BfZmV6FD/s7jq
tNK371TqZPp36lKbyofzBvU86y+DtTWzA2EryRxDcxP+ylaaBIdKzxBNVaRylFGv
k4H9+vLEERsfvcgk/NsSJfoqU4kQGZPVniG3M/WXDXF6Wbyqvo2C7s40dzNZEQPw
IpYPCgatLOvoG1qV/ergTGWL0CXqbtsHsGBb4neZwbuCiOkbujKyxPTkbzyTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUVhLxA5f2Uhro5yY+JscCFJry1ckwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzIxODEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFGMw
DQYJKoZIhvcNAQELBQADggEBACitf/W/CoGdLX0CPRd8/UqxNYsav+SnyyqLLhwI
tmwgY9HLS4TzV+SZy2SqH9F1Sfo+WIDEXYBbOwl/92rSdyROddNruSrNi5U3g38T
+ckVlBW7wlZ59o0K73mJo2rCMRq9082jsVsq9+hmr03anLFgRiHC9AFwHMcZVnS9
XGX4+A8fb9pfbMMr3zkjdeYVrDTqCyb6RrCJpfcKL9OQaFtuyqVKjj1Htzs3HwL5
A4zr+8/E0bGbgXJBbSwuh5q+lsAbbORahmG2CYWcK7KrBFgUqPO3dG/tLdfyNl26
1Br+D2NMYby/vx4vL6g+QU/95Zw9VeYZWmNG+3fm8GEiUSM=
-----END CERTIFICATE-----