Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          DtwcErwwyhNV3XsQTyTJlevAtgtjVXAFMDjUhJQl2N8=
Subject key identifier:   58:61:EC:B6:84:D6:85:84:85:D7:EA:D5:FA:56:80:C8:87:57:36:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       43F193ABC7A8EFA29F0AFA78BD1E677DF3F788C6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
Signing time:             Mon 30 Jun 2025 06:02:39 +0000
ROA not before:           Mon 30 Jun 2025 05:57:39 +0000
ROA not after:            Mon 29 Jun 2026 06:02:39 +0000
asID:                     152672
IP address blocks:        191.96.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:f1:93:ab:c7:a8:ef:a2:9f:0a:fa:78:bd:1e:67:7d:f3:f7:88:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 30 05:57:39 2025 GMT
            Not After : Jun 29 06:02:39 2026 GMT
        Subject: CN=5861ECB684D6858485D7EAD5FA5680C887573606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2b:fd:43:89:c7:e2:ad:4d:ed:ca:c1:6e:eb:
                    49:91:78:64:15:75:7e:dc:70:18:ac:9c:67:dc:90:
                    64:9c:fc:a8:66:13:76:50:8f:4e:ea:78:27:2e:3c:
                    19:a8:54:4b:58:69:26:d5:3e:0e:50:d8:1d:dd:77:
                    3b:03:38:97:ae:a5:3a:4a:30:e6:d8:70:17:bc:77:
                    65:aa:36:4f:5f:1d:ad:f1:e3:1c:7e:5d:1d:af:f2:
                    b8:7f:50:0d:5f:4f:28:c5:d2:58:55:cc:f1:6e:a9:
                    8d:a6:0b:bc:2c:59:aa:c9:4a:c2:7e:9d:66:0a:96:
                    7b:cc:c0:f5:17:a0:ae:79:31:14:ed:5b:91:83:64:
                    c0:7b:4a:20:39:78:dc:03:ae:64:7f:ce:cc:82:34:
                    52:75:7f:b9:c4:a5:50:e8:df:77:a9:ba:a5:68:7c:
                    a1:ea:9c:50:82:ab:ae:4c:bb:58:89:63:e9:2b:b3:
                    61:00:ad:c3:af:6f:a0:6f:d6:f8:a5:62:09:82:5f:
                    6d:bf:90:2f:01:67:4c:1d:5e:77:2c:8c:76:5e:99:
                    51:5e:f0:74:3d:35:33:6d:d1:f0:e2:2e:9f:65:2f:
                    bc:6e:79:72:69:64:c2:cb:16:dc:6a:cc:78:26:aa:
                    94:df:c1:96:d7:9d:c2:26:10:65:4b:cc:a3:4f:4d:
                    5a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:61:EC:B6:84:D6:85:84:85:D7:EA:D5:FA:56:80:C8:87:57:36:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:36:58:f5:70:2d:ba:5c:a2:c1:88:c9:f1:07:f7:bf:fe:19:
         3b:1a:3c:a1:b0:3b:af:2d:0d:5a:0e:9a:6a:7e:cb:1d:3d:55:
         7b:6f:89:fa:fe:af:e2:78:9b:67:17:88:85:34:d5:c1:74:7a:
         f9:7f:23:14:f7:e9:79:d2:83:b6:61:77:af:67:37:90:44:3b:
         25:fa:a0:50:9f:ed:c5:b2:17:7f:c4:f7:5b:01:ed:55:90:05:
         3b:a9:54:2f:ba:0c:76:89:16:7a:2d:a9:4b:a9:03:c7:90:43:
         2c:1f:6a:23:cb:84:f1:db:34:5e:95:b2:46:7e:b6:1a:6a:92:
         37:16:47:94:a6:8b:f4:14:5b:84:23:79:40:64:1c:47:07:d2:
         78:34:4c:a6:31:9e:b1:34:a7:0e:e6:1c:89:a9:d7:fb:d7:a8:
         79:f6:a6:4c:d7:04:b1:8f:9a:72:62:9a:8e:f7:a6:f5:d7:e4:
         1c:63:5b:be:2a:62:f4:0a:7a:e2:68:93:64:01:17:8b:2d:b0:
         f9:bf:36:36:e7:c7:0a:e6:71:0f:ad:a5:aa:50:c7:d4:1d:4e:
         aa:8f:19:78:9b:b8:08:0e:2e:a3:6d:de:e1:f7:66:20:9b:90:
         67:a9:d1:91:09:56:bd:d9:2e:33:3f:67:fc:a4:b7:69:7c:45:
         e9:17:37:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQ/GTq8eo76KfCvp4vR5nffP3iMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MzAwNTU3MzlaFw0yNjA2MjkwNjAyMzlaMDMxMTAvBgNV
BAMTKDU4NjFFQ0I2ODRENjg1ODQ4NUQ3RUFENUZBNTY4MEM4ODc1NzM2MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRK/1DicfirU3tysFu60mReGQV
dX7ccBisnGfckGSc/KhmE3ZQj07qeCcuPBmoVEtYaSbVPg5Q2B3ddzsDOJeupTpK
MObYcBe8d2WqNk9fHa3x4xx+XR2v8rh/UA1fTyjF0lhVzPFuqY2mC7wsWarJSsJ+
nWYKlnvMwPUXoK55MRTtW5GDZMB7SiA5eNwDrmR/zsyCNFJ1f7nEpVDo33epuqVo
fKHqnFCCq65Mu1iJY+krs2EArcOvb6Bv1vilYgmCX22/kC8BZ0wdXncsjHZemVFe
8HQ9NTNt0fDiLp9lL7xueXJpZMLLFtxqzHgmqpTfwZbXncImEGVLzKNPTVqtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWGHstoTWhYSF1+rV+laAyIdXNgYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CS
MA0GCSqGSIb3DQEBCwUAA4IBAQCcNlj1cC26XKLBiMnxB/e//hk7GjyhsDuvLQ1a
DppqfssdPVV7b4n6/q/ieJtnF4iFNNXBdHr5fyMU9+l50oO2YXevZzeQRDsl+qBQ
n+3Fshd/xPdbAe1VkAU7qVQvugx2iRZ6LalLqQPHkEMsH2ojy4Tx2zRelbJGfrYa
apI3FkeUpov0FFuEI3lAZBxHB9J4NEymMZ6xNKcO5hyJqdf716h59qZM1wSxj5py
YpqO96b11+QcY1u+KmL0CnriaJNkAReLLbD5vzY258cK5nEPraWqUMfUHU6qjxl4
m7gIDi6jbd7h92Ygm5BnqdGRCVa92S4zP2f8pLdpfEXpFzck
-----END CERTIFICATE-----