Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
File:                     AS16611.roa (raw, json)
Hash identifier:          KqbTL0TCuvOj/6Z13MwefQbSISq9c267prc6iNaFbJg=
Subject key identifier:   18:8F:5C:83:EF:E1:DD:E5:48:60:1F:48:7E:F0:69:D6:0E:D1:54:E8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2B5EFF0759973EC95EB96737235302F6B869CE91
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa
Signing time:             Sat 05 Jul 2025 01:54:13 +0000
ROA not before:           Sat 05 Jul 2025 01:49:13 +0000
ROA not after:            Sat 04 Jul 2026 01:54:13 +0000
asID:                     16611
IP address blocks:        181.214.182.0/24 maxlen: 24
                          181.214.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:5e:ff:07:59:97:3e:c9:5e:b9:67:37:23:53:02:f6:b8:69:ce:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  5 01:49:13 2025 GMT
            Not After : Jul  4 01:54:13 2026 GMT
        Subject: CN=188F5C83EFE1DDE548601F487EF069D60ED154E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2f:7e:03:61:9a:14:eb:32:b9:b5:79:54:0e:
                    69:78:b5:8a:f8:9f:22:9a:9f:f4:29:c4:59:55:d1:
                    64:2f:2b:a1:9e:e3:5d:80:dc:8f:3c:d0:7d:88:2f:
                    67:9c:2a:95:0b:12:9b:5c:5d:bf:e2:bc:f4:70:39:
                    62:21:68:c4:01:b9:f7:21:d9:f6:8b:d1:b0:f9:80:
                    16:ac:84:64:80:c1:cd:5f:40:6c:97:5e:1d:de:99:
                    30:3d:74:d7:85:83:23:d4:58:8a:cd:13:76:34:e2:
                    5d:18:f9:68:52:a2:1a:4a:1c:24:63:0f:d9:17:fe:
                    ce:11:1a:77:f9:ad:3f:1b:b4:b4:0a:9a:86:1e:95:
                    38:b6:21:90:91:3b:ba:8b:25:71:db:22:b6:af:0b:
                    60:77:bf:a5:8b:0d:bf:be:25:56:f6:0e:3c:2f:5b:
                    e3:15:f8:b7:48:88:c0:0e:d0:2e:2b:a0:71:e3:b9:
                    ab:b0:7a:7b:6b:17:ef:33:6f:7a:bc:b8:27:d1:66:
                    76:96:3d:85:e6:fc:26:0a:f2:cd:6a:ce:ff:e0:42:
                    e7:67:de:50:15:69:a1:5e:68:af:a4:3a:c6:36:7f:
                    47:e0:02:4a:89:4e:f1:bc:ca:24:27:ad:95:b9:78:
                    8f:41:1e:2a:0c:92:1c:5e:3f:48:cc:ca:62:44:74:
                    58:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8F:5C:83:EF:E1:DD:E5:48:60:1F:48:7E:F0:69:D6:0E:D1:54:E8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16611.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24
                  181.214.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:39:e2:67:84:ca:0a:0b:00:9d:ed:7a:e7:6b:02:da:fc:76:
         8e:dc:a6:82:81:0b:a1:3e:36:de:24:23:77:89:3a:d1:5d:22:
         40:18:09:c4:d8:c6:15:ec:da:82:67:ba:bc:e9:9e:8a:47:ee:
         d8:51:33:09:0b:68:d5:bf:8d:43:3a:53:b1:b5:15:88:4d:90:
         b5:e3:93:1d:32:56:e4:97:39:6d:0f:fb:46:7f:b7:db:fc:4b:
         dc:13:44:35:48:25:99:7f:30:f7:34:9d:e8:2a:55:53:5d:bc:
         45:e2:11:58:bb:77:fb:29:18:5c:70:e0:bb:16:29:fd:8c:71:
         87:da:dc:b8:9d:8d:f2:60:80:74:d7:d0:d6:95:e0:6e:e1:c6:
         bf:d6:4e:3f:52:9b:eb:97:ed:0b:46:2c:2c:a4:d4:1f:9c:17:
         f3:ea:af:1c:bc:93:74:c8:3b:ab:af:92:91:36:04:2c:fd:c2:
         31:54:e5:10:f3:0e:95:fa:86:f0:5e:2b:25:49:e7:7a:78:09:
         bd:ca:e6:66:d1:0c:00:8e:e9:9b:0d:31:1a:cd:e6:da:8e:10:
         79:4b:20:f8:f0:91:75:84:1f:fd:38:7e:20:60:f0:ee:b3:92:
         00:10:18:66:55:1f:c9:93:09:46:3c:c4:57:89:5e:35:64:e6:
         4a:6b:e5:9b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUK17/B1mXPsleuWc3I1MC9rhpzpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDUwMTQ5MTNaFw0yNjA3MDQwMTU0MTNaMDMxMTAvBgNV
BAMTKDE4OEY1QzgzRUZFMURERTU0ODYwMUY0ODdFRjA2OUQ2MEVEMTU0RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+L34DYZoU6zK5tXlUDml4tYr4
nyKan/QpxFlV0WQvK6Ge412A3I880H2IL2ecKpULEptcXb/ivPRwOWIhaMQBufch
2faL0bD5gBashGSAwc1fQGyXXh3emTA9dNeFgyPUWIrNE3Y04l0Y+WhSohpKHCRj
D9kX/s4RGnf5rT8btLQKmoYelTi2IZCRO7qLJXHbIravC2B3v6WLDb++JVb2Djwv
W+MV+LdIiMAO0C4roHHjuauwentrF+8zb3q8uCfRZnaWPYXm/CYK8s1qzv/gQudn
3lAVaaFeaK+kOsY2f0fgAkqJTvG8yiQnrZW5eI9BHioMkhxeP0jMymJEdFi5AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUGI9cg+/h3eVIYB9IfvBp1g7RVOgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY2MTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11rYD
BAC11twwDQYJKoZIhvcNAQELBQADggEBAFw54meEygoLAJ3teudrAtr8do7cpoKB
C6E+Nt4kI3eJOtFdIkAYCcTYxhXs2oJnurzpnopH7thRMwkLaNW/jUM6U7G1FYhN
kLXjkx0yVuSXOW0P+0Z/t9v8S9wTRDVIJZl/MPc0negqVVNdvEXiEVi7d/spGFxw
4LsWKf2McYfa3LidjfJggHTX0NaV4G7hxr/WTj9Sm+uX7QtGLCyk1B+cF/Pqrxy8
k3TIO6uvkpE2BCz9wjFU5RDzDpX6hvBeKyVJ53p4Cb3K5mbRDACO6ZsNMRrN5tqO
EHlLIPjwkXWEH/04fiBg8O6zkgAQGGZVH8mTCUY8xFeJXjVk5kpr5Zs=
-----END CERTIFICATE-----