Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214285.roa
File:                     AS214285.roa (raw, json)
Hash identifier:          IlwItfzBDCCxJaWKOz/3Zl1nqxHazAUPPui1oZvuvtU=
Subject key identifier:   30:C2:5C:F7:2B:27:33:EB:B7:3B:07:2D:FD:71:3C:B7:17:DC:9F:59
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C9D60DD600F5C5AFD20F13542667A29C7D6E2AA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214285.roa
Signing time:             Thu 03 Oct 2024 08:14:52 +0000
ROA not before:           Thu 03 Oct 2024 08:09:52 +0000
ROA not after:            Thu 02 Oct 2025 08:14:52 +0000
asID:                     214285
IP address blocks:        191.101.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:9d:60:dd:60:0f:5c:5a:fd:20:f1:35:42:66:7a:29:c7:d6:e2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct  3 08:09:52 2024 GMT
            Not After : Oct  2 08:14:52 2025 GMT
        Subject: CN=30C25CF72B2733EBB73B072DFD713CB717DC9F59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:67:25:15:93:40:0b:c0:57:06:64:a0:1c:c9:
                    47:43:cb:0f:6a:16:75:40:11:11:24:a4:54:10:dd:
                    78:a4:18:c6:90:78:91:15:f1:6d:4c:cf:ed:06:6f:
                    89:67:7c:a6:1f:08:10:b4:94:5b:db:ca:3a:77:e4:
                    55:c3:c0:19:b3:dc:14:fc:9d:5e:6b:0e:6a:6c:10:
                    fb:a6:71:a4:99:1b:d8:7f:c3:63:c8:ad:68:32:40:
                    78:0b:ea:cf:3b:b5:67:b2:7f:f3:f6:9d:5e:bb:f7:
                    80:1f:07:c9:75:79:58:04:35:2c:42:df:13:68:31:
                    be:f4:df:95:1e:ca:af:5f:9c:27:6f:e4:a5:5c:95:
                    db:b3:f8:19:74:d0:18:9a:49:0d:d1:35:19:5f:93:
                    fc:33:73:82:b8:75:4d:79:3b:d4:1e:a6:dc:5f:4b:
                    2c:ef:b6:21:43:ec:55:f1:a7:c9:e2:61:ba:f9:38:
                    26:78:ec:53:6f:3a:8f:9c:26:27:ea:31:88:fa:bf:
                    32:72:83:f4:b1:1e:29:a1:af:26:ac:ce:b2:2a:43:
                    95:b8:ce:f6:15:14:04:c8:5e:3f:88:db:fd:be:e2:
                    a4:0b:50:14:e1:21:40:94:b1:31:38:a9:6d:df:aa:
                    1a:0f:b3:fe:05:50:e5:3c:80:97:75:3a:79:d8:fe:
                    52:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C2:5C:F7:2B:27:33:EB:B7:3B:07:2D:FD:71:3C:B7:17:DC:9F:59
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214285.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:f8:58:56:c8:01:c4:48:9a:11:2b:c1:f1:2c:ca:b6:cc:32:
         5a:13:2f:b1:b2:8a:89:21:16:56:fa:8f:d3:1a:66:7e:83:2a:
         bf:f7:e9:53:20:28:41:ee:58:b7:3c:eb:0c:80:b8:a9:84:cc:
         75:1b:08:10:15:a3:df:ca:68:04:03:75:fa:c6:63:27:15:b1:
         12:fa:a3:8f:1b:d1:24:77:84:31:94:1d:c2:34:e8:94:6d:63:
         ce:c7:22:5e:65:f7:2f:91:90:87:74:48:52:c3:f7:44:57:04:
         f9:55:0f:d6:59:92:7e:b1:31:2c:20:05:14:53:9d:59:7f:48:
         fc:2f:a3:3b:91:b5:0f:6d:d5:a9:ad:d8:e5:95:09:46:d9:b8:
         df:9d:08:1e:be:4a:5a:ab:15:11:79:cb:72:da:98:96:d4:43:
         4e:0f:13:e1:28:4d:e0:ca:92:86:3f:08:08:5c:a4:b6:ae:28:
         7f:4b:ab:be:aa:20:43:f0:5f:37:55:20:41:de:08:e4:38:f5:
         b9:73:58:81:fc:7e:bd:b7:ac:d2:45:a6:cc:ab:0b:62:fb:5f:
         bc:fd:8b:30:69:09:e5:cd:f6:5b:2b:a8:89:fc:05:fa:79:f6:
         2a:c3:2a:43:bb:a9:71:11:75:b2:f8:d3:37:9c:a4:0e:7c:63:
         ca:2a:77:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbJ1g3WAPXFr9IPE1QmZ6KcfW4qowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMDMwODA5NTJaFw0yNTEwMDIwODE0NTJaMDMxMTAvBgNV
BAMTKDMwQzI1Q0Y3MkIyNzMzRUJCNzNCMDcyREZENzEzQ0I3MTdEQzlGNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZZyUVk0ALwFcGZKAcyUdDyw9q
FnVAEREkpFQQ3XikGMaQeJEV8W1Mz+0Gb4lnfKYfCBC0lFvbyjp35FXDwBmz3BT8
nV5rDmpsEPumcaSZG9h/w2PIrWgyQHgL6s87tWeyf/P2nV6794AfB8l1eVgENSxC
3xNoMb7035Ueyq9fnCdv5KVclduz+Bl00BiaSQ3RNRlfk/wzc4K4dU15O9Qeptxf
SyzvtiFD7FXxp8niYbr5OCZ47FNvOo+cJifqMYj6vzJyg/SxHimhryaszrIqQ5W4
zvYVFATIXj+I2/2+4qQLUBThIUCUsTE4qW3fqhoPs/4FUOU8gJd1OnnY/lLLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMMJc9ysnM+u3Owct/XE8txfcn1kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0Mjg1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2WR
MA0GCSqGSIb3DQEBCwUAA4IBAQCU+FhWyAHESJoRK8HxLMq2zDJaEy+xsoqJIRZW
+o/TGmZ+gyq/9+lTIChB7li3POsMgLiphMx1GwgQFaPfymgEA3X6xmMnFbES+qOP
G9Ekd4QxlB3CNOiUbWPOxyJeZfcvkZCHdEhSw/dEVwT5VQ/WWZJ+sTEsIAUUU51Z
f0j8L6M7kbUPbdWprdjllQlG2bjfnQgevkpaqxURecty2piW1ENODxPhKE3gypKG
PwgIXKS2rih/S6u+qiBD8F83VSBB3gjkOPW5c1iB/H69t6zSRabMqwti+1+8/Ysw
aQnlzfZbK6iJ/AX6efYqwypDu6lxEXWy+NM3nKQOfGPKKncy
-----END CERTIFICATE-----