Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa
File:                     AS28753.roa (raw, json)
Hash identifier:          MF/8T2KeWZAn2YJAwBiJaooc9KmZnMtJsRBFp/6XX8M=
Subject key identifier:   A6:E4:07:66:40:24:BF:70:78:CC:2D:D7:05:6E:FB:0F:02:25:36:CD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2D60D4DFE44900459F2C85D744BEF90173510070
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa
Signing time:             Sun 20 Jul 2025 10:12:23 +0000
ROA not before:           Sun 20 Jul 2025 10:07:23 +0000
ROA not after:            Sun 19 Jul 2026 10:12:23 +0000
asID:                     28753
IP address blocks:        92.118.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:60:d4:df:e4:49:00:45:9f:2c:85:d7:44:be:f9:01:73:51:00:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 20 10:07:23 2025 GMT
            Not After : Jul 19 10:12:23 2026 GMT
        Subject: CN=A6E407664024BF7078CC2DD7056EFB0F022536CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b2:f1:0a:47:ef:97:78:02:5d:1b:35:4b:4c:
                    2c:a9:81:50:43:3d:58:69:74:66:64:8c:42:8c:4a:
                    a1:49:dc:54:06:af:20:8c:59:ca:4a:36:7f:e7:73:
                    1f:9c:9a:fa:78:f8:49:b0:42:c4:97:03:c4:8d:ae:
                    09:56:8f:c3:55:db:85:b7:cd:0e:b5:9f:3d:59:8f:
                    82:8a:9a:a4:85:f3:dd:b9:fd:4b:5b:46:c7:0d:30:
                    2f:45:b1:a2:0b:2b:7d:f0:d5:2f:b9:fd:76:e8:37:
                    25:b8:9d:72:08:e4:ee:c9:c7:c7:cf:a0:c2:3c:2a:
                    9f:3a:6f:36:39:11:59:9f:cc:9a:73:a6:6b:dc:51:
                    71:65:32:54:d0:64:20:f7:1d:81:7a:60:d3:5d:f2:
                    5a:ff:b8:a4:9c:ae:d9:7f:6d:66:7c:ce:f5:a2:19:
                    20:fa:2b:ae:7e:03:a0:4d:75:1a:cc:59:f1:be:3c:
                    06:41:dd:6b:14:4b:bc:b4:12:f0:69:c9:03:79:ae:
                    b4:c8:bd:36:c2:f0:b3:6a:4f:69:3d:ab:41:75:e3:
                    a1:ea:df:b8:2a:99:c1:ea:1b:b7:56:9a:64:54:a2:
                    c8:fc:a0:8b:65:b6:82:9b:fc:19:5d:6f:ec:ab:c7:
                    d5:57:37:57:ce:17:2d:14:7b:ce:fb:05:83:08:4c:
                    9d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:E4:07:66:40:24:BF:70:78:CC:2D:D7:05:6E:FB:0F:02:25:36:CD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:af:18:fb:42:b7:3e:71:42:9f:77:41:83:d7:9a:83:2e:de:
         2e:30:ec:99:85:e7:87:6a:cf:a7:fd:97:29:a4:7a:aa:9b:df:
         ad:27:6c:c4:51:04:ed:36:d2:ac:b8:3e:87:50:c3:af:92:84:
         ac:4a:c4:8f:21:28:65:25:e0:28:d2:ac:3e:9b:95:f4:fe:a3:
         4c:1c:06:1e:65:43:83:df:85:2f:73:e6:77:c4:d6:8a:a7:bc:
         53:2e:49:3d:ff:0a:b1:4e:9b:ee:9c:0e:51:ab:b8:3e:72:ab:
         15:ec:85:8d:1c:d7:ac:93:cb:9b:f2:e4:04:81:01:43:99:3f:
         bc:b1:3d:40:80:a1:37:54:85:0e:71:1e:bc:41:fc:45:bb:71:
         c6:c0:82:71:d9:8f:31:db:f0:64:ad:cd:52:1d:ef:49:77:ae:
         48:38:e7:a4:43:ed:03:29:9f:9b:66:6d:f8:17:5e:f8:e1:49:
         15:0e:33:30:4c:9f:cb:19:e3:eb:a8:71:b4:3c:98:b1:5b:02:
         9d:be:02:9f:3d:39:3c:84:70:00:77:6b:16:e1:3d:d8:93:44:
         9a:32:8a:51:e6:81:58:82:00:af:c7:be:e2:a5:cd:f3:f8:70:
         88:d7:3a:00:45:04:d8:59:fa:1a:5d:2b:b4:fd:12:94:c0:20:
         12:f3:90:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULWDU3+RJAEWfLIXXRL75AXNRAHAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MjAxMDA3MjNaFw0yNjA3MTkxMDEyMjNaMDMxMTAvBgNV
BAMTKEE2RTQwNzY2NDAyNEJGNzA3OENDMkRENzA1NkVGQjBGMDIyNTM2Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0svEKR++XeAJdGzVLTCypgVBD
PVhpdGZkjEKMSqFJ3FQGryCMWcpKNn/ncx+cmvp4+EmwQsSXA8SNrglWj8NV24W3
zQ61nz1Zj4KKmqSF8925/UtbRscNMC9FsaILK33w1S+5/XboNyW4nXII5O7Jx8fP
oMI8Kp86bzY5EVmfzJpzpmvcUXFlMlTQZCD3HYF6YNNd8lr/uKScrtl/bWZ8zvWi
GSD6K65+A6BNdRrMWfG+PAZB3WsUS7y0EvBpyQN5rrTIvTbC8LNqT2k9q0F146Hq
37gqmcHqG7dWmmRUosj8oItltoKb/Bldb+yrx9VXN1fOFy0Ue877BYMITJ3dAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUpuQHZkAkv3B4zC3XBW77DwIlNs0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjg3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABcdqMw
DQYJKoZIhvcNAQELBQADggEBADavGPtCtz5xQp93QYPXmoMu3i4w7JmF54dqz6f9
lymkeqqb360nbMRRBO020qy4PodQw6+ShKxKxI8hKGUl4CjSrD6blfT+o0wcBh5l
Q4PfhS9z5nfE1oqnvFMuST3/CrFOm+6cDlGruD5yqxXshY0c16yTy5vy5ASBAUOZ
P7yxPUCAoTdUhQ5xHrxB/EW7ccbAgnHZjzHb8GStzVId70l3rkg456RD7QMpn5tm
bfgXXvjhSRUOMzBMn8sZ4+uocbQ8mLFbAp2+Ap89OTyEcAB3axbhPdiTRJoyilHm
gViCAK/HvuKlzfP4cIjXOgBFBNhZ+hpdK7T9EpTAIBLzkOk=
-----END CERTIFICATE-----