Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
File:                     AS202662.roa (raw, json)
Hash identifier:          i2LiY54iU5dbE6WpUoMOAKrFLN+9spaB+q9wRRHuKls=
Subject key identifier:   39:05:BC:B6:EF:36:C7:72:34:12:54:7E:F9:75:A8:25:35:FF:D6:19
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1C155233BADDA27A37F83F82E1B9A1E1E6C7E2B5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa
Signing time:             Mon 05 Aug 2024 05:05:33 +0000
ROA not before:           Mon 05 Aug 2024 05:00:33 +0000
ROA not after:            Mon 04 Aug 2025 05:05:33 +0000
asID:                     202662
IP address blocks:        191.96.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:15:52:33:ba:dd:a2:7a:37:f8:3f:82:e1:b9:a1:e1:e6:c7:e2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  5 05:00:33 2024 GMT
            Not After : Aug  4 05:05:33 2025 GMT
        Subject: CN=3905BCB6EF36C7723412547EF975A82535FFD619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:17:e6:50:f3:35:1d:66:41:6d:b0:de:8b:db:
                    ae:63:ef:9f:76:94:fb:30:09:05:64:48:ee:52:f4:
                    0f:f8:93:b9:02:09:0b:18:60:d4:8c:40:ec:24:b1:
                    64:15:43:f4:4d:98:9f:3a:30:62:be:ee:a4:c8:d8:
                    86:db:86:0e:74:3c:88:43:1b:74:42:42:58:c8:2e:
                    33:9e:1b:f4:37:ba:6d:77:bf:aa:09:54:3d:05:20:
                    8b:32:29:3b:a8:7e:ec:8c:46:87:4d:87:56:72:c2:
                    1d:44:74:88:f7:15:14:88:ff:96:f6:72:70:4f:2f:
                    35:26:fb:58:13:8c:f2:01:0c:cf:91:1d:b0:b0:19:
                    c1:3a:1d:ef:2a:f9:6a:a9:a5:87:e6:c3:34:c4:da:
                    89:aa:84:2e:db:ba:51:52:58:20:d2:8f:5d:72:d2:
                    56:d0:a5:9d:9a:1b:ac:7d:0a:a7:72:d7:53:a3:c2:
                    6d:1e:a0:f9:c6:16:6c:c2:d7:10:0a:d8:27:a2:e1:
                    ae:cd:62:16:94:ad:34:68:21:7a:ba:7b:86:6c:2e:
                    02:a2:cd:bc:6d:a6:31:31:f0:8b:c5:5c:d2:fb:29:
                    5e:5e:b5:db:a8:cd:18:59:b2:b5:cf:bb:09:88:8d:
                    9d:1e:4c:35:8d:0c:34:96:74:e5:8f:55:28:9f:25:
                    9f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:05:BC:B6:EF:36:C7:72:34:12:54:7E:F9:75:A8:25:35:FF:D6:19
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202662.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:61:de:85:d0:97:86:32:42:4b:fe:37:bb:8c:ff:ed:b4:fb:
         62:2f:ad:43:aa:23:f2:aa:af:1a:4e:26:d1:6a:bb:8e:42:fb:
         37:62:6c:39:75:47:85:7a:6d:ab:8d:4f:e3:c9:14:a7:5f:0b:
         74:6e:74:76:54:7c:7e:7b:c3:c2:8e:a9:26:e8:a9:1a:a1:63:
         8c:3e:97:8f:77:dd:83:b9:e8:d1:aa:0a:6b:0e:48:56:a4:50:
         c5:d3:f3:c2:ec:09:8b:23:d5:9b:4b:fb:c8:dc:1c:cb:07:dc:
         be:eb:13:c7:f8:f7:5b:2e:a5:27:9f:de:8c:22:5e:0e:af:f4:
         b4:05:09:1a:68:2d:79:a0:6b:8d:fb:03:d4:62:e5:e1:fe:8a:
         e9:6a:55:ca:60:db:fb:38:9e:3a:62:eb:d2:b9:85:7c:b8:59:
         1e:71:df:33:f0:b7:bd:4c:e8:90:11:b4:c9:c3:94:20:1e:e2:
         00:df:72:d9:82:a5:7b:4e:9b:8a:50:2f:92:9c:a8:cd:9a:e2:
         eb:2c:3c:e4:03:ba:bd:1a:72:2b:7c:1c:2f:06:be:b2:fa:fb:
         77:9d:05:e7:79:45:43:0a:d5:65:d7:81:ad:9f:22:2a:21:fc:
         35:a3:6b:44:2c:48:43:13:3e:e7:7d:21:4d:11:5d:6c:16:86:
         6f:6e:03:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHBVSM7rdono3+D+C4bmh4ebH4rUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MDUwNTAwMzNaFw0yNTA4MDQwNTA1MzNaMDMxMTAvBgNV
BAMTKDM5MDVCQ0I2RUYzNkM3NzIzNDEyNTQ3RUY5NzVBODI1MzVGRkQ2MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeF+ZQ8zUdZkFtsN6L265j7592
lPswCQVkSO5S9A/4k7kCCQsYYNSMQOwksWQVQ/RNmJ86MGK+7qTI2Ibbhg50PIhD
G3RCQljILjOeG/Q3um13v6oJVD0FIIsyKTuofuyMRodNh1Zywh1EdIj3FRSI/5b2
cnBPLzUm+1gTjPIBDM+RHbCwGcE6He8q+WqppYfmwzTE2omqhC7bulFSWCDSj11y
0lbQpZ2aG6x9Cqdy11Ojwm0eoPnGFmzC1xAK2Cei4a7NYhaUrTRoIXq6e4ZsLgKi
zbxtpjEx8IvFXNL7KV5etduozRhZsrXPuwmIjZ0eTDWNDDSWdOWPVSifJZ8NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOQW8tu82x3I0ElR++XWoJTX/1hkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Dw
MA0GCSqGSIb3DQEBCwUAA4IBAQAKYd6F0JeGMkJL/je7jP/ttPtiL61DqiPyqq8a
TibRaruOQvs3Ymw5dUeFem2rjU/jyRSnXwt0bnR2VHx+e8PCjqkm6KkaoWOMPpeP
d92DuejRqgprDkhWpFDF0/PC7AmLI9WbS/vI3BzLB9y+6xPH+PdbLqUnn96MIl4O
r/S0BQkaaC15oGuN+wPUYuXh/orpalXKYNv7OJ46YuvSuYV8uFkecd8z8Le9TOiQ
EbTJw5QgHuIA33LZgqV7TpuKUC+SnKjNmuLrLDzkA7q9GnIrfBwvBr6y+vt3nQXn
eUVDCtVl14GtnyIqIfw1o2tELEhDEz7nfSFNEV1sFoZvbgN1
-----END CERTIFICATE-----