Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399448.roa
File:                     AS399448.roa (raw, json)
Hash identifier:          ksxtzB9G8zuCjF6SNl7IJ6PadfzM2u65hp3aeQxcUQ4=
Subject key identifier:   C5:FA:21:3E:3E:C1:DD:1D:89:BA:B4:27:D3:B0:AA:2B:F5:6C:11:8A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       568F5F1CCF4BDF28F1DCFBF13D4F99D6DCC1A3EA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399448.roa
Signing time:             Mon 26 Aug 2024 00:00:40 +0000
ROA not before:           Sun 25 Aug 2024 23:55:40 +0000
ROA not after:            Mon 25 Aug 2025 00:00:40 +0000
asID:                     399448
IP address blocks:        181.214.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:48:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:8f:5f:1c:cf:4b:df:28:f1:dc:fb:f1:3d:4f:99:d6:dc:c1:a3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 25 23:55:40 2024 GMT
            Not After : Aug 25 00:00:40 2025 GMT
        Subject: CN=C5FA213E3EC1DD1D89BAB427D3B0AA2BF56C118A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:07:ea:f5:7d:48:3d:4d:db:e5:e4:df:71:41:
                    e1:6e:ad:9e:35:ee:87:a0:51:3d:69:b5:24:dd:78:
                    2f:be:7e:67:94:66:a0:bb:ac:ff:2e:3b:04:d4:f2:
                    0e:73:f6:b0:93:18:7f:ee:34:7a:2f:81:68:d8:01:
                    83:23:aa:2f:30:36:3d:78:27:2e:85:72:68:9d:d1:
                    20:ed:31:99:9c:37:6b:5c:5e:21:8e:45:45:02:ff:
                    66:26:01:03:18:ab:39:b8:98:31:04:5d:4b:be:5f:
                    1c:94:53:55:b0:5f:b7:02:6b:7d:a7:1d:2f:ee:0b:
                    b6:81:a2:d2:e2:d1:80:f8:6a:eb:b6:5d:5f:c4:6f:
                    92:d9:0f:09:96:ad:fe:2a:db:e4:51:01:a1:8a:55:
                    3d:68:58:1b:9f:86:0f:5e:39:66:bc:77:da:93:dc:
                    6e:11:7a:70:44:c2:2e:23:93:18:a6:1d:b7:60:09:
                    86:36:83:a7:71:f6:e9:3c:2b:63:e7:78:a2:9c:79:
                    58:34:7a:3e:93:ec:5f:45:e5:ba:5b:32:07:0f:af:
                    4c:ce:b8:94:74:e1:5c:a6:98:8c:92:fc:7d:b6:87:
                    06:c3:7e:6f:92:f2:2a:58:1d:42:90:9d:59:ef:e3:
                    46:8c:7d:2a:4e:6b:95:d4:ce:62:72:88:27:ad:7b:
                    79:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:FA:21:3E:3E:C1:DD:1D:89:BA:B4:27:D3:B0:AA:2B:F5:6C:11:8A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399448.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:c6:bd:b1:05:74:3e:de:f1:b7:1f:9f:bd:5d:2d:11:77:67:
         af:6e:e5:0f:2d:af:ab:90:39:07:f3:2e:bb:9c:ee:cd:27:fb:
         55:81:11:a3:25:fa:7f:01:cb:8c:53:0f:06:32:e5:5f:29:e9:
         db:df:d5:c1:27:38:66:a0:15:de:78:fb:7c:1d:f7:dc:37:89:
         a9:bd:c5:5e:08:c7:e5:01:53:cc:4e:f3:37:c2:ca:1c:da:bd:
         d3:87:58:5a:12:a0:51:d2:13:b5:20:b1:93:12:79:34:88:46:
         95:19:27:a8:88:83:04:15:f7:02:40:4d:00:6c:e9:b9:0c:0b:
         b5:4c:f4:a9:f7:d4:26:7b:c6:d9:4b:50:4d:52:15:97:e1:f4:
         2a:fb:22:a1:e4:9a:4a:11:e7:e0:b0:ca:66:c5:7f:f7:1a:73:
         40:b1:b2:04:37:fa:01:07:08:29:31:d5:d8:0c:d2:31:3b:70:
         de:75:8c:4e:c7:1e:39:6a:99:c4:b3:c7:43:5d:2a:fd:62:51:
         34:6f:36:59:80:85:88:c0:82:d1:75:14:e6:8a:b5:ae:54:c3:
         2d:39:74:f6:27:76:19:79:84:5d:e8:dd:bf:6c:f1:e7:44:80:
         96:10:51:a6:6f:40:87:d5:8a:7b:b5:fb:e0:a0:be:8f:10:6f:
         1c:f0:ca:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVo9fHM9L3yjx3PvxPU+Z1tzBo+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MjUyMzU1NDBaFw0yNTA4MjUwMDAwNDBaMDMxMTAvBgNV
BAMTKEM1RkEyMTNFM0VDMUREMUQ4OUJBQjQyN0QzQjBBQTJCRjU2QzExOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrB+r1fUg9Tdvl5N9xQeFurZ41
7oegUT1ptSTdeC++fmeUZqC7rP8uOwTU8g5z9rCTGH/uNHovgWjYAYMjqi8wNj14
Jy6Fcmid0SDtMZmcN2tcXiGORUUC/2YmAQMYqzm4mDEEXUu+XxyUU1WwX7cCa32n
HS/uC7aBotLi0YD4auu2XV/Eb5LZDwmWrf4q2+RRAaGKVT1oWBufhg9eOWa8d9qT
3G4RenBEwi4jkximHbdgCYY2g6dx9uk8K2PneKKceVg0ej6T7F9F5bpbMgcPr0zO
uJR04VymmIyS/H22hwbDfm+S8ipYHUKQnVnv40aMfSpOa5XUzmJyiCete3l5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxfohPj7B3R2JurQn07CqK/VsEYowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NDQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYO
MA0GCSqGSIb3DQEBCwUAA4IBAQCbxr2xBXQ+3vG3H5+9XS0Rd2evbuUPLa+rkDkH
8y67nO7NJ/tVgRGjJfp/AcuMUw8GMuVfKenb39XBJzhmoBXeePt8HffcN4mpvcVe
CMflAVPMTvM3wsoc2r3Th1haEqBR0hO1ILGTEnk0iEaVGSeoiIMEFfcCQE0AbOm5
DAu1TPSp99Qme8bZS1BNUhWX4fQq+yKh5JpKEefgsMpmxX/3GnNAsbIEN/oBBwgp
MdXYDNIxO3DedYxOxx45apnEs8dDXSr9YlE0bzZZgIWIwILRdRTmirWuVMMtOXT2
J3YZeYRd6N2/bPHnRICWEFGmb0CH1Yp7tfvgoL6PEG8c8MoT
-----END CERTIFICATE-----