Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          OIU6S47ZrbOQvHMfSC1RpL6q6u4s9H++2mk5Jt+Z6Po=
Subject key identifier:   7D:BE:E7:D2:4E:3C:38:F6:41:CB:80:DC:E1:7C:E7:67:EA:49:72:B2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4B3BEA1419CCEFCB9EB9A6DD7E7BCFC99E789664
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa
Signing time:             Mon 13 May 2024 06:24:37 +0000
ROA not before:           Mon 13 May 2024 06:19:37 +0000
ROA not after:            Mon 12 May 2025 06:24:37 +0000
asID:                     152672
IP address blocks:        191.96.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:3b:ea:14:19:cc:ef:cb:9e:b9:a6:dd:7e:7b:cf:c9:9e:78:96:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 13 06:19:37 2024 GMT
            Not After : May 12 06:24:37 2025 GMT
        Subject: CN=7DBEE7D24E3C38F641CB80DCE17CE767EA4972B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cd:a2:d4:c5:d7:02:cd:43:b5:2f:79:04:88:
                    e3:51:35:c6:31:92:a9:f7:68:c4:08:e3:64:45:a8:
                    c3:9e:76:62:69:ac:a6:92:0c:c5:8e:03:6e:3f:31:
                    5d:8a:2a:ab:81:2e:f8:a8:98:1d:d5:0f:7d:93:26:
                    d5:c2:59:a8:77:0b:4d:28:93:07:d5:18:ef:67:09:
                    fa:ec:4c:9b:27:e3:c8:fa:8e:61:30:7c:cd:e6:a2:
                    06:4d:37:99:68:86:bc:21:84:a6:d7:c1:8c:4d:68:
                    84:4f:80:56:dc:f3:a7:19:f6:d4:3e:58:98:d2:10:
                    7e:81:90:10:b2:69:d1:02:ce:11:5e:b2:b8:ed:44:
                    04:b8:0e:e6:28:71:dd:13:1b:7b:9e:bd:a2:b9:b8:
                    6b:2a:c0:ca:e2:66:e9:08:0d:11:29:f2:15:cd:45:
                    b1:6e:f7:b6:b9:55:98:6a:a0:7b:b8:d1:91:b0:a3:
                    20:bd:b2:50:f1:db:4a:af:32:53:02:9d:39:84:e8:
                    50:e3:29:f7:22:8f:c7:e6:f3:c1:d8:8c:89:79:69:
                    12:cc:74:f9:8b:0a:c5:f7:8a:3b:50:02:80:68:42:
                    85:fc:53:45:24:0c:9f:34:a4:83:02:a4:59:61:71:
                    93:45:93:23:e8:a0:01:d8:24:ed:a3:b7:73:84:80:
                    29:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BE:E7:D2:4E:3C:38:F6:41:CB:80:DC:E1:7C:E7:67:EA:49:72:B2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:29:34:02:40:3a:eb:2f:4b:d3:f9:b7:b9:c2:57:fd:ca:00:
         0b:44:b5:ff:16:0a:43:3c:1a:ca:11:51:f3:3f:fe:a2:28:71:
         7f:e8:aa:d9:22:38:46:21:84:80:15:27:d7:88:71:31:5d:de:
         2c:fc:42:03:47:5c:d5:27:2f:11:0f:c4:19:af:ff:18:97:0a:
         50:e8:34:3c:9d:89:52:81:ec:9d:62:1c:d2:df:5f:10:08:1a:
         e9:06:51:a3:ab:9e:71:51:25:91:46:e0:58:08:26:c8:b5:86:
         0b:99:12:39:63:4f:f8:65:7c:fe:d9:ba:56:a9:5a:e3:52:39:
         09:4f:eb:7a:78:a2:89:82:36:dd:b1:10:56:20:5c:04:85:f2:
         ad:f5:35:94:9b:f9:0e:1e:67:0d:f1:be:c8:0e:f1:38:43:0d:
         f7:91:4d:97:6d:b1:5d:95:d3:a5:4e:b5:c8:1d:7a:45:6a:a0:
         e2:5c:f9:ba:77:6d:21:e5:cd:d7:1c:79:86:97:79:2b:d4:9e:
         ee:c8:88:12:4b:0e:4d:f4:65:4d:93:d0:a5:f2:4c:10:c3:b8:
         6d:d3:f2:2e:d8:2c:a8:58:03:cb:b2:11:29:50:6f:c1:a5:f0:
         9d:5d:16:51:d1:d1:5b:01:6e:9e:62:25:9e:cf:55:da:56:55:
         76:9d:23:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSzvqFBnM78ueuabdfnvPyZ54lmQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTMwNjE5MzdaFw0yNTA1MTIwNjI0MzdaMDMxMTAvBgNV
BAMTKDdEQkVFN0QyNEUzQzM4RjY0MUNCODBEQ0UxN0NFNzY3RUE0OTcyQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjzaLUxdcCzUO1L3kEiONRNcYx
kqn3aMQI42RFqMOedmJprKaSDMWOA24/MV2KKquBLviomB3VD32TJtXCWah3C00o
kwfVGO9nCfrsTJsn48j6jmEwfM3mogZNN5lohrwhhKbXwYxNaIRPgFbc86cZ9tQ+
WJjSEH6BkBCyadECzhFesrjtRAS4DuYocd0TG3uevaK5uGsqwMriZukIDREp8hXN
RbFu97a5VZhqoHu40ZGwoyC9slDx20qvMlMCnTmE6FDjKfcij8fm88HYjIl5aRLM
dPmLCsX3ijtQAoBoQoX8U0UkDJ80pIMCpFlhcZNFkyPooAHYJO2jt3OEgCm1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfb7n0k48OPZBy4Dc4XznZ+pJcrIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CS
MA0GCSqGSIb3DQEBCwUAA4IBAQBEKTQCQDrrL0vT+be5wlf9ygALRLX/FgpDPBrK
EVHzP/6iKHF/6KrZIjhGIYSAFSfXiHExXd4s/EIDR1zVJy8RD8QZr/8YlwpQ6DQ8
nYlSgeydYhzS318QCBrpBlGjq55xUSWRRuBYCCbItYYLmRI5Y0/4ZXz+2bpWqVrj
UjkJT+t6eKKJgjbdsRBWIFwEhfKt9TWUm/kOHmcN8b7IDvE4Qw33kU2XbbFdldOl
TrXIHXpFaqDiXPm6d20h5c3XHHmGl3kr1J7uyIgSSw5N9GVNk9Cl8kwQw7ht0/Iu
2CyoWAPLshEpUG/BpfCdXRZR0dFbAW6eYiWez1XaVlV2nSPR
-----END CERTIFICATE-----