Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
File:                     AS137571.roa (raw, json)
Hash identifier:          FfQM5Uz90bN2hhm4+CUx6Tv+883qJVbweykaTYxReO4=
Subject key identifier:   60:9F:EE:70:B8:62:49:A5:EC:4C:50:17:26:DF:C0:17:40:49:55:12
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5B72B8B82F518F164DD11939776BBC746EE4F4E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
Signing time:             Wed 14 Aug 2024 14:40:41 +0000
ROA not before:           Wed 14 Aug 2024 14:35:41 +0000
ROA not after:            Wed 13 Aug 2025 14:40:41 +0000
asID:                     137571
IP address blocks:        191.101.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:72:b8:b8:2f:51:8f:16:4d:d1:19:39:77:6b:bc:74:6e:e4:f4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 14 14:35:41 2024 GMT
            Not After : Aug 13 14:40:41 2025 GMT
        Subject: CN=609FEE70B86249A5EC4C501726DFC01740495512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f0:f0:03:9e:e6:b8:6e:28:57:5d:0c:e2:c9:
                    a8:c2:22:9b:57:1d:55:4d:a0:19:7e:61:ff:05:97:
                    9f:4f:2a:a3:59:20:2d:8f:b8:38:67:26:74:4c:be:
                    d3:5f:34:91:f8:e7:7f:2b:a8:50:1c:04:03:6e:88:
                    d5:35:56:b2:26:0c:01:e4:af:de:fd:9e:10:f0:2b:
                    2d:90:f4:4f:35:8f:3c:d8:b2:da:17:d0:76:21:99:
                    cf:d8:99:c4:7a:75:f6:d6:5e:a8:3f:1f:10:ed:83:
                    39:dc:61:dc:db:45:14:9d:27:09:ba:eb:9b:b3:94:
                    3c:4b:15:88:a4:99:9c:52:54:6a:28:bb:8c:89:48:
                    f7:91:ba:71:91:5e:a9:bc:fe:a5:a6:b4:b8:ea:ea:
                    2c:94:be:ff:65:27:17:77:4f:04:a8:f8:2e:8e:79:
                    e7:d6:18:63:e4:48:7e:c9:6b:23:73:46:34:13:35:
                    ed:9a:59:90:99:8c:6d:d9:99:4a:03:38:f1:cd:9d:
                    67:47:9f:90:7b:01:e8:d4:9a:f6:91:0a:df:94:2c:
                    31:f3:d8:fb:b5:bf:b0:52:52:93:b8:ca:3b:cd:cb:
                    82:76:f4:49:94:7d:1c:dc:c9:63:db:a6:d1:5a:e6:
                    32:02:20:c7:1f:ea:29:36:f1:09:70:ea:2e:6b:1b:
                    71:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9F:EE:70:B8:62:49:A5:EC:4C:50:17:26:DF:C0:17:40:49:55:12
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:af:ea:da:cc:0a:0b:b6:b3:b3:fc:98:99:0e:eb:68:dd:71:
         38:3b:59:10:26:16:b6:18:00:9f:21:fc:41:56:0d:b0:72:98:
         e0:f9:5a:e7:02:f1:8a:ed:7f:d6:80:b0:f9:5f:16:42:67:42:
         79:1f:76:02:8f:54:cd:1e:0e:06:9b:1e:41:f2:cb:5e:34:73:
         11:8d:d2:c1:60:f9:e0:f7:c0:b9:ac:50:e6:cd:c5:54:81:d1:
         61:41:1c:ed:4f:5b:12:42:28:15:b3:6e:e1:7d:da:90:30:3a:
         64:ae:99:d6:24:5b:d4:a5:df:04:b5:08:12:92:8f:87:0e:1e:
         37:4b:1c:e1:08:45:27:1f:28:b3:d8:14:89:3e:c9:29:ce:b8:
         90:41:0f:d6:e9:9e:bd:8f:a5:9e:c6:91:0a:e3:7d:52:01:dc:
         d4:df:21:09:39:97:62:a3:e9:08:4f:a8:88:4c:79:22:a3:77:
         b0:4d:34:61:a6:fd:3c:06:ab:6f:3c:3a:98:f5:31:4d:59:ec:
         70:93:9f:1f:96:49:97:98:fe:b9:5d:4d:c2:68:02:d3:26:49:
         fb:1b:9f:f4:3c:08:2c:05:22:67:d2:c8:fd:fa:e4:f8:ac:1c:
         c8:6c:1a:ab:b7:fc:bd:a7:66:f9:9e:ca:85:32:bd:ee:ac:53:
         30:e0:e8:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUW3K4uC9RjxZN0Rk5d2u8dG7k9OgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MTQxNDM1NDFaFw0yNTA4MTMxNDQwNDFaMDMxMTAvBgNV
BAMTKDYwOUZFRTcwQjg2MjQ5QTVFQzRDNTAxNzI2REZDMDE3NDA0OTU1MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa8PADnua4bihXXQziyajCIptX
HVVNoBl+Yf8Fl59PKqNZIC2PuDhnJnRMvtNfNJH4538rqFAcBANuiNU1VrImDAHk
r979nhDwKy2Q9E81jzzYstoX0HYhmc/YmcR6dfbWXqg/HxDtgzncYdzbRRSdJwm6
65uzlDxLFYikmZxSVGoou4yJSPeRunGRXqm8/qWmtLjq6iyUvv9lJxd3TwSo+C6O
eefWGGPkSH7JayNzRjQTNe2aWZCZjG3ZmUoDOPHNnWdHn5B7AejUmvaRCt+ULDHz
2Pu1v7BSUpO4yjvNy4J29EmUfRzcyWPbptFa5jICIMcf6ik28Qlw6i5rG3EFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYJ/ucLhiSaXsTFAXJt/AF0BJVRIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Us
MA0GCSqGSIb3DQEBCwUAA4IBAQAur+razAoLtrOz/JiZDuto3XE4O1kQJha2GACf
IfxBVg2wcpjg+VrnAvGK7X/WgLD5XxZCZ0J5H3YCj1TNHg4Gmx5B8steNHMRjdLB
YPng98C5rFDmzcVUgdFhQRztT1sSQigVs27hfdqQMDpkrpnWJFvUpd8EtQgSko+H
Dh43SxzhCEUnHyiz2BSJPskpzriQQQ/W6Z69j6WexpEK431SAdzU3yEJOZdio+kI
T6iITHkio3ewTTRhpv08BqtvPDqY9TFNWexwk58flkmXmP65XU3CaALTJkn7G5/0
PAgsBSJn0sj9+uT4rBzIbBqrt/y9p2b5nsqFMr3urFMw4OiC
-----END CERTIFICATE-----