Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201670.roa
File:                     AS201670.roa (raw, json)
Hash identifier:          DC5Yvr+tDN8AEwtlZ/XUlX8WU0CsMBd7qJWM53T26U4=
Subject key identifier:   C4:6C:E7:3C:DE:0F:7E:E9:46:2D:64:E0:17:41:87:08:37:64:C9:5E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       79DAE31F035A7C4DED7D9155772EC81DCB892283
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201670.roa
Signing time:             Thu 23 May 2024 10:05:58 +0000
ROA not before:           Thu 23 May 2024 10:00:58 +0000
ROA not after:            Thu 22 May 2025 10:05:58 +0000
asID:                     201670
IP address blocks:        181.214.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:da:e3:1f:03:5a:7c:4d:ed:7d:91:55:77:2e:c8:1d:cb:89:22:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 23 10:00:58 2024 GMT
            Not After : May 22 10:05:58 2025 GMT
        Subject: CN=C46CE73CDE0F7EE9462D64E0174187083764C95E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5a:8c:61:24:6e:1a:97:ae:53:7a:2f:82:0c:
                    02:e5:7c:51:a7:7b:ef:22:fa:b9:52:8b:cb:43:a3:
                    52:bf:17:66:38:ec:c4:d1:b1:4e:2e:2e:eb:66:a2:
                    dc:5f:6a:6e:c2:2b:5e:d4:a6:03:dd:2d:84:89:06:
                    f0:5f:2e:ea:24:23:15:2f:08:d9:da:41:ea:4b:a2:
                    4c:b1:39:39:93:41:8a:6e:5c:0d:eb:1a:e1:e3:06:
                    bf:67:a3:93:2a:98:2e:00:42:89:3d:49:22:15:31:
                    a6:e7:c7:e6:2a:0a:a8:41:9b:f9:9b:98:8b:6e:05:
                    e8:f3:08:1a:22:6b:52:7b:f1:be:f9:24:0d:09:a8:
                    45:4e:7d:19:ef:12:e0:7f:c3:77:8a:c6:0e:ac:de:
                    2e:6c:7b:0d:35:9a:e3:bc:d7:fa:16:ec:5f:6f:55:
                    85:a7:b2:4e:e1:a0:04:ef:b3:8f:71:4b:e2:7e:4b:
                    8c:31:27:13:91:37:34:2f:88:a8:33:b5:3b:2c:27:
                    c7:2e:cc:3d:49:ef:2f:a9:0b:6d:79:83:59:54:aa:
                    bb:ab:ef:67:65:98:95:62:61:6f:f8:c5:a9:ad:07:
                    4b:bb:c8:63:9f:00:6b:41:92:50:15:b8:81:74:79:
                    34:f0:2c:42:96:c0:e8:44:66:a7:1e:50:f6:29:64:
                    2c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:6C:E7:3C:DE:0F:7E:E9:46:2D:64:E0:17:41:87:08:37:64:C9:5E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201670.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:ac:0a:6c:21:b5:1b:89:47:8a:60:aa:43:72:ab:4c:dd:17:
         89:97:55:7f:9c:5c:9b:91:60:5d:1a:89:a6:40:e7:0c:eb:69:
         41:06:fc:3f:b4:42:0c:53:26:d4:68:84:04:86:37:47:03:92:
         fd:65:24:4e:63:da:91:59:2d:dc:e4:cb:f4:ba:7d:7b:ed:66:
         f4:c3:86:cf:b0:85:70:93:07:56:5b:dc:4a:7f:c5:72:82:c4:
         b5:72:f3:f3:ba:0b:2d:5b:f2:0a:ba:4a:79:c3:7f:e6:0c:7b:
         b5:4d:3f:28:f0:06:7e:ae:7f:f7:d8:a2:44:6e:b9:14:7d:98:
         04:86:60:13:06:bf:ad:48:e4:50:ec:f9:09:06:4c:a5:0a:d7:
         3c:17:c4:16:c4:61:cd:95:4a:5f:b5:a5:80:ac:e8:b9:e4:16:
         0a:ca:7f:51:50:d1:3a:fb:4e:43:d2:b7:77:07:49:a8:81:37:
         5d:52:5d:f1:6e:c0:a5:bb:a4:8e:85:85:cc:2d:f9:27:c6:8f:
         9b:f4:ba:4f:91:20:83:b7:9c:02:4f:87:bb:1a:ea:a4:d2:6b:
         40:df:2b:fa:e8:1d:62:73:03:85:c0:61:37:3a:e8:3f:ab:31:
         16:f8:3d:2b:9d:88:d4:94:06:85:fd:92:6f:17:d4:89:59:0c:
         86:fe:f9:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUedrjHwNafE3tfZFVdy7IHcuJIoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjMxMDAwNThaFw0yNTA1MjIxMDA1NThaMDMxMTAvBgNV
BAMTKEM0NkNFNzNDREUwRjdFRTk0NjJENjRFMDE3NDE4NzA4Mzc2NEM5NUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpWoxhJG4al65Tei+CDALlfFGn
e+8i+rlSi8tDo1K/F2Y47MTRsU4uLutmotxfam7CK17UpgPdLYSJBvBfLuokIxUv
CNnaQepLokyxOTmTQYpuXA3rGuHjBr9no5MqmC4AQok9SSIVMabnx+YqCqhBm/mb
mItuBejzCBoia1J78b75JA0JqEVOfRnvEuB/w3eKxg6s3i5sew01muO81/oW7F9v
VYWnsk7hoATvs49xS+J+S4wxJxORNzQviKgztTssJ8cuzD1J7y+pC215g1lUqrur
72dlmJViYW/4xamtB0u7yGOfAGtBklAVuIF0eTTwLEKWwOhEZqceUPYpZCxxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxGznPN4PfulGLWTgF0GHCDdkyV4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxNjcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdY6
MA0GCSqGSIb3DQEBCwUAA4IBAQCTrApsIbUbiUeKYKpDcqtM3ReJl1V/nFybkWBd
GommQOcM62lBBvw/tEIMUybUaIQEhjdHA5L9ZSROY9qRWS3c5Mv0un177Wb0w4bP
sIVwkwdWW9xKf8VygsS1cvPzugstW/IKukp5w3/mDHu1TT8o8AZ+rn/32KJEbrkU
fZgEhmATBr+tSORQ7PkJBkylCtc8F8QWxGHNlUpftaWArOi55BYKyn9RUNE6+05D
0rd3B0mogTddUl3xbsClu6SOhYXMLfknxo+b9LpPkSCDt5wCT4e7Guqk0mtA3yv6
6B1icwOFwGE3Oug/qzEW+D0rnYjUlAaF/ZJvF9SJWQyG/vlw
-----END CERTIFICATE-----