Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
File:                     AS137571.roa (raw, json)
Hash identifier:          XCszfrquQmxlKocMzKuGz/uVsiIws4ETHOvqi56vNM4=
Subject key identifier:   85:73:82:BE:33:83:94:C0:9A:33:C8:3F:C0:C2:99:A4:65:96:04:81
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       51FB5007F0E0CC121C191446110D3564E808E005
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
Signing time:             Wed 16 Jul 2025 14:54:13 +0000
ROA not before:           Wed 16 Jul 2025 14:49:13 +0000
ROA not after:            Wed 15 Jul 2026 14:54:13 +0000
asID:                     137571
IP address blocks:        191.101.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:fb:50:07:f0:e0:cc:12:1c:19:14:46:11:0d:35:64:e8:08:e0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 16 14:49:13 2025 GMT
            Not After : Jul 15 14:54:13 2026 GMT
        Subject: CN=857382BE338394C09A33C83FC0C299A465960481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e5:7e:cc:e9:ba:57:44:72:36:fd:7f:bd:68:
                    b1:03:a9:15:8e:3a:72:b3:d3:22:a1:1d:bc:e1:a1:
                    26:7d:58:0d:61:a7:8e:00:fd:42:35:ba:40:f9:07:
                    41:26:d9:ab:de:ed:9e:75:ff:61:e6:da:14:ce:66:
                    8c:05:0f:a5:44:79:9b:22:ea:47:88:8e:fd:af:96:
                    92:60:92:66:b3:ec:8d:22:21:fd:a4:28:42:5e:66:
                    0a:7e:49:62:56:5b:46:5f:57:14:31:36:40:76:30:
                    ac:1f:09:a5:71:71:b4:71:5d:9c:96:66:d3:91:96:
                    09:84:b7:43:f3:30:90:06:61:b5:2c:df:76:d7:0c:
                    06:72:97:61:3c:c6:22:a7:c6:0a:66:dc:c5:6f:e0:
                    69:28:b9:e4:47:35:cd:65:97:09:97:a6:0c:94:44:
                    6c:83:b9:50:09:52:b0:31:0e:bc:cd:32:8e:83:ba:
                    5f:f9:7f:f0:59:8e:3e:fe:b8:d4:96:34:98:e1:bd:
                    41:a1:cb:29:2b:a4:5b:bc:c3:3b:c2:cb:28:a2:6e:
                    65:f3:20:34:4e:07:c1:b8:3d:78:4f:61:31:b6:03:
                    b1:16:dc:54:d5:27:57:b3:4a:2c:5e:c8:b3:d7:0c:
                    2f:15:37:b4:6c:e9:9e:16:d9:d9:d7:d4:2c:f3:18:
                    b3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:73:82:BE:33:83:94:C0:9A:33:C8:3F:C0:C2:99:A4:65:96:04:81
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:7b:50:39:45:39:4c:b9:eb:67:0d:20:3e:a7:62:ff:79:d3:
         65:79:c8:cb:ca:c8:c3:89:7f:ee:d6:1d:23:dd:5b:bf:75:1f:
         87:87:17:3a:39:2d:ab:bc:15:b0:d9:d6:fe:75:76:e2:5a:f1:
         53:9a:fc:e0:cc:7b:56:64:1b:fc:1d:9a:7d:5c:14:55:44:00:
         d0:23:f6:35:d3:34:5b:3e:8d:fd:45:05:3e:e4:0d:e2:f0:68:
         f7:11:d8:fd:cb:3f:15:d1:6b:d7:7f:0b:49:1c:f8:04:63:f3:
         7a:06:24:22:34:e5:2a:1f:f2:8b:53:10:21:76:c3:30:b4:56:
         66:a1:b7:d0:3d:60:8d:7d:fb:a5:40:a1:85:6b:05:f6:42:65:
         0c:38:32:1b:fd:48:1e:80:18:0b:fb:1a:d5:eb:bc:e9:a1:2c:
         b7:36:ce:fa:da:36:e8:49:98:25:b0:9f:d2:64:c5:65:67:17:
         da:0e:dc:e6:04:e7:29:b3:04:0b:d9:66:e6:cf:ef:92:8d:21:
         f7:60:68:15:81:ad:75:3e:32:b3:a6:f2:b7:25:82:5c:e3:cb:
         2a:e8:53:87:53:7f:fb:a5:ca:c8:0e:f7:d6:36:a1:55:cb:55:
         62:85:c2:c0:fc:8e:f7:9c:a2:50:ae:dd:94:07:47:1e:3c:0d:
         9b:dc:69:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUftQB/DgzBIcGRRGEQ01ZOgI4AUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTYxNDQ5MTNaFw0yNjA3MTUxNDU0MTNaMDMxMTAvBgNV
BAMTKDg1NzM4MkJFMzM4Mzk0QzA5QTMzQzgzRkMwQzI5OUE0NjU5NjA0ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN5X7M6bpXRHI2/X+9aLEDqRWO
OnKz0yKhHbzhoSZ9WA1hp44A/UI1ukD5B0Em2ave7Z51/2Hm2hTOZowFD6VEeZsi
6keIjv2vlpJgkmaz7I0iIf2kKEJeZgp+SWJWW0ZfVxQxNkB2MKwfCaVxcbRxXZyW
ZtORlgmEt0PzMJAGYbUs33bXDAZyl2E8xiKnxgpm3MVv4GkoueRHNc1llwmXpgyU
RGyDuVAJUrAxDrzNMo6Dul/5f/BZjj7+uNSWNJjhvUGhyykrpFu8wzvCyyiibmXz
IDROB8G4PXhPYTG2A7EW3FTVJ1ezSixeyLPXDC8VN7Rs6Z4W2dnX1CzzGLOdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhXOCvjODlMCaM8g/wMKZpGWWBIEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Us
MA0GCSqGSIb3DQEBCwUAA4IBAQCAe1A5RTlMuetnDSA+p2L/edNlecjLysjDiX/u
1h0j3Vu/dR+Hhxc6OS2rvBWw2db+dXbiWvFTmvzgzHtWZBv8HZp9XBRVRADQI/Y1
0zRbPo39RQU+5A3i8Gj3Edj9yz8V0WvXfwtJHPgEY/N6BiQiNOUqH/KLUxAhdsMw
tFZmobfQPWCNffulQKGFawX2QmUMODIb/UgegBgL+xrV67zpoSy3Ns762jboSZgl
sJ/SZMVlZxfaDtzmBOcpswQL2Wbmz++SjSH3YGgVga11PjKzpvK3JYJc48sq6FOH
U3/7pcrIDvfWNqFVy1VihcLA/I73nKJQrt2UB0cePA2b3GnB
-----END CERTIFICATE-----