Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
File:                     AS205733.roa (raw, json)
Hash identifier:          8vS225I+2EqkSbkUZQdckKr0X0wU+0n63Je/3oEpe5k=
Subject key identifier:   D4:62:04:15:C7:DB:E6:AD:07:FA:3A:2C:B6:8B:85:C2:64:2F:E4:39
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       75B210936C8473E713CC157C0AD87C3FC7F4AC2B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
Signing time:             Sat 18 May 2024 23:04:48 +0000
ROA not before:           Sat 18 May 2024 22:59:48 +0000
ROA not after:            Sat 17 May 2025 23:04:48 +0000
asID:                     205733
IP address blocks:        149.62.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:b2:10:93:6c:84:73:e7:13:cc:15:7c:0a:d8:7c:3f:c7:f4:ac:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 18 22:59:48 2024 GMT
            Not After : May 17 23:04:48 2025 GMT
        Subject: CN=D4620415C7DBE6AD07FA3A2CB68B85C2642FE439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:95:28:c9:fb:ce:96:db:51:50:68:81:61:e2:
                    13:c2:ae:08:11:3c:d6:65:4a:b4:d7:ee:e9:a0:9e:
                    63:49:ff:76:5c:02:78:65:ba:b0:01:7f:ae:c1:cc:
                    40:51:72:98:8a:04:99:fe:e6:68:2d:23:7e:78:85:
                    ef:92:12:25:c4:23:10:72:61:50:da:75:fd:69:c0:
                    e7:d1:d2:51:4d:4a:fc:77:0e:e2:63:7a:89:01:14:
                    18:81:a3:f4:a9:5d:6f:1d:80:45:c8:ae:fd:9d:09:
                    04:d5:55:67:20:1a:47:49:45:e7:be:e2:80:37:31:
                    fd:03:68:3d:94:fe:f7:20:5d:a1:9a:da:cf:eb:71:
                    a3:60:88:e2:e5:53:2e:c0:f9:4d:f4:78:c1:27:65:
                    6a:7b:4b:e4:6c:a5:0f:69:e1:21:6d:31:6e:8b:d6:
                    0f:e8:d3:0b:44:e4:89:04:e3:29:15:d0:1f:1e:19:
                    a8:e0:81:49:b9:83:e4:8e:4d:df:2e:ce:f1:6d:7b:
                    e5:54:de:29:b3:10:6a:ff:fa:b5:14:c3:39:e9:95:
                    d0:fe:76:db:d4:59:7c:ac:0c:55:53:0a:f2:9f:f3:
                    a5:87:62:38:3f:23:f7:ee:d6:62:bc:cf:bc:33:11:
                    82:99:3e:d0:b2:c2:4c:0c:26:73:ed:4e:6f:ee:96:
                    c0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:62:04:15:C7:DB:E6:AD:07:FA:3A:2C:B6:8B:85:C2:64:2F:E4:39
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:55:49:bd:aa:fa:ed:38:64:4d:f7:57:aa:27:85:5d:d2:0f:
         8a:f0:b2:7f:c4:09:97:8c:95:e8:fb:9f:b3:1e:75:ff:3a:9b:
         c6:73:87:03:49:ee:e2:36:24:64:ed:13:69:86:79:29:24:d9:
         c2:26:f1:fc:d9:99:70:cc:4e:f9:47:14:56:42:f0:bb:9f:6d:
         5c:75:3e:8e:60:8b:8d:fc:be:fe:ba:4a:30:19:d0:10:ce:2d:
         66:12:df:72:6e:98:b4:2d:d2:57:c2:80:57:5e:92:63:43:1e:
         83:99:ff:f3:1c:cc:f9:46:01:42:be:d4:56:b5:f8:99:ee:26:
         66:2b:d0:19:99:b1:29:6d:49:c9:31:c0:0f:c8:61:dc:e2:29:
         1c:cb:66:1f:c8:1c:71:c6:b8:c1:16:96:23:80:ca:42:29:51:
         ff:07:52:f5:32:83:80:69:07:fb:44:c1:0f:3e:41:ca:8f:f9:
         d1:64:d0:79:21:38:d2:85:cc:76:69:97:b9:23:04:cf:e2:88:
         aa:06:c6:d2:03:dc:27:77:92:7d:66:82:04:ff:90:77:9b:e7:
         17:3a:29:e0:34:cd:bc:7b:fa:99:3c:9a:ff:99:c3:2e:30:3e:
         a2:54:70:fd:d6:0d:7e:b3:01:a1:37:fd:78:ee:5a:08:be:b6:
         56:3e:7a:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdbIQk2yEc+cTzBV8Cth8P8f0rCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MTgyMjU5NDhaFw0yNTA1MTcyMzA0NDhaMDMxMTAvBgNV
BAMTKEQ0NjIwNDE1QzdEQkU2QUQwN0ZBM0EyQ0I2OEI4NUMyNjQyRkU0MzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJlSjJ+86W21FQaIFh4hPCrggR
PNZlSrTX7umgnmNJ/3ZcAnhlurABf67BzEBRcpiKBJn+5mgtI354he+SEiXEIxBy
YVDadf1pwOfR0lFNSvx3DuJjeokBFBiBo/SpXW8dgEXIrv2dCQTVVWcgGkdJRee+
4oA3Mf0DaD2U/vcgXaGa2s/rcaNgiOLlUy7A+U30eMEnZWp7S+RspQ9p4SFtMW6L
1g/o0wtE5IkE4ykV0B8eGajggUm5g+SOTd8uzvFte+VU3imzEGr/+rUUwznpldD+
dtvUWXysDFVTCvKf86WHYjg/I/fu1mK8z7wzEYKZPtCywkwMJnPtTm/ulsDLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1GIEFcfb5q0H+jostouFwmQv5DkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlT4o
MA0GCSqGSIb3DQEBCwUAA4IBAQCzVUm9qvrtOGRN91eqJ4Vd0g+K8LJ/xAmXjJXo
+5+zHnX/OpvGc4cDSe7iNiRk7RNphnkpJNnCJvH82ZlwzE75RxRWQvC7n21cdT6O
YIuN/L7+ukowGdAQzi1mEt9ybpi0LdJXwoBXXpJjQx6Dmf/zHMz5RgFCvtRWtfiZ
7iZmK9AZmbEpbUnJMcAPyGHc4ikcy2YfyBxxxrjBFpYjgMpCKVH/B1L1MoOAaQf7
RMEPPkHKj/nRZNB5ITjShcx2aZe5IwTP4oiqBsbSA9wnd5J9ZoIE/5B3m+cXOing
NM28e/qZPJr/mcMuMD6iVHD91g1+swGhN/147loIvrZWPnqt
-----END CERTIFICATE-----