Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa
File:                     AS199829.roa (raw, json)
Hash identifier:          yCE3RexHX3RBOdwPx437KsFs3aqqKdCUAp83pEaq+lY=
Subject key identifier:   11:4A:22:A1:27:C5:AF:27:A0:9C:C4:A7:18:6A:DC:21:79:91:DC:5E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1E775612458BEBD28D1850ABB0A926B2DA9D92B3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa
Signing time:             Thu 26 Sep 2024 16:22:29 +0000
ROA not before:           Thu 26 Sep 2024 16:17:29 +0000
ROA not after:            Thu 25 Sep 2025 16:22:29 +0000
asID:                     199829
IP address blocks:        181.215.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:77:56:12:45:8b:eb:d2:8d:18:50:ab:b0:a9:26:b2:da:9d:92:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 26 16:17:29 2024 GMT
            Not After : Sep 25 16:22:29 2025 GMT
        Subject: CN=114A22A127C5AF27A09CC4A7186ADC217991DC5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:25:85:b3:5c:46:3c:5a:74:a1:97:84:f1:c4:
                    9d:77:a0:66:54:a7:f0:c6:a1:55:c5:0b:a9:21:66:
                    d2:eb:89:e7:4d:12:ae:05:73:68:1b:28:7a:d2:ff:
                    5b:2c:eb:65:07:3e:39:7c:2b:4f:81:1c:84:35:2f:
                    67:9d:57:13:7d:d4:cb:63:b1:c1:65:14:76:fd:81:
                    a5:56:18:d0:a6:e3:3b:1b:d3:12:1f:11:be:7c:66:
                    3f:48:f5:47:ba:25:ed:7d:52:70:51:d6:2f:65:71:
                    a2:5f:b2:93:a9:c6:61:ba:0f:ee:94:42:1a:17:1b:
                    2e:8a:69:1a:66:68:73:c9:d0:b8:26:5f:15:9d:ff:
                    9b:a6:96:d9:13:bd:2e:44:07:35:b1:16:a0:f0:ae:
                    33:53:67:bb:35:7b:75:27:ea:4b:5e:15:89:34:f0:
                    6b:9d:82:74:7f:83:8a:aa:8d:d7:20:9d:05:4c:d7:
                    19:02:45:78:8f:93:14:e1:19:c1:e8:b9:b5:5e:1f:
                    df:d3:37:95:b5:bd:6e:5d:1b:cb:6f:e0:86:92:ba:
                    61:aa:2c:98:db:ea:3c:e8:b0:33:74:6f:97:94:52:
                    8a:66:f4:c7:30:f8:f5:d9:be:48:3b:de:a6:3b:3b:
                    de:e8:15:fb:c6:0a:18:1b:f9:32:51:1e:7e:84:6f:
                    ea:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:4A:22:A1:27:C5:AF:27:A0:9C:C4:A7:18:6A:DC:21:79:91:DC:5E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:3b:46:4b:ec:e6:f6:6f:59:5b:7e:9c:b0:11:3b:d6:72:c9:
         84:84:87:a4:01:f5:dd:c1:45:68:40:82:49:7a:28:9a:63:83:
         47:82:d0:72:ab:e7:86:62:21:4f:80:4b:fc:ac:a2:6c:d4:d4:
         16:9d:45:b0:a5:2c:1e:2e:87:91:01:17:f8:98:53:29:70:96:
         fd:06:c8:e3:32:88:39:bc:70:e8:f3:92:f9:ae:ad:6a:c6:5c:
         eb:84:a8:9d:f8:62:6c:bf:b5:31:08:a2:fd:1e:e4:de:8f:e0:
         d5:b6:8d:fd:dd:2f:4b:f2:3c:1b:24:4a:23:3c:3c:4c:df:11:
         35:03:d0:2f:81:68:c3:aa:18:fb:67:3d:ce:b4:0d:66:55:00:
         ff:91:90:0c:a3:9b:2d:2d:52:7c:63:b0:01:2c:3e:65:5e:c8:
         65:d7:07:95:a5:b7:15:8e:b6:28:fa:2c:9c:1c:66:11:9a:1f:
         68:5f:0e:47:c6:82:d4:39:cc:15:ce:9f:2a:a1:8a:25:f3:76:
         0b:dd:9c:4f:87:4c:02:6d:9a:4c:37:c6:cb:29:19:45:41:ec:
         75:45:d4:05:61:25:6e:fd:fd:b4:4a:31:b4:4f:42:07:1e:cf:
         35:ca:8c:ae:a7:cd:95:75:52:eb:7a:47:b6:65:e7:99:2b:2a:
         1f:b0:6c:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHndWEkWL69KNGFCrsKkmstqdkrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjYxNjE3MjlaFw0yNTA5MjUxNjIyMjlaMDMxMTAvBgNV
BAMTKDExNEEyMkExMjdDNUFGMjdBMDlDQzRBNzE4NkFEQzIxNzk5MURDNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcJYWzXEY8WnShl4TxxJ13oGZU
p/DGoVXFC6khZtLriedNEq4Fc2gbKHrS/1ss62UHPjl8K0+BHIQ1L2edVxN91Mtj
scFlFHb9gaVWGNCm4zsb0xIfEb58Zj9I9Ue6Je19UnBR1i9lcaJfspOpxmG6D+6U
QhoXGy6KaRpmaHPJ0LgmXxWd/5umltkTvS5EBzWxFqDwrjNTZ7s1e3Un6kteFYk0
8GudgnR/g4qqjdcgnQVM1xkCRXiPkxThGcHoubVeH9/TN5W1vW5dG8tv4IaSumGq
LJjb6jzosDN0b5eUUopm9Mcw+PXZvkg73qY7O97oFfvGChgb+TJRHn6Eb+p7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEUoioSfFryegnMSnGGrcIXmR3F4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5ODI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdct
MA0GCSqGSIb3DQEBCwUAA4IBAQCqO0ZL7Ob2b1lbfpywETvWcsmEhIekAfXdwUVo
QIJJeiiaY4NHgtByq+eGYiFPgEv8rKJs1NQWnUWwpSweLoeRARf4mFMpcJb9Bsjj
Mog5vHDo85L5rq1qxlzrhKid+GJsv7UxCKL9HuTej+DVto393S9L8jwbJEojPDxM
3xE1A9AvgWjDqhj7Zz3OtA1mVQD/kZAMo5stLVJ8Y7ABLD5lXshl1weVpbcVjrYo
+iycHGYRmh9oXw5HxoLUOcwVzp8qoYol83YL3ZxPh0wCbZpMN8bLKRlFQex1RdQF
YSVu/f20SjG0T0IHHs81yoyup82VdVLreke2ZeeZKyofsGwK
-----END CERTIFICATE-----