Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
File:                     AS267507.roa (raw, json)
Hash identifier:          6FgHYm4KWg77Mik2mKJv3M4z7pbmeioU5Es8+vORwVM=
Subject key identifier:   7B:1A:7D:CB:4D:93:AC:BF:59:BE:7E:D5:48:C7:D9:1D:10:4D:6F:02
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3971CC4C819C2BEE96DC76668AA2E26C84657D54
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
Signing time:             Fri 04 Jul 2025 12:36:09 +0000
ROA not before:           Fri 04 Jul 2025 12:31:09 +0000
ROA not after:            Fri 03 Jul 2026 12:36:09 +0000
asID:                     267507
IP address blocks:        191.96.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:71:cc:4c:81:9c:2b:ee:96:dc:76:66:8a:a2:e2:6c:84:65:7d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  4 12:31:09 2025 GMT
            Not After : Jul  3 12:36:09 2026 GMT
        Subject: CN=7B1A7DCB4D93ACBF59BE7ED548C7D91D104D6F02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b5:ce:60:96:f8:41:83:d2:cf:1b:4b:e0:50:
                    72:cd:d1:4b:0f:4b:e3:55:93:9b:1d:6b:bc:73:a1:
                    a9:f2:ea:2f:09:e9:b7:fc:c2:d4:60:06:78:1f:bb:
                    b9:c3:89:5b:d9:17:e8:24:8a:1f:04:73:d8:74:0a:
                    01:53:54:02:b7:14:ff:dc:df:e8:8b:84:15:bc:02:
                    36:a3:67:4b:49:57:12:b1:e2:7c:f2:8d:c1:a8:86:
                    ba:cb:49:dc:76:57:8c:d5:ac:b1:1a:37:36:3b:54:
                    5a:f6:3d:ea:05:c8:dc:39:86:c6:ad:d5:ee:c8:db:
                    20:0d:42:78:6e:bb:6d:49:f5:a2:5c:27:80:0e:42:
                    57:f2:45:36:eb:fc:c0:f4:cf:24:d1:e6:d8:77:8a:
                    25:40:9d:b3:bd:95:24:91:f2:70:a7:85:0a:6c:53:
                    63:06:d3:dc:d3:0d:0d:2d:28:94:3e:71:dd:3b:d7:
                    05:ea:d3:88:73:78:84:39:2d:b0:3f:19:33:8c:b5:
                    bf:3e:af:49:6d:27:b8:27:e1:f2:3a:e1:f1:36:41:
                    c5:7c:fb:40:7a:7a:70:f0:f9:a7:3a:8a:9f:c8:e2:
                    d6:8a:17:ad:1a:05:c1:35:fe:b9:5b:df:af:41:b9:
                    cd:78:e8:4e:1f:a6:d1:ed:20:e2:a5:69:e1:7a:b1:
                    73:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1A:7D:CB:4D:93:AC:BF:59:BE:7E:D5:48:C7:D9:1D:10:4D:6F:02
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:08:67:57:c9:f9:bd:4e:61:ef:d9:7c:5c:c1:54:6f:ab:14:
         bf:68:4c:e1:ab:8d:fe:fb:24:89:62:49:10:80:ff:0c:44:4b:
         4d:a3:ce:d4:4d:f8:47:a6:ff:3a:2b:a5:d0:13:5b:0a:3b:7c:
         a2:0a:98:7a:84:9b:b1:37:2a:4d:ef:8c:71:58:0e:87:31:15:
         45:34:17:1d:2a:cf:aa:aa:72:9a:54:fe:dc:09:ec:16:50:65:
         31:3f:dc:26:e1:13:30:f2:10:fc:87:64:8e:92:ae:5d:92:c2:
         6c:f4:17:f3:f3:e1:f9:57:24:49:df:94:e2:46:5f:70:47:ca:
         b1:0d:e2:0c:60:f4:35:ef:75:43:de:c2:b4:7e:6f:94:45:55:
         37:76:26:a7:a2:bb:ab:92:de:e7:21:90:f2:1c:7e:8f:37:18:
         44:52:f6:2d:93:05:d7:4f:f6:fb:28:ab:3f:b7:a4:cd:e1:44:
         3a:81:f5:a8:f2:4e:af:e4:3b:81:7a:b0:e8:78:27:0c:49:1a:
         50:98:4d:a0:ee:68:aa:9d:ed:29:74:cc:2e:3d:7c:17:a5:dc:
         51:32:b9:c9:93:5a:e4:a8:b2:e2:c2:eb:b6:6d:3e:5b:b8:43:
         d6:95:5f:99:2e:71:2c:84:83:d9:a9:8c:8b:21:48:fe:f9:89:
         27:a0:19:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOXHMTIGcK+6W3HZmiqLibIRlfVQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDQxMjMxMDlaFw0yNjA3MDMxMjM2MDlaMDMxMTAvBgNV
BAMTKDdCMUE3RENCNEQ5M0FDQkY1OUJFN0VENTQ4QzdEOTFEMTA0RDZGMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztc5glvhBg9LPG0vgUHLN0UsP
S+NVk5sda7xzoany6i8J6bf8wtRgBngfu7nDiVvZF+gkih8Ec9h0CgFTVAK3FP/c
3+iLhBW8AjajZ0tJVxKx4nzyjcGohrrLSdx2V4zVrLEaNzY7VFr2PeoFyNw5hsat
1e7I2yANQnhuu21J9aJcJ4AOQlfyRTbr/MD0zyTR5th3iiVAnbO9lSSR8nCnhQps
U2MG09zTDQ0tKJQ+cd071wXq04hzeIQ5LbA/GTOMtb8+r0ltJ7gn4fI64fE2QcV8
+0B6enDw+ac6ip/I4taKF60aBcE1/rlb369Buc146E4fptHtIOKlaeF6sXPXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUexp9y02TrL9Zvn7VSMfZHRBNbwIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY3NTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AO
MA0GCSqGSIb3DQEBCwUAA4IBAQBtCGdXyfm9TmHv2XxcwVRvqxS/aEzhq43++ySJ
YkkQgP8MREtNo87UTfhHpv86K6XQE1sKO3yiCph6hJuxNypN74xxWA6HMRVFNBcd
Ks+qqnKaVP7cCewWUGUxP9wm4RMw8hD8h2SOkq5dksJs9Bfz8+H5VyRJ35TiRl9w
R8qxDeIMYPQ173VD3sK0fm+URVU3dianorurkt7nIZDyHH6PNxhEUvYtkwXXT/b7
KKs/t6TN4UQ6gfWo8k6v5DuBerDoeCcMSRpQmE2g7miqne0pdMwuPXwXpdxRMrnJ
k1rkqLLiwuu2bT5buEPWlV+ZLnEshIPZqYyLIUj++YknoBnE
-----END CERTIFICATE-----