Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          IWMxWaXdD6IIGCU/lelMk8i+9WllJPL2NibVu2N9EYg=
Subject key identifier:   02:3A:B4:F5:E9:32:54:FC:A2:70:D1:2C:A1:82:73:C8:87:2F:CC:94
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       35D71F39B1F3C8C1FE4DED65174EABFB8F09DB03
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Mon 21 Oct 2024 07:38:14 +0000
ROA not before:           Mon 21 Oct 2024 07:33:14 +0000
ROA not after:            Mon 20 Oct 2025 07:38:14 +0000
asID:                     214025
IP address blocks:        179.61.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:d7:1f:39:b1:f3:c8:c1:fe:4d:ed:65:17:4e:ab:fb:8f:09:db:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 21 07:33:14 2024 GMT
            Not After : Oct 20 07:38:14 2025 GMT
        Subject: CN=023AB4F5E93254FCA270D12CA18273C8872FCC94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:56:03:d1:64:54:a3:f8:cd:ce:7d:9e:3a:b1:
                    2a:56:56:47:67:5c:f3:95:d4:27:14:37:da:dc:e5:
                    bd:e7:a5:00:57:8d:8d:5e:3f:49:60:c4:5a:8e:5d:
                    5d:8d:38:89:4f:de:d4:f1:d8:d2:1a:e1:09:db:f8:
                    21:4f:1c:dd:72:f9:6c:fa:25:22:6b:39:ba:13:5a:
                    ba:fb:ba:6b:dd:2d:33:6b:41:ce:6a:87:43:b6:38:
                    45:62:75:61:ab:73:96:e2:4d:4e:cd:b8:d9:a4:85:
                    fe:db:c5:a2:dd:3f:6e:60:70:bb:ce:f8:c2:df:05:
                    fa:6b:92:2a:8e:76:a7:ff:96:1b:5c:17:af:ab:98:
                    8f:da:12:72:d1:cb:1c:a9:85:a7:2c:81:70:60:71:
                    7a:4a:5d:cd:8c:7f:00:a5:61:c0:30:5f:85:94:d2:
                    48:2d:50:02:3e:7e:62:df:2c:4c:a5:15:48:39:80:
                    84:c6:06:4e:60:8d:28:be:62:01:29:3e:2a:98:00:
                    c6:df:5b:84:b7:ca:1c:9a:b5:2a:1f:8c:b3:60:c6:
                    c4:90:98:31:ef:77:e0:dc:f5:b7:2e:83:20:6d:fc:
                    4d:e2:c3:e2:43:40:1b:47:a4:c6:c1:f0:7b:6f:f4:
                    32:4f:9e:82:70:c8:fe:cb:49:b0:18:c6:b8:0a:0f:
                    f7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3A:B4:F5:E9:32:54:FC:A2:70:D1:2C:A1:82:73:C8:87:2F:CC:94
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ff:09:89:87:5c:87:09:b3:28:40:bb:87:04:10:30:e3:78:
         45:86:e0:23:7d:23:35:f1:2b:ea:71:3a:e1:4d:72:c0:a7:f5:
         2c:65:f5:36:e1:63:ae:cb:0a:10:4e:9c:15:18:f9:2b:73:e3:
         a0:fe:d3:63:72:bb:5f:ea:94:32:74:47:b6:4d:cc:02:c0:6a:
         35:11:6a:e6:9c:25:20:50:3a:82:66:9c:b2:64:93:49:a1:27:
         ea:38:83:7d:16:dd:d0:84:10:4c:25:a3:15:3f:72:37:11:e2:
         2d:c7:0e:b8:e9:b4:2a:98:1f:c0:65:d4:3e:55:a4:19:5b:25:
         41:bd:53:17:92:c2:34:d6:13:c9:5f:98:32:46:ff:68:3e:0b:
         b3:4b:0c:72:67:6b:34:a3:a0:3c:c3:46:1d:53:fc:d1:33:d5:
         cc:48:47:4f:31:03:be:75:d4:e6:d3:26:0b:bc:de:61:bf:2d:
         f0:c4:9f:ee:c5:99:1d:0c:35:3b:db:5b:4d:b9:b2:64:d5:d4:
         fc:3e:dd:de:4c:1a:a1:2d:a1:ca:62:f0:0a:62:7c:2f:29:aa:
         25:08:c9:5b:e0:e3:35:a0:7c:1e:e1:f1:bd:cd:00:49:99:9c:
         f7:b6:ff:36:51:f4:a4:77:62:06:29:15:47:f9:5b:2b:34:6d:
         69:ec:e4:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNdcfObHzyMH+Te1lF06r+48J2wMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMjEwNzMzMTRaFw0yNTEwMjAwNzM4MTRaMDMxMTAvBgNV
BAMTKDAyM0FCNEY1RTkzMjU0RkNBMjcwRDEyQ0ExODI3M0M4ODcyRkNDOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmVgPRZFSj+M3OfZ46sSpWVkdn
XPOV1CcUN9rc5b3npQBXjY1eP0lgxFqOXV2NOIlP3tTx2NIa4Qnb+CFPHN1y+Wz6
JSJrOboTWrr7umvdLTNrQc5qh0O2OEVidWGrc5biTU7NuNmkhf7bxaLdP25gcLvO
+MLfBfprkiqOdqf/lhtcF6+rmI/aEnLRyxyphacsgXBgcXpKXc2MfwClYcAwX4WU
0kgtUAI+fmLfLEylFUg5gITGBk5gjSi+YgEpPiqYAMbfW4S3yhyatSofjLNgxsSQ
mDHvd+Dc9bcugyBt/E3iw+JDQBtHpMbB8Htv9DJPnoJwyP7LSbAYxrgKD/dDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUAjq09ekyVPyicNEsoYJzyIcvzJQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz25
MA0GCSqGSIb3DQEBCwUAA4IBAQBA/wmJh1yHCbMoQLuHBBAw43hFhuAjfSM18Svq
cTrhTXLAp/UsZfU24WOuywoQTpwVGPkrc+Og/tNjcrtf6pQydEe2TcwCwGo1EWrm
nCUgUDqCZpyyZJNJoSfqOIN9Ft3QhBBMJaMVP3I3EeItxw646bQqmB/AZdQ+VaQZ
WyVBvVMXksI01hPJX5gyRv9oPguzSwxyZ2s0o6A8w0YdU/zRM9XMSEdPMQO+ddTm
0yYLvN5hvy3wxJ/uxZkdDDU721tNubJk1dT8Pt3eTBqhLaHKYvAKYnwvKaolCMlb
4OM1oHwe4fG9zQBJmZz3tv82UfSkd2IGKRVH+VsrNG1p7OTa
-----END CERTIFICATE-----