Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa
File:                     AS62425.roa (raw, json)
Hash identifier:          wsoyOqXds+FsQJwbxVfXJ1l+gGfWhKG3tCFlrkcZY2E=
Subject key identifier:   81:42:CD:E3:E8:10:B5:77:D9:49:86:05:7E:08:5B:37:7F:53:3E:36
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3542A9AAFFD9364D25EA47A3334C2923DE065806
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa
Signing time:             Fri 24 May 2024 12:05:16 +0000
ROA not before:           Fri 24 May 2024 12:00:16 +0000
ROA not after:            Fri 23 May 2025 12:05:16 +0000
asID:                     62425
IP address blocks:        181.214.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:42:a9:aa:ff:d9:36:4d:25:ea:47:a3:33:4c:29:23:de:06:58:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 24 12:00:16 2024 GMT
            Not After : May 23 12:05:16 2025 GMT
        Subject: CN=8142CDE3E810B577D94986057E085B377F533E36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a3:3d:29:19:d5:da:dc:03:41:19:a3:23:ea:
                    83:50:b2:19:57:64:87:43:fc:10:99:87:b7:42:31:
                    62:8d:92:6a:43:b1:f4:c9:a7:e6:89:da:2d:9c:88:
                    c5:a7:52:2f:d8:c5:49:5f:ff:50:48:79:d0:92:a0:
                    ce:c3:a3:c1:5b:d6:63:df:3d:65:46:7b:91:2b:65:
                    db:bf:35:a0:26:2d:f7:90:a7:d8:e7:71:df:ab:b0:
                    af:43:6a:a0:da:90:3a:c5:fd:45:02:0b:46:52:ab:
                    1c:6a:7d:36:01:c2:69:c4:dc:eb:87:76:81:93:52:
                    51:e4:19:7a:08:7a:05:95:a6:e3:6c:7d:0b:77:50:
                    2c:f5:d2:b9:88:84:3f:51:91:84:4c:77:74:1b:70:
                    0e:dd:8f:a4:e9:50:f7:d0:fb:dc:64:75:c7:96:19:
                    0f:3f:a7:8c:96:2c:ae:94:96:91:f0:06:20:fc:2f:
                    5a:b6:4e:c4:ae:ec:7d:67:f3:45:dd:86:01:9c:57:
                    20:d1:37:e3:92:b0:2d:ae:70:13:ec:cd:56:ad:da:
                    73:32:c8:91:a4:84:b4:9f:03:90:5f:f7:2a:a4:af:
                    b4:fd:5b:df:fe:67:9c:ad:b9:d9:ad:88:87:56:5e:
                    da:63:80:d7:0b:14:e8:9b:94:06:e1:12:2b:62:a1:
                    1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:42:CD:E3:E8:10:B5:77:D9:49:86:05:7E:08:5B:37:7F:53:3E:36
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:af:01:84:5d:b1:c9:79:36:3f:8d:18:78:63:f7:36:27:bc:
         ad:2c:20:a0:66:35:4b:cb:62:a6:6a:a8:79:b5:61:25:39:ce:
         c1:f3:69:97:b5:eb:92:4f:22:f4:27:c2:49:12:ff:19:d6:d1:
         38:74:4d:4a:f9:4f:e8:4e:4c:49:8e:e3:c0:82:ae:fd:28:f0:
         31:2f:87:1c:23:1d:91:a1:68:54:2b:fe:31:6c:04:ac:25:5e:
         91:7c:d1:21:29:52:5e:58:2c:b0:52:5a:23:da:05:30:9f:b5:
         1f:d1:9c:37:40:f2:df:d7:68:b7:12:6e:79:b2:c8:1c:a0:47:
         0a:5f:e7:b3:3f:d4:60:6b:cf:28:d5:15:7d:90:50:62:da:ca:
         2c:43:a2:4c:ca:ce:51:b5:d2:6a:3a:5d:8d:aa:89:48:89:a2:
         8b:4e:c4:96:58:92:5d:33:1a:91:10:8c:78:0d:4a:67:08:70:
         db:79:9c:87:80:f6:b5:eb:55:58:e2:9a:30:ea:3b:c7:a9:e1:
         0e:ce:75:86:76:ab:30:6b:41:21:f2:1b:5f:c3:36:cf:66:d3:
         24:f5:52:6e:96:53:b5:cc:55:22:e1:d2:2e:71:81:96:20:f0:
         f5:f0:ef:7d:e0:ca:9f:ec:cd:fe:6a:51:1b:b5:d1:b3:7c:fc:
         9a:d6:80:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUNUKpqv/ZNk0l6kejM0wpI94GWAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjQxMjAwMTZaFw0yNTA1MjMxMjA1MTZaMDMxMTAvBgNV
BAMTKDgxNDJDREUzRTgxMEI1NzdEOTQ5ODYwNTdFMDg1QjM3N0Y1MzNFMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYoz0pGdXa3ANBGaMj6oNQshlX
ZIdD/BCZh7dCMWKNkmpDsfTJp+aJ2i2ciMWnUi/YxUlf/1BIedCSoM7Do8Fb1mPf
PWVGe5ErZdu/NaAmLfeQp9jncd+rsK9DaqDakDrF/UUCC0ZSqxxqfTYBwmnE3OuH
doGTUlHkGXoIegWVpuNsfQt3UCz10rmIhD9RkYRMd3QbcA7dj6TpUPfQ+9xkdceW
GQ8/p4yWLK6UlpHwBiD8L1q2TsSu7H1n80XdhgGcVyDRN+OSsC2ucBPszVat2nMy
yJGkhLSfA5Bf9yqkr7T9W9/+Z5ytudmtiIdWXtpjgNcLFOiblAbhEitioR8jAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgULN4+gQtXfZSYYFfghbN39TPjYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjI0MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11pow
DQYJKoZIhvcNAQELBQADggEBAImvAYRdscl5Nj+NGHhj9zYnvK0sIKBmNUvLYqZq
qHm1YSU5zsHzaZe165JPIvQnwkkS/xnW0Th0TUr5T+hOTEmO48CCrv0o8DEvhxwj
HZGhaFQr/jFsBKwlXpF80SEpUl5YLLBSWiPaBTCftR/RnDdA8t/XaLcSbnmyyByg
Rwpf57M/1GBrzyjVFX2QUGLayixDokzKzlG10mo6XY2qiUiJootOxJZYkl0zGpEQ
jHgNSmcIcNt5nIeA9rXrVVjimjDqO8ep4Q7OdYZ2qzBrQSHyG1/DNs9m0yT1Um6W
U7XMVSLh0i5xgZYg8PXw733gyp/szf5qURu10bN8/JrWgAY=
-----END CERTIFICATE-----