Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
File:                     AS16611.roa (raw, json)
Hash identifier:          567QrJMz+Sl6TJOHDnOujXN2QKP+3pcPB89QXm5PA3U=
Subject key identifier:   F9:7D:FF:AA:54:5C:6A:35:AA:A7:4D:D7:0C:82:8D:02:0C:25:A4:2E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69EFD98A36225549736FE49F79768785EFA5F0A2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
Signing time:             Sat 03 Aug 2024 01:53:17 +0000
ROA not before:           Sat 03 Aug 2024 01:48:17 +0000
ROA not after:            Sat 02 Aug 2025 01:53:17 +0000
asID:                     16611
IP address blocks:        181.214.182.0/24 maxlen: 24
                          181.214.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ef:d9:8a:36:22:55:49:73:6f:e4:9f:79:76:87:85:ef:a5:f0:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  3 01:48:17 2024 GMT
            Not After : Aug  2 01:53:17 2025 GMT
        Subject: CN=F97DFFAA545C6A35AAA74DD70C828D020C25A42E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:23:27:ef:7f:96:c8:a8:55:59:ac:db:41:05:
                    fa:6c:bc:00:77:a5:07:83:e9:34:88:5e:a4:f8:a2:
                    a0:d0:27:71:67:2b:0e:94:13:64:c9:f9:19:22:3d:
                    9d:fc:2d:26:dc:0f:00:53:5e:94:7f:b4:ca:8d:0c:
                    aa:87:c6:29:52:2c:f2:8f:0c:17:17:4d:aa:5d:8b:
                    14:a9:b4:3b:59:10:96:1d:7f:2f:84:06:f1:ba:35:
                    bd:63:13:36:cd:68:94:fe:98:00:fb:52:75:3e:6d:
                    72:a3:d0:a2:ea:5c:fd:fc:7c:e4:a2:ee:cd:c6:66:
                    9a:c6:1d:ca:40:db:1f:5c:05:89:34:1a:00:dd:f1:
                    48:ed:83:66:ed:c7:2f:40:95:84:33:93:86:29:4b:
                    67:9d:e0:b1:4b:d6:79:9a:cf:f6:7d:90:c6:74:11:
                    da:50:aa:ab:73:d5:e8:19:58:c1:d5:e5:12:f0:0d:
                    bd:75:fb:03:13:34:41:0e:1b:70:31:59:b7:47:59:
                    7a:6c:01:72:c9:21:16:49:bd:eb:d2:93:50:b3:e4:
                    93:74:46:d7:3f:9f:1b:a5:47:52:b4:b3:ce:03:41:
                    08:c2:86:7a:f6:d9:2a:3c:f1:c5:83:df:87:7f:5a:
                    0b:57:40:9c:bd:8c:5e:e8:9c:ec:f8:c3:30:e6:99:
                    de:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:7D:FF:AA:54:5C:6A:35:AA:A7:4D:D7:0C:82:8D:02:0C:25:A4:2E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24
                  181.214.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:32:3f:9b:2f:af:63:d0:6d:72:2e:94:29:30:03:3b:e4:f1:
         a0:07:a9:93:ba:f7:40:31:a9:0d:c5:87:e0:a1:95:fe:93:e2:
         13:5c:ae:9b:a3:02:43:5e:87:b5:67:00:7a:5e:54:9f:b2:d7:
         ea:b2:96:f8:a3:70:16:34:a6:0e:c9:db:5f:61:6d:81:13:30:
         b7:93:ce:d7:2b:2f:0d:a8:f5:b6:8b:0d:65:73:60:48:2f:94:
         09:49:86:cb:6d:ba:80:5d:9f:b3:b0:bf:76:fd:c4:43:5d:e0:
         8b:c9:64:40:3f:e7:4c:82:25:f7:48:7e:a4:bc:4b:85:85:8e:
         45:4b:8a:4b:b8:f2:35:25:08:e4:c2:fd:12:52:20:0c:75:c3:
         cd:16:cf:7a:63:95:79:bc:ab:4f:0e:c1:cd:8b:89:8c:79:dd:
         d7:1d:0a:41:cc:f4:f1:ad:29:0c:27:5a:a5:75:a5:ab:e1:20:
         d4:8c:8a:d8:50:23:2d:22:48:a8:7b:5a:cc:ec:50:78:9a:da:
         fe:38:78:7b:cd:d3:47:3d:3b:70:f4:e9:09:1b:55:99:60:d7:
         1d:fb:98:51:a6:20:cb:b4:08:6d:44:fe:83:dc:a6:33:66:71:
         c4:8c:f0:16:5c:c7:39:23:a4:c0:ae:e0:cb:40:e9:f4:0a:48:
         c0:ee:4d:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUae/ZijYiVUlzb+SfeXaHhe+l8KIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDMwMTQ4MTdaFw0yNTA4MDIwMTUzMTdaMDMxMTAvBgNV
BAMTKEY5N0RGRkFBNTQ1QzZBMzVBQUE3NERENzBDODI4RDAyMEMyNUE0MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcIyfvf5bIqFVZrNtBBfpsvAB3
pQeD6TSIXqT4oqDQJ3FnKw6UE2TJ+RkiPZ38LSbcDwBTXpR/tMqNDKqHxilSLPKP
DBcXTapdixSptDtZEJYdfy+EBvG6Nb1jEzbNaJT+mAD7UnU+bXKj0KLqXP38fOSi
7s3GZprGHcpA2x9cBYk0GgDd8Ujtg2btxy9AlYQzk4YpS2ed4LFL1nmaz/Z9kMZ0
EdpQqqtz1egZWMHV5RLwDb11+wMTNEEOG3AxWbdHWXpsAXLJIRZJvevSk1Cz5JN0
Rtc/nxulR1K0s84DQQjChnr22So88cWD34d/WgtXQJy9jF7onOz4wzDmmd4VAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU+X3/qlRcajWqp03XDIKNAgwlpC4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY2MTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11rYD
BAC11twwDQYJKoZIhvcNAQELBQADggEBAHIyP5svr2PQbXIulCkwAzvk8aAHqZO6
90AxqQ3Fh+Chlf6T4hNcrpujAkNeh7VnAHpeVJ+y1+qylvijcBY0pg7J219hbYET
MLeTztcrLw2o9baLDWVzYEgvlAlJhsttuoBdn7Owv3b9xENd4IvJZEA/50yCJfdI
fqS8S4WFjkVLiku48jUlCOTC/RJSIAx1w80Wz3pjlXm8q08Owc2LiYx53dcdCkHM
9PGtKQwnWqV1pavhINSMithQIy0iSKh7WszsUHia2v44eHvN00c9O3D06QkbVZlg
1x37mFGmIMu0CG1E/oPcpjNmccSM8BZcxzkjpMCu4MtA6fQKSMDuTd4=
-----END CERTIFICATE-----