Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
File:                     AS43350.roa (raw, json)
Hash identifier:          Ssl8crVjCLkQa8wKkMH1UcNH4zccgqC3kbR/TUL3vTs=
Subject key identifier:   42:DE:4E:C2:61:CB:7F:64:09:08:F8:D3:DE:ED:6C:37:13:BB:E8:DE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       54D31354EECC86C51D6975B5B8865C744722D59E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa
Signing time:             Wed 01 May 2024 19:05:16 +0000
ROA not before:           Wed 01 May 2024 19:00:16 +0000
ROA not after:            Wed 30 Apr 2025 19:05:16 +0000
asID:                     43350
IP address blocks:        181.41.194.0/24 maxlen: 24
                          181.214.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:d3:13:54:ee:cc:86:c5:1d:69:75:b5:b8:86:5c:74:47:22:d5:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  1 19:00:16 2024 GMT
            Not After : Apr 30 19:05:16 2025 GMT
        Subject: CN=42DE4EC261CB7F640908F8D3DEED6C3713BBE8DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:c0:b3:b9:1e:7f:c4:d0:db:ed:e4:7d:c6:
                    e4:94:73:32:6b:73:6c:98:6e:ac:70:76:0e:11:a8:
                    af:90:c2:ae:b4:58:51:b4:7a:f0:b0:27:f2:06:ec:
                    92:1d:a0:1b:4a:07:92:91:c2:ca:96:00:77:6f:6b:
                    8c:1c:33:48:77:df:9d:74:4a:53:6d:9d:53:84:e1:
                    67:00:ce:c0:86:a2:97:8e:8a:4c:7d:78:c6:5c:76:
                    66:52:06:cf:42:db:38:1b:d7:c7:c3:a7:a3:72:dc:
                    fa:28:a5:86:ef:78:63:24:9b:52:d9:ba:9b:ff:9e:
                    d6:8a:bb:a8:a7:3d:b6:ff:8b:5c:84:9d:ed:74:70:
                    dd:3a:c3:27:bf:87:e5:e2:b1:81:1a:8f:4c:a1:27:
                    f0:03:64:e6:07:db:c7:b3:4e:b3:d6:6a:5e:da:26:
                    32:13:b9:d0:f7:dd:43:88:a9:e2:26:6f:f9:52:aa:
                    2c:da:73:c3:9c:c3:59:33:8d:55:d7:60:ac:da:63:
                    78:ce:06:a6:93:c4:87:14:08:32:45:09:91:0d:1b:
                    50:0e:29:84:7c:20:43:d4:c9:f0:2d:bb:f0:49:5e:
                    12:9e:f3:e1:af:df:03:ab:c2:9c:c6:5c:59:24:cb:
                    25:74:9e:cd:f0:af:ab:3f:36:ee:44:5f:c1:c8:77:
                    eb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:DE:4E:C2:61:CB:7F:64:09:08:F8:D3:DE:ED:6C:37:13:BB:E8:DE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS43350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.194.0/24
                  181.214.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:3a:c7:49:db:99:a9:a8:93:25:43:ec:1b:ab:7e:91:57:49:
         62:bb:d8:8a:5c:77:05:7f:6e:4a:11:4b:93:91:8c:8a:13:68:
         1d:79:2b:31:ae:b6:9e:95:1a:2f:66:33:d3:88:a0:45:84:5e:
         2b:10:5f:6b:c4:23:ac:57:41:18:bb:aa:fe:25:a2:fe:28:21:
         c3:98:66:a3:d1:c5:ba:fe:86:43:6d:11:2b:2c:4f:ed:1b:88:
         ff:91:86:10:8e:c3:45:10:41:51:f2:07:3f:48:1a:a5:ec:dc:
         62:47:a7:71:4c:4a:9b:8d:9b:33:3a:0f:e2:a3:80:c3:0e:fe:
         04:98:ea:11:74:eb:a4:f5:70:ed:ad:08:33:5c:5a:64:92:2f:
         49:63:75:62:18:c1:a3:89:f7:16:c2:11:a6:f4:d0:9f:14:25:
         dc:ea:50:6e:e1:ed:53:6a:35:20:cf:d1:4c:78:3b:1e:a4:8d:
         09:5e:dc:d7:75:c7:0f:1a:3a:fe:30:fa:4c:0c:3c:78:cb:46:
         e8:e3:2f:2d:57:05:10:52:45:81:1c:b0:94:a7:ef:03:f7:1d:
         27:6e:aa:8d:35:90:d2:f1:6e:d8:5b:30:78:84:f7:3f:35:f6:
         88:89:c0:60:2b:0f:97:7a:8b:42:58:bb:7f:d0:fe:17:84:ae:
         5e:7e:d8:6a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVNMTVO7MhsUdaXW1uIZcdEci1Z4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDExOTAwMTZaFw0yNTA0MzAxOTA1MTZaMDMxMTAvBgNV
BAMTKDQyREU0RUMyNjFDQjdGNjQwOTA4RjhEM0RFRUQ2QzM3MTNCQkU4REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDscCzuR5/xNDb7eR9xuSUczJr
c2yYbqxwdg4RqK+Qwq60WFG0evCwJ/IG7JIdoBtKB5KRwsqWAHdva4wcM0h33510
SlNtnVOE4WcAzsCGopeOikx9eMZcdmZSBs9C2zgb18fDp6Ny3PoopYbveGMkm1LZ
upv/ntaKu6inPbb/i1yEne10cN06wye/h+XisYEaj0yhJ/ADZOYH28ezTrPWal7a
JjITudD33UOIqeImb/lSqizac8Ocw1kzjVXXYKzaY3jOBqaTxIcUCDJFCZENG1AO
KYR8IEPUyfAtu/BJXhKe8+Gv3wOrwpzGXFkkyyV0ns3wr6s/Nu5EX8HId+sBAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUQt5OwmHLf2QJCPjT3u1sNxO76N4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDMzNTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC1KcID
BAC11tAwDQYJKoZIhvcNAQELBQADggEBAKI6x0nbmamokyVD7BurfpFXSWK72Ipc
dwV/bkoRS5ORjIoTaB15KzGutp6VGi9mM9OIoEWEXisQX2vEI6xXQRi7qv4lov4o
IcOYZqPRxbr+hkNtESssT+0biP+RhhCOw0UQQVHyBz9IGqXs3GJHp3FMSpuNmzM6
D+KjgMMO/gSY6hF066T1cO2tCDNcWmSSL0ljdWIYwaOJ9xbCEab00J8UJdzqUG7h
7VNqNSDP0Ux4Ox6kjQle3Nd1xw8aOv4w+kwMPHjLRujjLy1XBRBSRYEcsJSn7wP3
HSduqo01kNLxbthbMHiE9z819oiJwGArD5d6i0JYu3/Q/heErl5+2Go=
-----END CERTIFICATE-----