Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3223.roa
File:                     AS3223.roa (raw, json)
Hash identifier:          vwokTRXRVUwrFxL4nYJyXqqb+84pY0kvXUbqlrMpcjo=
Subject key identifier:   D2:0B:1D:5D:FA:3D:1C:98:32:00:68:AA:E3:91:44:40:3F:23:88:34
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5B39DD3A64E271882905AF66D234078D1204733C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3223.roa
Signing time:             Sun 17 Dec 2023 10:03:34 +0000
ROA not before:           Sun 17 Dec 2023 09:58:34 +0000
ROA not after:            Sun 15 Dec 2024 10:03:34 +0000
asID:                     3223
IP address blocks:        147.78.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:39:dd:3a:64:e2:71:88:29:05:af:66:d2:34:07:8d:12:04:73:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Dec 17 09:58:34 2023 GMT
            Not After : Dec 15 10:03:34 2024 GMT
        Subject: CN=D20B1D5DFA3D1C98320068AAE39144403F238834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:57:e6:8d:d6:a2:19:0f:03:2e:d7:b4:dc:
                    28:9a:c3:d9:7c:36:fd:ab:81:6c:69:c7:6c:f4:f5:
                    5c:7f:18:f4:c0:7d:57:0c:1e:0c:14:9b:d1:d6:d6:
                    3e:d4:9f:f9:d7:b4:0d:17:85:47:40:b0:54:c4:b0:
                    54:c4:a7:73:0f:1e:c2:bb:36:8d:a9:58:a2:59:1a:
                    17:c5:ea:48:70:97:f6:5b:25:00:48:ee:42:e3:90:
                    a3:34:f0:4b:d4:14:d7:de:41:ba:2b:2b:31:47:7a:
                    f5:5c:ea:e8:37:bf:60:46:75:05:07:3b:4a:ed:b1:
                    b2:76:0c:f6:bf:30:29:3e:b1:47:68:e4:33:3f:a4:
                    f4:6c:e3:8e:0e:93:9b:63:43:ef:7d:71:82:92:ee:
                    99:23:3c:4b:04:bd:dd:f4:cc:6b:98:48:38:af:78:
                    8a:bf:af:3b:16:fb:24:87:32:50:f5:31:46:51:30:
                    56:0d:0f:37:84:71:25:38:92:d9:71:af:26:e7:b8:
                    e4:1a:01:22:75:25:bb:f4:43:a3:8b:57:4d:da:ae:
                    05:bf:e9:d6:de:9f:59:7e:36:b3:2e:86:58:fb:f1:
                    ae:0f:81:f3:44:b5:70:2a:00:a7:3a:d8:e0:2b:c3:
                    98:c4:8f:f6:62:ab:dd:e6:91:00:a2:d6:ac:7f:6c:
                    3c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:0B:1D:5D:FA:3D:1C:98:32:00:68:AA:E3:91:44:40:3F:23:88:34
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3223.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:d7:39:5f:bc:0f:44:49:7e:0a:c1:c5:dc:75:c4:ff:0e:c9:
         17:99:56:ad:2e:b8:94:96:ab:8a:d7:b6:11:f5:f4:8d:81:c7:
         73:55:5f:ed:da:c2:13:6d:38:60:d8:1f:9a:ac:79:99:84:0b:
         1a:19:11:cc:20:04:18:99:74:6d:2a:8c:c6:1b:a9:07:ac:28:
         27:8d:a9:69:a4:4d:25:d5:a3:d4:f3:41:23:9e:d4:c5:ab:33:
         9f:f2:14:48:ed:98:3f:b7:f1:10:84:68:f7:df:87:a7:dc:4f:
         ad:6a:a2:00:ef:1e:4a:bc:6e:c0:b0:14:62:46:ac:12:13:48:
         5c:0c:cf:79:f1:4c:bc:87:5f:b0:05:8b:1c:5d:b7:76:bb:8e:
         5a:11:42:8d:5a:16:be:34:69:cd:ad:ff:2d:72:7a:7d:8a:99:
         6e:34:d1:70:19:72:c9:25:5b:0e:a0:e4:3f:c8:4a:09:67:8a:
         e1:03:59:81:ce:f4:f4:10:07:bd:10:c2:b1:d8:19:d3:3b:0a:
         7e:77:99:af:6f:bd:7f:4a:57:ca:c1:47:28:cd:00:71:66:f0:
         60:23:78:a8:c8:69:70:21:09:59:28:e8:78:1d:b4:4d:fc:be:
         40:46:b0:31:ed:1a:7c:67:96:1b:36:86:7e:d8:40:3d:7c:7e:
         6e:4f:9d:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUWzndOmTicYgpBa9m0jQHjRIEczwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEyMTcwOTU4MzRaFw0yNDEyMTUxMDAzMzRaMDMxMTAvBgNV
BAMTKEQyMEIxRDVERkEzRDFDOTgzMjAwNjhBQUUzOTE0NDQwM0YyMzg4MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeTVfmjdaiGQ8DLte03Ciaw9l8
Nv2rgWxpx2z09Vx/GPTAfVcMHgwUm9HW1j7Un/nXtA0XhUdAsFTEsFTEp3MPHsK7
No2pWKJZGhfF6khwl/ZbJQBI7kLjkKM08EvUFNfeQborKzFHevVc6ug3v2BGdQUH
O0rtsbJ2DPa/MCk+sUdo5DM/pPRs444Ok5tjQ+99cYKS7pkjPEsEvd30zGuYSDiv
eIq/rzsW+ySHMlD1MUZRMFYNDzeEcSU4ktlxrybnuOQaASJ1Jbv0Q6OLV03argW/
6dben1l+NrMuhlj78a4PgfNEtXAqAKc62OArw5jEj/Ziq93mkQCi1qx/bDyRAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU0gsdXfo9HJgyAGiq45FEQD8jiDQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzIyMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJNOeTAN
BgkqhkiG9w0BAQsFAAOCAQEAotc5X7wPREl+CsHF3HXE/w7JF5lWrS64lJarite2
EfX0jYHHc1Vf7drCE204YNgfmqx5mYQLGhkRzCAEGJl0bSqMxhupB6woJ42paaRN
JdWj1PNBI57Uxaszn/IUSO2YP7fxEIRo99+Hp9xPrWqiAO8eSrxuwLAUYkasEhNI
XAzPefFMvIdfsAWLHF23druOWhFCjVoWvjRpza3/LXJ6fYqZbjTRcBlyySVbDqDk
P8hKCWeK4QNZgc709BAHvRDCsdgZ0zsKfneZr2+9f0pXysFHKM0AcWbwYCN4qMhp
cCEJWSjoeB20Tfy+QEawMe0afGeWGzaGfthAPXx+bk+ddA==
-----END CERTIFICATE-----