Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132335.roa
File:                     AS132335.roa (raw, json)
Hash identifier:          dDdItQh+NDXN8WpTzIfXtJKrFAhdrClVGKShDdvVLJk=
Subject key identifier:   D5:41:8A:55:65:A7:D5:52:EB:E6:E6:90:FB:A3:1C:A3:42:DA:44:DD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7C524ACC438566CC5B644E0261B56653D6B85E56
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132335.roa
Signing time:             Mon 22 Apr 2024 20:59:07 +0000
ROA not before:           Mon 22 Apr 2024 20:54:07 +0000
ROA not after:            Mon 21 Apr 2025 20:59:07 +0000
asID:                     132335
IP address blocks:        181.214.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:52:4a:cc:43:85:66:cc:5b:64:4e:02:61:b5:66:53:d6:b8:5e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 22 20:54:07 2024 GMT
            Not After : Apr 21 20:59:07 2025 GMT
        Subject: CN=D5418A5565A7D552EBE6E690FBA31CA342DA44DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:69:fd:df:46:90:d2:75:1b:fa:8e:b0:94:85:
                    da:8a:de:0c:68:28:b0:99:5a:21:c5:07:f6:b7:b1:
                    47:57:3b:a1:ea:87:ce:a8:45:3b:a0:ce:5b:71:2f:
                    7c:e7:48:d4:22:a8:77:a3:cf:a0:34:c2:3f:22:57:
                    f5:48:45:95:4b:04:1d:a1:8b:cf:00:67:69:45:6c:
                    6d:6d:e2:61:39:18:69:2a:f7:88:b1:4d:36:f3:92:
                    d4:f3:ac:c3:65:ec:7d:a4:51:fa:1e:53:bf:33:39:
                    be:70:9f:ff:48:b8:ec:6d:41:76:aa:a9:ef:47:b3:
                    d4:0a:92:67:71:da:05:cc:f1:fc:ff:34:df:66:52:
                    39:9a:76:39:b4:de:ab:05:ec:39:81:c8:6e:cb:49:
                    40:d6:ee:66:ed:f5:d6:30:70:14:93:eb:6b:01:5a:
                    39:e2:c9:90:81:1e:5d:29:5c:53:1e:9e:72:1b:97:
                    d4:11:cc:a3:2e:d7:47:71:ca:ef:d2:06:59:25:b3:
                    7a:23:39:2b:f2:82:ae:0c:b9:03:36:5d:e7:3f:75:
                    d9:52:31:92:78:e2:8d:74:40:45:8b:8e:b8:12:e7:
                    81:35:cb:49:ad:b7:3b:25:c8:76:43:76:c5:7d:e7:
                    f0:93:fc:87:7c:5c:da:bc:f9:61:85:73:1b:f4:96:
                    d4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:41:8A:55:65:A7:D5:52:EB:E6:E6:90:FB:A3:1C:A3:42:DA:44:DD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:3d:9d:95:42:31:8f:14:ad:63:2b:7e:c0:06:a3:41:09:77:
         53:1f:60:53:f6:92:41:b7:94:ac:21:aa:ac:8e:33:c2:16:6a:
         3a:54:6b:d8:4f:3c:8f:b0:5c:14:3c:49:4f:f6:97:9a:0e:ba:
         40:dc:5b:c2:dc:74:b7:ea:f5:80:9a:49:77:49:bd:21:da:9d:
         1d:62:d9:6c:79:0b:a1:22:06:0c:3e:f8:e9:20:ba:5b:23:ae:
         a2:51:52:bf:f1:bc:0c:56:3c:43:c2:f1:fe:cb:9f:56:d4:aa:
         57:35:82:d8:0d:8f:8d:9a:f8:c6:fe:a4:43:7f:12:2f:47:25:
         bb:ad:16:2d:12:55:04:c6:20:49:a1:ec:b0:a2:11:0b:c2:69:
         13:e7:fb:16:c3:c6:16:85:86:e2:4e:6c:4e:ac:61:52:42:86:
         9e:cc:4b:9d:be:df:4d:76:57:e7:97:2a:c2:87:68:7b:54:62:
         67:eb:de:7d:a3:53:1d:9f:d8:51:3e:0c:01:b5:63:b1:0e:44:
         57:72:63:85:53:b2:b6:da:55:3d:bc:08:4c:83:e7:89:15:36:
         80:a5:f2:c7:4b:e5:1d:18:89:5a:fd:79:16:32:32:3a:eb:b4:
         dd:b5:86:5a:90:bb:a2:2a:0a:4a:fa:8d:e7:dd:70:2b:78:e9:
         e9:fb:e6:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfFJKzEOFZsxbZE4CYbVmU9a4XlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjIyMDU0MDdaFw0yNTA0MjEyMDU5MDdaMDMxMTAvBgNV
BAMTKEQ1NDE4QTU1NjVBN0Q1NTJFQkU2RTY5MEZCQTMxQ0EzNDJEQTQ0REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdaf3fRpDSdRv6jrCUhdqK3gxo
KLCZWiHFB/a3sUdXO6Hqh86oRTugzltxL3znSNQiqHejz6A0wj8iV/VIRZVLBB2h
i88AZ2lFbG1t4mE5GGkq94ixTTbzktTzrMNl7H2kUfoeU78zOb5wn/9IuOxtQXaq
qe9Hs9QKkmdx2gXM8fz/NN9mUjmadjm03qsF7DmByG7LSUDW7mbt9dYwcBST62sB
WjniyZCBHl0pXFMennIbl9QRzKMu10dxyu/SBlkls3ojOSvygq4MuQM2Xec/ddlS
MZJ44o10QEWLjrgS54E1y0mttzslyHZDdsV95/CT/Id8XNq8+WGFcxv0ltQtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1UGKVWWn1VLr5uaQ+6Mco0LaRN0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyMzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYs
MA0GCSqGSIb3DQEBCwUAA4IBAQCbPZ2VQjGPFK1jK37ABqNBCXdTH2BT9pJBt5Ss
IaqsjjPCFmo6VGvYTzyPsFwUPElP9peaDrpA3FvC3HS36vWAmkl3Sb0h2p0dYtls
eQuhIgYMPvjpILpbI66iUVK/8bwMVjxDwvH+y59W1KpXNYLYDY+NmvjG/qRDfxIv
RyW7rRYtElUExiBJoeywohELwmkT5/sWw8YWhYbiTmxOrGFSQoaezEudvt9Ndlfn
lyrCh2h7VGJn6959o1Mdn9hRPgwBtWOxDkRXcmOFU7K22lU9vAhMg+eJFTaApfLH
S+UdGIla/XkWMjI667TdtYZakLuiKgpK+o3n3XAreOnp++bQ
-----END CERTIFICATE-----