Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214318.roa
File:                     AS214318.roa (raw, json)
Hash identifier:          5cuv6YMxE+4f26imG73h6ZEvPUB7gDiz+IFZ+LiVKgc=
Subject key identifier:   F4:3D:70:48:74:84:DF:42:63:54:DE:50:5A:66:86:96:E8:37:40:A4
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       162DC926FEFE11CB46A9D94DC1CC029A4B66938F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214318.roa
Signing time:             Wed 25 Sep 2024 08:03:11 +0000
ROA not before:           Wed 25 Sep 2024 07:58:11 +0000
ROA not after:            Wed 24 Sep 2025 08:03:11 +0000
asID:                     214318
IP address blocks:        179.61.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2d:c9:26:fe:fe:11:cb:46:a9:d9:4d:c1:cc:02:9a:4b:66:93:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 25 07:58:11 2024 GMT
            Not After : Sep 24 08:03:11 2025 GMT
        Subject: CN=F43D70487484DF426354DE505A668696E83740A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:33:9b:80:d6:6c:1a:eb:ff:b8:3b:6f:7e:
                    3e:b5:54:20:a3:2c:6a:d4:ff:97:e1:9a:01:ff:46:
                    1d:66:9b:26:08:30:7c:dc:12:63:c8:51:91:5f:28:
                    12:7d:4a:6b:d3:31:1f:55:37:96:1f:a7:be:b4:71:
                    1d:7b:24:40:e1:3f:c0:25:16:91:79:84:14:ac:b3:
                    d2:7c:c7:4b:24:2c:34:1c:62:f2:61:12:92:ef:00:
                    14:68:d2:28:d1:a4:c9:ee:a0:22:4e:47:0a:04:2c:
                    52:95:ae:51:a5:ad:a0:c3:93:6d:94:35:56:16:90:
                    c8:b7:c9:3b:4f:7c:96:8b:a7:e5:6a:c7:26:8b:d6:
                    d0:ba:c3:5d:58:bd:1e:3c:20:e1:b7:e3:b7:8e:5d:
                    30:63:47:a1:d4:56:64:61:88:8f:7b:61:60:9a:be:
                    a3:73:44:08:ca:a2:ee:d4:67:5c:39:c1:d4:f2:7a:
                    85:dc:ac:6b:5d:cc:78:72:9a:af:aa:d9:38:98:88:
                    8b:21:3f:14:64:4a:4d:15:92:9c:f8:e7:a0:17:68:
                    b0:55:8b:b3:85:cb:57:02:29:b2:54:c7:2d:4a:c2:
                    3a:d6:77:45:a6:f7:81:6e:bc:62:dd:0e:70:c2:eb:
                    9e:ab:02:8c:e9:31:1c:04:9a:42:78:08:4a:2b:63:
                    5d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:3D:70:48:74:84:DF:42:63:54:DE:50:5A:66:86:96:E8:37:40:A4
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214318.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:67:c7:72:12:dd:35:4e:db:6e:c4:bf:a5:3f:d0:15:ea:dc:
         22:59:32:57:8c:26:12:16:66:dd:bc:da:0a:3b:81:89:d2:3b:
         17:13:cf:d6:b0:b8:ee:fe:44:db:4a:3e:15:8d:43:77:99:5f:
         06:67:88:58:42:1d:8c:92:30:ee:53:bf:2f:da:2e:de:5c:56:
         4d:db:15:1f:dc:32:3b:dd:dc:be:11:1c:1b:cf:ca:83:47:18:
         76:6b:eb:7e:6d:3e:46:0a:54:0e:a9:86:ec:92:5d:ca:60:be:
         88:58:75:aa:5e:60:dd:24:fc:84:cb:99:dd:47:52:33:50:74:
         03:14:18:a1:47:b2:2e:d4:d8:8e:86:1a:e8:cb:e9:d9:58:02:
         d3:49:69:f3:74:a3:97:c0:fa:aa:9d:c0:5e:6d:d1:7c:64:78:
         ad:d2:c0:5d:0c:1d:c6:70:e5:6e:ad:70:b6:40:16:fd:c9:2d:
         64:95:05:f1:44:97:24:13:b0:b9:e1:d3:0f:cd:2d:62:d9:39:
         78:48:e4:df:41:54:60:a1:5f:2d:bd:40:e8:ad:3a:1e:34:47:
         d4:1f:4f:db:1d:88:be:b4:19:63:b7:44:c2:44:97:ba:55:b6:
         5d:0e:1b:49:c6:46:47:f5:2f:1d:e3:6f:50:e3:c7:47:ec:f6:
         a7:d1:55:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFi3JJv7+EctGqdlNwcwCmktmk48wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA5MjUwNzU4MTFaFw0yNTA5MjQwODAzMTFaMDMxMTAvBgNV
BAMTKEY0M0Q3MDQ4NzQ4NERGNDI2MzU0REU1MDVBNjY4Njk2RTgzNzQwQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI7zObgNZsGuv/uDtvfj61VCCj
LGrU/5fhmgH/Rh1mmyYIMHzcEmPIUZFfKBJ9SmvTMR9VN5Yfp760cR17JEDhP8Al
FpF5hBSss9J8x0skLDQcYvJhEpLvABRo0ijRpMnuoCJORwoELFKVrlGlraDDk22U
NVYWkMi3yTtPfJaLp+VqxyaL1tC6w11YvR48IOG347eOXTBjR6HUVmRhiI97YWCa
vqNzRAjKou7UZ1w5wdTyeoXcrGtdzHhymq+q2TiYiIshPxRkSk0Vkpz456AXaLBV
i7OFy1cCKbJUxy1KwjrWd0Wm94FuvGLdDnDC656rAozpMRwEmkJ4CEorY12pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9D1wSHSE30JjVN5QWmaGlug3QKQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MzE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz22
MA0GCSqGSIb3DQEBCwUAA4IBAQBdZ8dyEt01TttuxL+lP9AV6twiWTJXjCYSFmbd
vNoKO4GJ0jsXE8/WsLju/kTbSj4VjUN3mV8GZ4hYQh2MkjDuU78v2i7eXFZN2xUf
3DI73dy+ERwbz8qDRxh2a+t+bT5GClQOqYbskl3KYL6IWHWqXmDdJPyEy5ndR1Iz
UHQDFBihR7Iu1NiOhhroy+nZWALTSWnzdKOXwPqqncBebdF8ZHit0sBdDB3GcOVu
rXC2QBb9yS1klQXxRJckE7C54dMPzS1i2Tl4SOTfQVRgoV8tvUDorToeNEfUH0/b
HYi+tBljt0TCRJe6VbZdDhtJxkZH9S8d429Q48dH7Pan0VXL
-----END CERTIFICATE-----