Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
File:                     AS13768.roa (raw, json)
Hash identifier:          mxPVXmLIyjl0uk4fkKYeU2WeStB2aaD5rhOHPsVXK2k=
Subject key identifier:   59:E8:A0:65:B7:15:90:41:C4:2C:D2:F5:F2:57:BF:F2:0C:D7:3A:A5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       75D5B4A4D0ECCC290C6CCFF05B1DCB93B2DA86FF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa
Signing time:             Wed 16 Jul 2025 11:54:13 +0000
ROA not before:           Wed 16 Jul 2025 11:49:13 +0000
ROA not after:            Wed 15 Jul 2026 11:54:13 +0000
asID:                     13768
IP address blocks:        181.215.249.0/24 maxlen: 24
                          191.96.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:d5:b4:a4:d0:ec:cc:29:0c:6c:cf:f0:5b:1d:cb:93:b2:da:86:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 16 11:49:13 2025 GMT
            Not After : Jul 15 11:54:13 2026 GMT
        Subject: CN=59E8A065B7159041C42CD2F5F257BFF20CD73AA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b0:a1:59:77:3b:51:67:73:97:fe:92:39:db:
                    6b:64:ac:9e:46:40:0e:0a:69:46:89:66:e6:b2:1d:
                    78:d0:e5:20:8b:b4:1a:3a:11:8d:96:6b:66:72:91:
                    84:38:c7:a5:3e:cf:61:61:df:42:15:30:30:61:4c:
                    28:08:26:3a:18:1d:cb:5a:bb:dd:55:52:f0:96:d0:
                    09:96:04:c7:f4:ed:fe:3c:0a:f2:c1:01:92:26:7f:
                    1f:2a:2a:0a:90:4d:76:8c:43:e9:cd:89:70:54:dc:
                    91:cf:30:24:e5:08:d4:5d:37:29:f2:1d:a5:94:49:
                    d0:25:fc:78:0e:07:a3:06:2f:67:65:d6:ff:3e:3c:
                    aa:29:70:00:11:13:02:2f:1e:58:76:5d:bc:e4:48:
                    7a:52:41:d4:27:23:5a:f8:70:0a:f6:99:4b:e0:3d:
                    d2:eb:d9:72:89:e0:08:ae:bb:01:7d:58:3d:4a:4e:
                    c1:b3:b0:8f:3b:ef:b4:93:b7:52:7c:8a:81:a2:7d:
                    b1:50:8a:3c:16:dd:9f:fe:00:83:11:6e:a1:73:ef:
                    9c:f2:fc:10:37:d1:ae:57:41:52:3f:01:ce:33:48:
                    5f:3f:a8:4b:2c:e9:7b:15:af:9d:77:50:6b:4f:25:
                    dc:ff:4c:78:7d:39:d8:99:24:ea:20:29:f3:f8:32:
                    c6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E8:A0:65:B7:15:90:41:C4:2C:D2:F5:F2:57:BF:F2:0C:D7:3A:A5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.249.0/24
                  191.96.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e0:52:cf:9f:9c:12:f8:d4:c9:b8:ea:5d:f6:9b:b0:1e:fe:
         11:b0:2c:6e:5c:89:c2:ca:4a:5b:46:0d:dc:73:c2:da:09:09:
         b1:13:3b:34:ee:f7:4a:e2:43:df:0f:f8:db:a1:3f:a3:88:5c:
         88:cb:73:0b:6f:83:4d:44:13:59:0c:de:02:36:03:0e:b1:25:
         12:a5:f0:a6:74:49:40:9b:c1:69:9e:69:9b:c5:3c:79:85:e2:
         82:3d:71:e6:ff:08:c3:9a:57:dc:f1:45:fd:40:a5:e4:17:c1:
         20:eb:67:30:b1:42:c0:16:fb:6b:bf:5f:02:cd:46:a1:3e:31:
         31:fa:6d:30:3f:59:c0:27:00:a9:90:3c:1b:99:c8:fd:b3:d5:
         78:37:ac:55:a4:71:72:23:23:b2:b2:52:48:ad:ce:c9:09:93:
         22:58:71:fa:a2:be:b9:a5:41:4b:f0:6b:21:9d:8f:9c:23:61:
         a9:97:65:f5:3d:75:b4:cd:8f:36:b4:80:02:6d:c3:8d:61:59:
         3a:6d:b8:c5:54:d9:09:7b:3a:c9:2b:5f:02:ec:db:6c:bf:d7:
         f9:a2:5e:9a:fc:0c:c5:3b:60:75:ed:99:70:f5:35:30:e1:a5:
         d3:dd:5e:cf:cd:32:79:6d:ae:ff:91:f7:8a:49:1f:a5:1e:98:
         5c:0c:29:b7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUddW0pNDszCkMbM/wWx3Lk7Lahv8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MTYxMTQ5MTNaFw0yNjA3MTUxMTU0MTNaMDMxMTAvBgNV
BAMTKDU5RThBMDY1QjcxNTkwNDFDNDJDRDJGNUYyNTdCRkYyMENENzNBQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpsKFZdztRZ3OX/pI522tkrJ5G
QA4KaUaJZuayHXjQ5SCLtBo6EY2Wa2ZykYQ4x6U+z2Fh30IVMDBhTCgIJjoYHcta
u91VUvCW0AmWBMf07f48CvLBAZImfx8qKgqQTXaMQ+nNiXBU3JHPMCTlCNRdNyny
HaWUSdAl/HgOB6MGL2dl1v8+PKopcAAREwIvHlh2XbzkSHpSQdQnI1r4cAr2mUvg
PdLr2XKJ4AiuuwF9WD1KTsGzsI8777STt1J8ioGifbFQijwW3Z/+AIMRbqFz75zy
/BA30a5XQVI/Ac4zSF8/qEss6XsVr513UGtPJdz/THh9OdiZJOogKfP4MsYTAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWeigZbcVkEHELNL18le/8gzXOqUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3Njgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11/kD
BAC/YB4wDQYJKoZIhvcNAQELBQADggEBAGDgUs+fnBL41Mm46l32m7Ae/hGwLG5c
icLKSltGDdxzwtoJCbETOzTu90riQ98P+NuhP6OIXIjLcwtvg01EE1kM3gI2Aw6x
JRKl8KZ0SUCbwWmeaZvFPHmF4oI9ceb/CMOaV9zxRf1ApeQXwSDrZzCxQsAW+2u/
XwLNRqE+MTH6bTA/WcAnAKmQPBuZyP2z1Xg3rFWkcXIjI7KyUkitzskJkyJYcfqi
vrmlQUvwayGdj5wjYamXZfU9dbTNjza0gAJtw41hWTptuMVU2Ql7OskrXwLs22y/
1/miXpr8DMU7YHXtmXD1NTDhpdPdXs/NMnltrv+R94pJH6UemFwMKbc=
-----END CERTIFICATE-----