Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa
File:                     AS202656.roa (raw, json)
Hash identifier:          QrPQFMpcTvmYMkTo3HlT1orbwEy7SQ2OLmmzGUqs1IE=
Subject key identifier:   76:74:6A:D9:79:08:F5:5B:77:0F:C9:4A:5D:B7:E3:52:16:D5:19:DC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       733D0382D4AC83735D9F897D5FE7EA9E90CE468E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa
Signing time:             Mon 18 Nov 2024 06:32:26 +0000
ROA not before:           Mon 18 Nov 2024 06:27:26 +0000
ROA not after:            Mon 17 Nov 2025 06:32:26 +0000
asID:                     202656
IP address blocks:        191.101.87.0/24 maxlen: 24
                          194.110.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:3d:03:82:d4:ac:83:73:5d:9f:89:7d:5f:e7:ea:9e:90:ce:46:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 18 06:27:26 2024 GMT
            Not After : Nov 17 06:32:26 2025 GMT
        Subject: CN=76746AD97908F55B770FC94A5DB7E35216D519DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cb:11:43:95:09:53:d5:61:e5:11:b4:95:89:
                    86:6a:c1:b9:57:5a:2c:0c:a3:26:a5:f6:06:c2:21:
                    f9:28:e0:4b:f2:76:38:f4:17:39:46:88:f2:2f:87:
                    1e:90:f7:5c:43:c3:b3:3a:c9:ce:f4:88:11:16:6c:
                    d8:b1:f4:30:7b:01:4b:d1:40:4f:da:26:04:62:95:
                    aa:bf:27:3a:19:a8:2d:24:52:01:7b:c9:54:e0:1a:
                    7f:58:48:7a:38:24:30:87:e1:66:76:d1:ea:aa:f0:
                    85:56:55:63:da:de:bd:90:44:f3:45:6c:6f:41:c5:
                    21:b2:7e:66:52:4c:d0:9a:22:56:69:3b:bc:28:20:
                    21:36:b8:b5:bf:ee:57:18:46:c0:45:0f:87:a6:8f:
                    eb:87:12:81:2f:43:49:36:a8:25:eb:13:d8:f4:bc:
                    04:ea:ba:b7:1a:98:d3:41:19:10:ef:f4:bf:b6:03:
                    d2:f5:48:4c:0f:c1:80:9a:9e:71:30:1e:da:4a:af:
                    ff:0d:2f:11:5f:ae:e7:11:94:e5:91:07:41:09:5c:
                    1a:d5:e1:d2:de:be:60:fa:3f:83:df:a0:1f:3a:e0:
                    d1:a2:c9:33:1e:48:74:bd:bc:a8:57:5a:ca:d0:cd:
                    00:83:75:89:70:f4:01:3e:a8:51:ae:87:1f:a8:25:
                    ea:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:74:6A:D9:79:08:F5:5B:77:0F:C9:4A:5D:B7:E3:52:16:D5:19:DC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.87.0/24
                  194.110.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:52:b5:0c:4a:d1:b7:8d:d1:78:bd:da:b1:35:b5:f8:d2:b5:
         55:08:1d:fa:7a:ab:7f:cc:bd:69:70:5e:ed:7c:c9:cc:a8:14:
         d1:22:f4:ca:9c:4f:ab:5c:8e:c2:30:26:0e:b9:99:7a:af:e1:
         db:7a:d3:42:79:95:c2:37:4f:f8:5a:b5:c4:8d:fc:f1:7b:fa:
         91:4e:63:d7:c6:45:0c:da:71:f5:ce:4d:f4:70:47:65:d0:c1:
         1b:fe:85:14:87:85:fe:82:98:8c:7c:a9:00:6d:64:c4:8d:c4:
         eb:bb:b3:7c:c4:b0:94:4e:fe:a9:b1:c3:d8:27:b7:76:2c:9a:
         90:68:23:c4:9b:b4:26:3b:9f:c3:38:fd:c9:05:32:d8:52:21:
         3a:b6:cb:35:63:0e:11:dd:29:74:6d:7e:ef:47:e4:dc:ca:5a:
         3d:8d:3e:68:1a:ac:fe:82:61:05:e9:be:79:a4:42:6a:e9:c8:
         35:6e:64:d9:31:cf:2e:4e:32:50:9d:5f:09:8f:1e:b5:7f:84:
         95:d5:d1:43:48:ec:d1:2c:78:2c:43:c7:5e:45:c2:1d:2e:80:
         ed:b5:9e:00:dc:ff:df:13:ac:fd:5f:28:c8:c7:5c:17:02:0b:
         10:82:42:5f:56:3d:99:31:76:2f:e7:62:75:c8:b0:d2:cd:4b:
         ff:01:06:da
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcz0DgtSsg3Ndn4l9X+fqnpDORo4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMTgwNjI3MjZaFw0yNTExMTcwNjMyMjZaMDMxMTAvBgNV
BAMTKDc2NzQ2QUQ5NzkwOEY1NUI3NzBGQzk0QTVEQjdFMzUyMTZENTE5REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIyxFDlQlT1WHlEbSViYZqwblX
WiwMoyal9gbCIfko4Evydjj0FzlGiPIvhx6Q91xDw7M6yc70iBEWbNix9DB7AUvR
QE/aJgRilaq/JzoZqC0kUgF7yVTgGn9YSHo4JDCH4WZ20eqq8IVWVWPa3r2QRPNF
bG9BxSGyfmZSTNCaIlZpO7woICE2uLW/7lcYRsBFD4emj+uHEoEvQ0k2qCXrE9j0
vATqurcamNNBGRDv9L+2A9L1SEwPwYCannEwHtpKr/8NLxFfrucRlOWRB0EJXBrV
4dLevmD6P4PfoB864NGiyTMeSHS9vKhXWsrQzQCDdYlw9AE+qFGuhx+oJeo1AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUdnRq2XkI9Vt3D8lKXbfjUhbVGdwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2VX
AwQAwm4OMA0GCSqGSIb3DQEBCwUAA4IBAQAtUrUMStG3jdF4vdqxNbX40rVVCB36
eqt/zL1pcF7tfMnMqBTRIvTKnE+rXI7CMCYOuZl6r+HbetNCeZXCN0/4WrXEjfzx
e/qRTmPXxkUM2nH1zk30cEdl0MEb/oUUh4X+gpiMfKkAbWTEjcTru7N8xLCUTv6p
scPYJ7d2LJqQaCPEm7QmO5/DOP3JBTLYUiE6tss1Yw4R3Sl0bX7vR+Tcylo9jT5o
Gqz+gmEF6b55pEJq6cg1bmTZMc8uTjJQnV8Jjx61f4SV1dFDSOzRLHgsQ8deRcId
LoDttZ4A3P/fE6z9XyjIx1wXAgsQgkJfVj2ZMXYv52J1yLDSzUv/AQba
-----END CERTIFICATE-----