Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS148996.roa
File:                     AS148996.roa (raw, json)
Hash identifier:          NZnusgsLkQ9hz1q/kgFCORzMbx6sxIryxVmO4cEDPAU=
Subject key identifier:   58:3E:A4:06:7B:B6:0F:7D:78:CF:89:28:0E:9E:32:8E:51:5A:F8:B4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       371BBAC45CB303CE570E2FD9F0E34DA70BB9DB27
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS148996.roa
Signing time:             Fri 20 Sep 2024 10:39:37 +0000
ROA not before:           Fri 20 Sep 2024 10:34:37 +0000
ROA not after:            Fri 19 Sep 2025 10:39:37 +0000
asID:                     148996
IP address blocks:        181.214.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1b:ba:c4:5c:b3:03:ce:57:0e:2f:d9:f0:e3:4d:a7:0b:b9:db:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 20 10:34:37 2024 GMT
            Not After : Sep 19 10:39:37 2025 GMT
        Subject: CN=583EA4067BB60F7D78CF89280E9E328E515AF8B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0c:66:39:ed:3a:53:4c:e9:f9:a4:fe:6b:25:
                    18:12:c1:0e:79:d3:e7:a4:ff:6c:1b:5f:fa:17:4a:
                    46:a4:27:be:bb:17:e2:ad:ff:fe:bd:71:eb:9f:bc:
                    8a:24:4e:24:61:17:3c:b6:8f:99:74:e5:8b:93:27:
                    9d:ba:f6:ac:a3:7a:9e:f4:4b:09:02:c2:8b:1f:c2:
                    9a:2f:cb:27:cc:96:12:2a:64:56:0b:bc:85:0f:b0:
                    6c:d3:75:d8:ae:6f:aa:24:23:fb:e8:cc:74:4f:ab:
                    98:27:49:7e:b1:de:bf:04:d4:e0:cf:ee:50:d5:54:
                    b4:39:51:b3:ba:6b:9c:be:d8:78:71:0d:b4:92:8b:
                    c5:24:3d:5b:d2:1d:34:f1:3e:c3:f4:64:45:90:62:
                    e3:ee:ab:47:25:b3:9b:04:a7:6e:0a:c1:5b:08:3f:
                    02:26:1e:cf:63:e6:40:6c:6d:b7:a3:5e:b9:ab:d8:
                    33:6e:28:9c:c1:a8:58:dd:73:d0:e2:4f:46:8b:58:
                    04:4a:5c:e9:38:78:6d:05:42:45:5c:c9:68:08:dc:
                    db:1f:f5:90:94:2c:15:3b:00:90:75:09:60:0b:55:
                    e9:38:b7:68:65:9d:4f:9b:98:e9:f1:0d:39:ca:0c:
                    bd:a6:88:aa:bb:78:2d:1e:91:31:e0:9a:3d:8f:81:
                    20:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:3E:A4:06:7B:B6:0F:7D:78:CF:89:28:0E:9E:32:8E:51:5A:F8:B4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS148996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:b8:ba:97:1e:0f:85:9b:60:10:22:45:a6:e2:2a:a2:0f:f3:
         56:7d:c4:02:73:5f:80:1c:f2:4b:89:46:18:e4:f8:74:77:87:
         7f:3d:46:e4:ab:6b:90:90:75:88:e9:be:6e:33:f3:15:25:e1:
         2e:3f:d2:dd:8b:eb:10:76:01:b1:81:16:73:c8:fe:74:06:e3:
         65:b9:f9:dc:f9:17:ec:95:76:b4:34:f5:79:b5:e3:ac:26:ec:
         b0:ac:74:d4:c5:c1:27:c5:01:ed:ba:71:cb:fb:17:a3:43:3c:
         02:22:3d:bb:ef:8e:b4:58:ad:e1:d3:f3:f8:a9:00:df:c4:64:
         3f:c8:f2:aa:43:3f:c5:20:c7:89:95:90:cc:98:c8:7c:d7:29:
         dd:d2:32:ac:8f:6e:a6:40:88:29:37:f3:38:ed:c6:e1:87:03:
         71:d0:1b:cc:2b:60:41:b1:b6:1c:4b:44:e0:13:b4:a7:59:16:
         c7:25:38:d7:b6:8f:65:4b:64:61:34:00:69:c2:30:fb:59:34:
         cd:77:e8:6d:5e:75:0d:8b:12:cb:ab:6f:74:72:d2:83:bc:6e:
         6e:92:e4:75:3c:23:9a:70:b7:ff:f8:94:44:8b:e9:2f:0b:76:
         e9:80:a5:01:9d:4d:9b:54:9e:66:78:2b:af:bb:72:4a:91:e9:
         d4:ff:45:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNxu6xFyzA85XDi/Z8ONNpwu52ycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjAxMDM0MzdaFw0yNTA5MTkxMDM5MzdaMDMxMTAvBgNV
BAMTKDU4M0VBNDA2N0JCNjBGN0Q3OENGODkyODBFOUUzMjhFNTE1QUY4QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6DGY57TpTTOn5pP5rJRgSwQ55
0+ek/2wbX/oXSkakJ767F+Kt//69ceufvIokTiRhFzy2j5l05YuTJ5269qyjep70
SwkCwosfwpovyyfMlhIqZFYLvIUPsGzTddiub6okI/vozHRPq5gnSX6x3r8E1ODP
7lDVVLQ5UbO6a5y+2HhxDbSSi8UkPVvSHTTxPsP0ZEWQYuPuq0cls5sEp24KwVsI
PwImHs9j5kBsbbejXrmr2DNuKJzBqFjdc9DiT0aLWARKXOk4eG0FQkVcyWgI3Nsf
9ZCULBU7AJB1CWALVek4t2hlnU+bmOnxDTnKDL2miKq7eC0ekTHgmj2PgSDzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWD6kBnu2D314z4koDp4yjlFa+LQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ4OTk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYh
MA0GCSqGSIb3DQEBCwUAA4IBAQBJuLqXHg+Fm2AQIkWm4iqiD/NWfcQCc1+AHPJL
iUYY5Ph0d4d/PUbkq2uQkHWI6b5uM/MVJeEuP9Ldi+sQdgGxgRZzyP50BuNlufnc
+RfslXa0NPV5teOsJuywrHTUxcEnxQHtunHL+xejQzwCIj277460WK3h0/P4qQDf
xGQ/yPKqQz/FIMeJlZDMmMh81ynd0jKsj26mQIgpN/M47cbhhwNx0BvMK2BBsbYc
S0TgE7SnWRbHJTjXto9lS2RhNABpwjD7WTTNd+htXnUNixLLq290ctKDvG5ukuR1
PCOacLf/+JREi+kvC3bpgKUBnU2bVJ5meCuvu3JKkenU/0VY
-----END CERTIFICATE-----