Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199865.roa
File:                     AS199865.roa (raw, json)
Hash identifier:          1hinVyumSkLGMD0j06jM9j/crbEEhwXqNMCoElNtjhY=
Subject key identifier:   A0:2A:33:B2:0C:76:AA:CE:01:A8:ED:E0:C8:9C:CC:AA:3C:21:59:EA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2A789CC87082097D83EB10B465030BA91BF22248
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199865.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     199865
IP address blocks:        179.61.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:78:9c:c8:70:82:09:7d:83:eb:10:b4:65:03:0b:a9:1b:f2:22:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=A02A33B20C76AACE01A8EDE0C89CCCAA3C2159EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:00:0d:db:e3:58:7b:6d:0b:4b:57:9a:88:c9:
                    63:6a:13:69:f2:18:f0:f2:2a:22:cb:34:c7:c8:94:
                    f0:2e:3a:69:82:41:bf:55:a9:e0:63:c5:a0:3b:4f:
                    f6:59:48:32:8f:de:62:3f:6a:e3:6f:e9:81:09:3c:
                    bf:45:63:31:94:de:5e:bf:e1:33:b8:f7:51:c3:04:
                    b6:63:93:5d:bf:eb:bb:dd:dd:36:be:fd:bf:49:cc:
                    6c:33:be:24:3c:0b:fe:3a:2d:8b:c0:4d:82:09:d3:
                    f9:26:e2:0c:94:d7:9e:5e:fa:0d:7f:ba:09:a4:6c:
                    6d:88:a0:af:e2:b3:52:48:72:af:0b:36:fd:9a:b0:
                    4a:37:77:32:31:2e:d1:03:96:ba:a2:d1:23:d8:1d:
                    11:4b:8c:da:93:0c:4c:dd:bf:bb:98:19:95:e0:a9:
                    d8:8b:81:a8:cd:31:ee:a6:30:1b:b9:3d:7c:83:8e:
                    c5:62:4e:29:f1:7f:67:81:1d:11:5c:38:48:79:21:
                    24:b7:be:92:b4:33:45:79:1f:50:e1:ec:02:ee:24:
                    c9:85:7a:9a:f5:91:32:54:a4:92:94:57:45:6d:68:
                    be:b3:8a:08:e4:ae:b7:ff:fe:70:a4:21:a6:16:99:
                    e2:be:dc:d5:94:b9:3a:0c:0a:21:70:42:38:e1:2d:
                    af:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:2A:33:B2:0C:76:AA:CE:01:A8:ED:E0:C8:9C:CC:AA:3C:21:59:EA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199865.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:3f:66:f8:3b:4f:37:9e:6e:61:60:3b:bd:ac:d6:47:6e:9b:
         cd:61:ec:63:d7:b3:cf:95:13:f6:53:c7:58:51:26:66:72:df:
         9e:89:ca:2a:50:34:c0:95:1b:c5:5f:61:65:4f:c1:23:1c:4b:
         ee:ab:3f:91:ff:bd:37:6a:d3:aa:ad:dd:7f:9d:dd:e7:3b:9f:
         c9:00:4e:db:3c:41:60:dd:aa:05:51:d0:be:9f:6a:96:ea:94:
         23:db:ac:b3:00:e9:1a:d1:f8:44:02:70:9c:ea:cc:f6:be:41:
         2c:a6:76:96:bc:fa:d2:93:8f:fe:42:07:de:c4:e8:a7:90:e0:
         7d:2c:df:73:c0:72:51:2d:eb:0c:11:d9:5c:4c:c3:80:f0:64:
         54:1e:6c:32:8d:f3:6b:25:82:64:bc:78:db:2a:00:97:60:88:
         86:d6:7c:8b:15:d1:9a:d8:67:11:db:14:13:e2:08:03:fc:74:
         20:50:ca:62:da:66:d8:5c:02:a4:77:80:c1:3d:77:b1:f0:98:
         29:19:35:50:76:b4:05:1f:b3:09:91:a3:2b:71:53:95:bd:62:
         2c:d8:d7:d5:01:20:af:9d:a7:f1:fa:30:eb:1c:d5:95:6c:92:
         ce:0d:99:71:d5:73:cb:8e:07:d3:87:d9:ec:f8:2b:29:95:40:
         a7:94:ac:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKnicyHCCCX2D6xC0ZQMLqRvyIkgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKEEwMkEzM0IyMEM3NkFBQ0UwMUE4RURFMEM4OUNDQ0FBM0MyMTU5RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKAA3b41h7bQtLV5qIyWNqE2ny
GPDyKiLLNMfIlPAuOmmCQb9VqeBjxaA7T/ZZSDKP3mI/auNv6YEJPL9FYzGU3l6/
4TO491HDBLZjk12/67vd3Ta+/b9JzGwzviQ8C/46LYvATYIJ0/km4gyU155e+g1/
ugmkbG2IoK/is1JIcq8LNv2asEo3dzIxLtEDlrqi0SPYHRFLjNqTDEzdv7uYGZXg
qdiLgajNMe6mMBu5PXyDjsViTinxf2eBHRFcOEh5ISS3vpK0M0V5H1Dh7ALuJMmF
epr1kTJUpJKUV0VtaL6zigjkrrf//nCkIaYWmeK+3NWUuToMCiFwQjjhLa8pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoCozsgx2qs4BqO3gyJzMqjwhWeowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5ODY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz21
MA0GCSqGSIb3DQEBCwUAA4IBAQCxP2b4O083nm5hYDu9rNZHbpvNYexj17PPlRP2
U8dYUSZmct+eicoqUDTAlRvFX2FlT8EjHEvuqz+R/703atOqrd1/nd3nO5/JAE7b
PEFg3aoFUdC+n2qW6pQj26yzAOka0fhEAnCc6sz2vkEspnaWvPrSk4/+QgfexOin
kOB9LN9zwHJRLesMEdlcTMOA8GRUHmwyjfNrJYJkvHjbKgCXYIiG1nyLFdGa2GcR
2xQT4ggD/HQgUMpi2mbYXAKkd4DBPXex8JgpGTVQdrQFH7MJkaMrcVOVvWIs2NfV
ASCvnafx+jDrHNWVbJLODZlx1XPLjgfTh9ns+CsplUCnlKyw
-----END CERTIFICATE-----