Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
File:                     AS32159.roa (raw, json)
Hash identifier:          MB54lK/fuPHVJb43J54iMqmzkiQ+suoOU6G8FEEGhhA=
Subject key identifier:   B8:31:87:EA:D8:4A:0B:C9:0B:57:16:C8:1E:A3:03:55:2F:D0:19:41
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       63458D83C3EB5AC168DC7BCAB19864FF390D11B8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa
Signing time:             Sat 13 Jul 2024 00:05:18 +0000
ROA not before:           Sat 13 Jul 2024 00:00:18 +0000
ROA not after:            Sat 12 Jul 2025 00:05:18 +0000
asID:                     32159
IP address blocks:        181.214.182.0/24 maxlen: 24
                          181.214.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:45:8d:83:c3:eb:5a:c1:68:dc:7b:ca:b1:98:64:ff:39:0d:11:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 13 00:00:18 2024 GMT
            Not After : Jul 12 00:05:18 2025 GMT
        Subject: CN=B83187EAD84A0BC90B5716C81EA303552FD01941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:95:60:75:ac:b3:5a:a6:5a:b8:64:7b:2b:b8:
                    81:22:9f:ca:7a:ac:43:84:cb:9d:f3:52:ec:47:fb:
                    f8:3d:37:f1:4c:45:c8:ca:88:f1:b7:61:00:31:79:
                    ef:04:8e:21:87:5a:ee:82:92:82:5c:ee:85:d5:82:
                    0c:9c:c4:3d:a2:d9:2c:a0:92:fa:f5:09:5e:7e:cc:
                    fc:25:7f:6f:b8:51:e7:74:16:ea:bb:65:5b:db:93:
                    53:2e:20:73:27:bf:35:9b:8a:3b:33:f4:3e:12:47:
                    58:a1:75:ca:f3:1e:5d:53:59:f3:c1:2e:68:50:ad:
                    42:86:89:3c:aa:bb:d3:58:c8:d3:4d:f9:20:93:7c:
                    4b:9b:5d:5d:3a:17:d1:18:9e:e3:d9:7e:69:ec:46:
                    b1:1d:cf:f3:9f:20:d6:e8:1d:2a:20:a9:eb:63:6e:
                    1a:52:62:21:1f:40:6b:b2:29:eb:42:14:6b:b4:9e:
                    27:fa:6e:98:79:b2:4d:f4:fa:08:53:b5:ef:a8:b4:
                    26:ef:ea:bd:93:0e:42:10:d3:01:36:aa:c8:4a:23:
                    27:e4:f1:24:13:f5:98:77:00:19:04:1a:42:3d:27:
                    a1:ad:d1:bd:3c:59:8f:3c:5c:2e:96:12:61:b2:5b:
                    78:85:1c:0e:04:92:98:01:40:5d:74:24:88:31:36:
                    dc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:31:87:EA:D8:4A:0B:C9:0B:57:16:C8:1E:A3:03:55:2F:D0:19:41
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS32159.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.182.0/24
                  181.214.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:a5:25:27:ea:18:ce:e7:32:da:70:f2:a1:1e:2a:76:7c:f6:
         19:00:2a:c2:21:68:93:c8:18:77:07:e6:5e:65:02:a2:21:58:
         d4:86:d3:d8:0b:b8:af:5f:c6:fa:0f:f0:84:c2:ff:4e:fa:19:
         16:c3:41:1b:8f:10:3a:f3:d4:11:d9:a0:f8:e9:d4:59:65:4d:
         b1:64:8a:91:03:be:8d:c5:49:b8:b7:09:a1:e6:b3:aa:6d:8d:
         ff:43:af:c0:bc:e7:1a:8c:86:7f:53:17:6b:1e:7e:eb:2c:4d:
         ad:43:90:69:a2:8e:71:aa:2c:13:d4:0d:0e:5e:9b:64:21:42:
         0c:d7:d2:6c:04:e1:e9:65:01:eb:d6:f8:43:4c:63:c8:e2:2c:
         a5:d8:73:1a:6d:e0:71:20:91:0d:fd:2f:d6:19:6d:b1:d5:10:
         6f:66:94:43:1c:28:44:25:34:18:a9:4a:25:73:9d:73:31:d0:
         c7:a6:f7:d6:32:dd:f4:f0:0a:24:3a:e6:48:bd:5e:20:a8:65:
         ef:be:4a:14:9c:9a:d7:68:ec:fe:cb:a3:62:8b:99:82:95:6c:
         fc:25:c1:19:da:d3:90:2b:5b:f2:67:5e:98:6e:78:fb:47:63:
         69:1f:c7:92:98:53:7c:30:5d:c0:fd:91:d2:d1:38:a4:fe:70:
         d4:2f:26:dd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUY0WNg8PrWsFo3HvKsZhk/zkNEbgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MTMwMDAwMThaFw0yNTA3MTIwMDA1MThaMDMxMTAvBgNV
BAMTKEI4MzE4N0VBRDg0QTBCQzkwQjU3MTZDODFFQTMwMzU1MkZEMDE5NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSlWB1rLNaplq4ZHsruIEin8p6
rEOEy53zUuxH+/g9N/FMRcjKiPG3YQAxee8EjiGHWu6CkoJc7oXVggycxD2i2Syg
kvr1CV5+zPwlf2+4Ued0Fuq7ZVvbk1MuIHMnvzWbijsz9D4SR1ihdcrzHl1TWfPB
LmhQrUKGiTyqu9NYyNNN+SCTfEubXV06F9EYnuPZfmnsRrEdz/OfINboHSogqetj
bhpSYiEfQGuyKetCFGu0nif6bph5sk30+ghTte+otCbv6r2TDkIQ0wE2qshKIyfk
8SQT9Zh3ABkEGkI9J6Gt0b08WY88XC6WEmGyW3iFHA4EkpgBQF10JIgxNtxHAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUuDGH6thKC8kLVxbIHqMDVS/QGUEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzIxNTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11rYD
BAC11twwDQYJKoZIhvcNAQELBQADggEBAH6lJSfqGM7nMtpw8qEeKnZ89hkAKsIh
aJPIGHcH5l5lAqIhWNSG09gLuK9fxvoP8ITC/076GRbDQRuPEDrz1BHZoPjp1Fll
TbFkipEDvo3FSbi3CaHms6ptjf9Dr8C85xqMhn9TF2sefussTa1DkGmijnGqLBPU
DQ5em2QhQgzX0mwE4ellAevW+ENMY8jiLKXYcxpt4HEgkQ39L9YZbbHVEG9mlEMc
KEQlNBipSiVznXMx0Mem99Yy3fTwCiQ65ki9XiCoZe++ShScmtdo7P7Lo2KLmYKV
bPwlwRna05ArW/JnXphuePtHY2kfx5KYU3wwXcD9kdLROKT+cNQvJt0=
-----END CERTIFICATE-----