Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa
File:                     AS132825.roa (raw, json)
Hash identifier:          jpwptM91TZ6wJ1cRs4cuzK1WQ5ZB4K3fNgPVE7HMiKA=
Subject key identifier:   76:76:D6:D7:B5:51:18:BE:C1:60:BF:04:4D:DC:1C:F2:96:09:8E:62
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69F50017FC0AEFD59C754DBFEC4D0975B8DBCD84
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     132825
IP address blocks:        181.215.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:f5:00:17:fc:0a:ef:d5:9c:75:4d:bf:ec:4d:09:75:b8:db:cd:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=7676D6D7B55118BEC160BF044DDC1CF296098E62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:86:d3:ec:6a:35:e1:a5:b0:38:46:65:4e:16:
                    78:99:c4:f0:13:63:59:dc:1c:e4:74:09:9e:2e:be:
                    7e:f3:82:bb:b2:07:23:80:5b:e1:2e:c1:30:19:26:
                    c6:66:51:53:ab:51:59:f7:96:d4:a1:04:c4:cb:76:
                    2b:d3:66:5a:94:9b:af:ea:a4:a6:4d:93:02:66:a8:
                    7a:49:4d:b9:15:2f:e2:6d:3e:9d:7d:df:02:9f:78:
                    ae:a9:6f:4e:c5:09:08:50:ec:2c:fd:f8:ae:b8:8a:
                    57:15:1f:45:1c:e5:11:6d:9a:64:78:f1:9a:44:6c:
                    1e:ae:0b:4b:b3:b1:ab:dd:c3:64:e8:07:71:81:a1:
                    f7:86:e3:20:f4:45:96:ce:ae:f3:74:52:30:79:c0:
                    ae:d9:f6:e6:90:01:33:94:5a:89:68:4f:70:c4:6a:
                    24:f2:12:7f:17:cd:a8:41:79:8b:fc:07:c7:ba:22:
                    a9:3a:9f:db:de:46:ae:2a:f2:82:3f:49:c5:93:49:
                    0b:dd:ed:2e:f9:5a:55:1c:ed:74:6a:89:f5:5c:65:
                    5f:d9:41:42:27:17:43:3e:03:25:44:dd:12:1b:85:
                    f8:74:3b:72:6f:b9:55:ba:c6:43:89:a5:8e:0d:ca:
                    ea:de:b9:3e:be:ed:c9:a5:d5:3c:98:1a:1d:d0:4a:
                    2b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:76:D6:D7:B5:51:18:BE:C1:60:BF:04:4D:DC:1C:F2:96:09:8E:62
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS132825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:99:1a:c8:8f:55:2e:ba:fd:2b:e4:2f:23:6c:75:d4:9d:a0:
         d7:64:1e:e5:fc:d1:24:b0:99:fe:d3:bd:7c:c2:8e:18:ee:15:
         e5:d6:3d:89:ef:5d:fe:24:80:d1:9d:4b:f3:3f:28:e1:1e:51:
         35:6a:93:50:7b:b9:6d:0f:9e:da:44:bf:f2:13:99:bf:1b:fc:
         74:a8:24:e5:ef:91:c8:8e:8c:1c:6e:6d:1a:de:17:8b:b2:03:
         c3:00:b0:b8:77:b9:56:d7:0e:10:b2:93:e4:67:13:e4:4f:98:
         4d:b2:06:45:8b:ad:43:34:b0:09:a6:49:aa:41:bb:83:dd:04:
         10:81:11:2f:5c:4f:3c:4b:f2:95:e3:87:65:6c:93:d5:07:fc:
         f9:bb:d7:e4:9f:27:e6:bb:fa:67:77:97:41:d2:81:4e:4d:8b:
         40:88:73:01:a7:2a:3c:90:17:e0:85:d9:3f:54:0e:1d:b1:83:
         88:59:3b:d5:bc:d5:19:ad:7a:72:4a:3e:a4:da:a2:82:ce:32:
         51:b8:2a:ff:e3:ac:36:85:18:ff:ae:77:b4:b9:ed:9b:b8:4a:
         fc:ae:e0:cf:92:8b:a8:9b:bd:e7:f6:8b:50:4b:fc:8e:6b:ba:
         a8:a8:9c:b1:f8:50:37:32:c4:9d:99:41:a1:a5:c0:ff:1f:7a:
         40:96:70:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUafUAF/wK79WcdU2/7E0JdbjbzYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDc2NzZENkQ3QjU1MTE4QkVDMTYwQkYwNDREREMxQ0YyOTYwOThFNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGhtPsajXhpbA4RmVOFniZxPAT
Y1ncHOR0CZ4uvn7zgruyByOAW+EuwTAZJsZmUVOrUVn3ltShBMTLdivTZlqUm6/q
pKZNkwJmqHpJTbkVL+JtPp193wKfeK6pb07FCQhQ7Cz9+K64ilcVH0Uc5RFtmmR4
8ZpEbB6uC0uzsavdw2ToB3GBofeG4yD0RZbOrvN0UjB5wK7Z9uaQATOUWoloT3DE
aiTyEn8XzahBeYv8B8e6Iqk6n9veRq4q8oI/ScWTSQvd7S75WlUc7XRqifVcZV/Z
QUInF0M+AyVE3RIbhfh0O3JvuVW6xkOJpY4NyureuT6+7cml1TyYGh3QSisdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdnbW17VRGL7BYL8ETdwc8pYJjmIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTMyODI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdf8
MA0GCSqGSIb3DQEBCwUAA4IBAQBumRrIj1Uuuv0r5C8jbHXUnaDXZB7l/NEksJn+
0718wo4Y7hXl1j2J713+JIDRnUvzPyjhHlE1apNQe7ltD57aRL/yE5m/G/x0qCTl
75HIjowcbm0a3heLsgPDALC4d7lW1w4QspPkZxPkT5hNsgZFi61DNLAJpkmqQbuD
3QQQgREvXE88S/KV44dlbJPVB/z5u9fknyfmu/pnd5dB0oFOTYtAiHMBpyo8kBfg
hdk/VA4dsYOIWTvVvNUZrXpySj6k2qKCzjJRuCr/46w2hRj/rne0ue2buEr8ruDP
kouom73n9otQS/yOa7qoqJyx+FA3MsSdmUGhpcD/H3pAlnBm
-----END CERTIFICATE-----