Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa
File:                     AS214132.roa (raw, json)
Hash identifier:          ESBW8MzWnavpAU5OGpKGpZRcVrDuGQN0sC3Ee05+Sbg=
Subject key identifier:   8E:3B:AB:49:D2:09:49:00:D4:CF:19:F1:E8:E0:71:6C:63:97:06:E4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1329FC369727452E0127104C0A37D237729D0409
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa
Signing time:             Thu 03 Oct 2024 16:52:59 +0000
ROA not before:           Thu 03 Oct 2024 16:47:59 +0000
ROA not after:            Thu 02 Oct 2025 16:52:59 +0000
asID:                     214132
IP address blocks:        185.170.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:29:fc:36:97:27:45:2e:01:27:10:4c:0a:37:d2:37:72:9d:04:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  3 16:47:59 2024 GMT
            Not After : Oct  2 16:52:59 2025 GMT
        Subject: CN=8E3BAB49D2094900D4CF19F1E8E0716C639706E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:bf:4f:a9:43:fc:ac:0d:66:37:87:1b:83:12:
                    26:56:f1:3b:4e:7d:b0:0d:33:cd:94:45:1b:1f:f7:
                    28:da:d3:e0:f9:20:3b:cf:06:60:47:51:67:76:e6:
                    b2:59:36:ae:4e:db:29:be:54:89:cb:9f:03:30:85:
                    16:cb:3e:54:94:10:a1:d9:9e:69:94:85:40:b3:6c:
                    8e:a6:3b:dd:02:56:6b:87:45:54:3b:7f:4c:6e:7a:
                    be:06:7f:d9:0e:fa:36:cf:68:e4:28:17:95:07:11:
                    ca:d3:d7:3b:dd:4f:c0:45:8d:97:79:80:f4:d4:a9:
                    d0:4f:cd:64:03:15:24:65:0c:73:0d:17:10:0a:34:
                    d6:aa:3b:76:31:a6:84:b5:10:ed:52:7c:6a:12:5e:
                    5e:d4:c2:29:04:69:73:b3:02:a1:f9:a2:6b:f2:e2:
                    9e:5b:9c:70:85:56:ec:3d:74:10:07:26:44:5a:17:
                    8a:55:0b:30:fa:a6:70:80:d9:29:c9:14:18:36:32:
                    01:3c:88:fc:6d:27:e4:8d:c7:44:0b:df:95:62:2a:
                    56:50:c2:db:7c:f3:f9:6f:c2:61:7d:61:64:84:81:
                    7f:df:ae:97:07:3d:2e:a0:ea:ce:b4:0a:8b:2a:3e:
                    0d:da:b4:83:7e:60:37:24:cf:9c:13:d1:91:96:74:
                    dd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:3B:AB:49:D2:09:49:00:D4:CF:19:F1:E8:E0:71:6C:63:97:06:E4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ba:15:33:0c:3a:5e:fd:45:43:b5:82:63:1d:5c:da:92:3b:
         00:a4:e8:2d:f0:ae:83:e7:d6:6c:7f:5f:56:98:c2:d3:66:05:
         0c:e1:76:de:65:98:18:61:f5:8d:19:26:82:04:9e:a0:a2:cd:
         32:43:1e:b6:bb:cb:8e:62:74:0e:fd:4c:a6:71:33:a0:88:6a:
         fd:62:47:44:2d:a2:20:a8:08:8f:c7:64:da:2f:e4:25:c7:29:
         19:98:24:53:4f:88:60:af:26:e6:e4:e1:9e:06:46:da:2b:f4:
         31:51:d1:12:52:19:58:31:7a:b9:7a:16:16:06:91:6c:4f:a9:
         2e:06:c0:cc:84:eb:6c:7f:5a:11:d0:de:29:f2:26:10:29:98:
         01:9a:e2:5b:cb:b1:4e:41:42:92:ec:5c:1b:75:c6:1b:bb:0f:
         cb:9e:16:60:ce:92:1e:46:1a:24:a5:85:a0:c9:51:42:c8:8f:
         02:60:85:d3:c1:a1:37:34:88:29:13:c0:fa:cd:1e:41:1c:3f:
         86:c2:96:4a:5e:43:e0:b3:ad:67:24:00:5f:49:74:5a:b2:a0:
         84:f1:93:0d:ad:e1:66:ee:61:12:d1:04:f1:42:57:c7:e9:af:
         48:53:57:61:69:bf:97:7e:d8:8a:53:5d:a1:fa:97:15:77:72:
         c4:61:d3:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEyn8NpcnRS4BJxBMCjfSN3KdBAkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDMxNjQ3NTlaFw0yNTEwMDIxNjUyNTlaMDMxMTAvBgNV
BAMTKDhFM0JBQjQ5RDIwOTQ5MDBENENGMTlGMUU4RTA3MTZDNjM5NzA2RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpv0+pQ/ysDWY3hxuDEiZW8TtO
fbANM82URRsf9yja0+D5IDvPBmBHUWd25rJZNq5O2ym+VInLnwMwhRbLPlSUEKHZ
nmmUhUCzbI6mO90CVmuHRVQ7f0xuer4Gf9kO+jbPaOQoF5UHEcrT1zvdT8BFjZd5
gPTUqdBPzWQDFSRlDHMNFxAKNNaqO3YxpoS1EO1SfGoSXl7UwikEaXOzAqH5omvy
4p5bnHCFVuw9dBAHJkRaF4pVCzD6pnCA2SnJFBg2MgE8iPxtJ+SNx0QL35ViKlZQ
wtt88/lvwmF9YWSEgX/frpcHPS6g6s60CosqPg3atIN+YDckz5wT0ZGWdN3fAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjjurSdIJSQDUzxnx6OBxbGOXBuQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuao7
MA0GCSqGSIb3DQEBCwUAA4IBAQBIuhUzDDpe/UVDtYJjHVzakjsApOgt8K6D59Zs
f19WmMLTZgUM4XbeZZgYYfWNGSaCBJ6gos0yQx62u8uOYnQO/UymcTOgiGr9YkdE
LaIgqAiPx2TaL+QlxykZmCRTT4hgrybm5OGeBkbaK/QxUdESUhlYMXq5ehYWBpFs
T6kuBsDMhOtsf1oR0N4p8iYQKZgBmuJby7FOQUKS7FwbdcYbuw/LnhZgzpIeRhok
pYWgyVFCyI8CYIXTwaE3NIgpE8D6zR5BHD+GwpZKXkPgs61nJABfSXRasqCE8ZMN
reFm7mES0QTxQlfH6a9IU1dhab+XftiKU12h+pcVd3LEYdMK
-----END CERTIFICATE-----