Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
File:                     AS199218.roa (raw, json)
Hash identifier:          CQrnjLy8zWscQxeq3nepLt3hJ02rRZDRrXs2EqlwWYA=
Subject key identifier:   17:98:82:A1:03:DE:64:DD:61:0B:9A:06:9F:96:F1:AC:06:D5:62:40
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5E7C2F0BBBBDF700C5B75EAA8A7252A03DC621C4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
Signing time:             Fri 07 Jun 2024 11:05:43 +0000
ROA not before:           Fri 07 Jun 2024 11:00:43 +0000
ROA not after:            Fri 06 Jun 2025 11:05:43 +0000
asID:                     199218
IP address blocks:        181.214.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:7c:2f:0b:bb:bd:f7:00:c5:b7:5e:aa:8a:72:52:a0:3d:c6:21:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  7 11:00:43 2024 GMT
            Not After : Jun  6 11:05:43 2025 GMT
        Subject: CN=179882A103DE64DD610B9A069F96F1AC06D56240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b5:eb:ce:de:d7:c5:51:03:10:c9:3e:db:b2:
                    57:fe:ba:56:23:13:71:5d:2a:55:96:f8:92:0a:9e:
                    4e:b3:00:19:42:09:1c:26:6a:f3:7d:2a:a4:ad:e8:
                    87:5f:f0:a3:b2:f1:91:0d:2e:08:9c:46:dc:1e:7c:
                    59:ed:20:ce:e4:cb:38:f6:a0:0d:2f:9e:9a:c1:ff:
                    78:f1:7a:88:56:f7:ce:46:7c:51:4d:b6:3d:dc:22:
                    ea:4b:15:46:f2:70:cf:83:1c:ad:ab:10:7e:7c:ef:
                    8d:91:04:3a:5c:6e:bc:45:27:05:74:ed:64:62:d5:
                    f9:61:88:cd:fe:42:cc:36:64:07:d2:82:63:8f:ff:
                    0f:13:54:5a:17:7c:88:8b:3f:62:3e:ae:f3:fe:d6:
                    24:01:b0:ee:08:07:78:76:a6:c7:5d:73:eb:51:57:
                    83:de:80:87:58:55:a8:38:7e:73:72:c4:fb:78:a6:
                    77:a0:6a:ec:c6:66:10:ca:eb:98:ab:fb:34:74:89:
                    23:bf:57:a0:f9:70:38:c1:9f:77:74:fd:60:37:4d:
                    2c:1b:6b:e8:2d:8f:ca:44:c4:4f:16:7d:0a:44:6d:
                    91:dc:18:98:53:66:1b:87:c1:48:a0:79:89:a7:31:
                    ca:59:e4:ab:78:b7:47:79:05:75:74:2e:e0:89:03:
                    6c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:98:82:A1:03:DE:64:DD:61:0B:9A:06:9F:96:F1:AC:06:D5:62:40
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:26:88:fb:00:98:37:cd:12:13:bc:38:52:c3:1d:80:f5:f0:
         45:87:36:ca:e3:3f:49:f9:56:e4:48:17:1a:64:b1:25:0a:80:
         c3:fd:9a:75:0e:99:49:cf:76:e6:ec:1f:c3:f9:f6:8a:e1:58:
         36:6b:40:84:90:e7:b8:2d:2c:ca:ed:31:33:73:94:43:cd:b7:
         e5:2e:d6:dc:01:09:f4:ec:69:8e:70:fe:13:d6:1c:3d:dd:3a:
         2a:31:35:60:27:14:52:8a:4f:eb:c1:54:d8:fe:5e:37:d1:85:
         fb:04:82:26:97:0d:48:85:7f:99:89:e7:20:03:c0:7a:f7:cd:
         80:69:c6:75:66:5f:5a:b9:cd:67:64:d8:ef:af:7c:5c:57:00:
         f2:ea:7c:fe:03:bc:53:1e:9f:29:f7:c4:a5:4e:12:72:7f:6c:
         66:10:59:a8:3f:48:37:ca:53:7c:04:6c:75:0d:88:68:fb:68:
         07:b2:11:a3:69:65:05:9c:86:bf:19:83:d7:77:97:e4:cd:41:
         9b:dc:2d:cb:89:26:4c:ed:59:f4:29:de:29:d0:ee:d4:af:89:
         fe:6c:0f:80:e6:b9:8e:02:0b:b1:e5:c9:cc:71:20:12:2a:cc:
         0e:00:99:77:6b:ea:66:fe:d6:4a:23:f0:d3:ce:f2:ed:e4:f2:
         b2:37:f9:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXnwvC7u99wDFt16qinJSoD3GIcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MDcxMTAwNDNaFw0yNTA2MDYxMTA1NDNaMDMxMTAvBgNV
BAMTKDE3OTg4MkExMDNERTY0REQ2MTBCOUEwNjlGOTZGMUFDMDZENTYyNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLtevO3tfFUQMQyT7bslf+ulYj
E3FdKlWW+JIKnk6zABlCCRwmavN9KqSt6Idf8KOy8ZENLgicRtwefFntIM7kyzj2
oA0vnprB/3jxeohW985GfFFNtj3cIupLFUbycM+DHK2rEH58742RBDpcbrxFJwV0
7WRi1flhiM3+Qsw2ZAfSgmOP/w8TVFoXfIiLP2I+rvP+1iQBsO4IB3h2psddc+tR
V4PegIdYVag4fnNyxPt4pnegauzGZhDK65ir+zR0iSO/V6D5cDjBn3d0/WA3TSwb
a+gtj8pExE8WfQpEbZHcGJhTZhuHwUigeYmnMcpZ5Kt4t0d5BXV0LuCJA2xJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUF5iCoQPeZN1hC5oGn5bxrAbVYkAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdaD
MA0GCSqGSIb3DQEBCwUAA4IBAQAbJoj7AJg3zRITvDhSwx2A9fBFhzbK4z9J+Vbk
SBcaZLElCoDD/Zp1DplJz3bm7B/D+faK4Vg2a0CEkOe4LSzK7TEzc5RDzbflLtbc
AQn07GmOcP4T1hw93ToqMTVgJxRSik/rwVTY/l430YX7BIImlw1IhX+ZiecgA8B6
982AacZ1Zl9auc1nZNjvr3xcVwDy6nz+A7xTHp8p98SlThJyf2xmEFmoP0g3ylN8
BGx1DYho+2gHshGjaWUFnIa/GYPXd5fkzUGb3C3LiSZM7Vn0Kd4p0O7Ur4n+bA+A
5rmOAgux5cnMcSASKswOAJl3a+pm/tZKI/DTzvLt5PKyN/lo
-----END CERTIFICATE-----