Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
File:                     AS13627.roa (raw, json)
Hash identifier:          f7PY8b44OOS9C/AMOg7o5uc2vqsiXZApLwhiJdgMDI0=
Subject key identifier:   A2:0C:29:CD:98:6B:ED:F9:B9:FE:9B:6E:AA:3B:DE:6B:A0:49:C8:6E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       66EFF5928F5C9AB48996AC320227D84B308897D3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     13627
IP address blocks:        185.137.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ef:f5:92:8f:5c:9a:b4:89:96:ac:32:02:27:d8:4b:30:88:97:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=A20C29CD986BEDF9B9FE9B6EAA3BDE6BA049C86E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d9:04:01:ea:e7:a8:a7:4f:50:83:cf:05:13:
                    b5:18:99:e0:f4:7d:76:4a:ad:9c:d2:55:17:c6:60:
                    20:3e:32:bb:8a:19:96:87:73:38:84:a1:56:33:f1:
                    fb:88:52:13:35:6f:16:a2:ab:a2:17:8f:e5:ea:1b:
                    28:52:a5:6c:48:ba:c8:49:0b:f3:72:85:ba:57:c2:
                    ca:b1:a8:f5:c8:f4:32:63:14:13:9f:9b:ad:63:b3:
                    18:eb:a6:69:27:9b:1e:af:b4:29:69:3d:e7:04:92:
                    e7:e4:65:ff:c9:1b:7a:9b:e9:7e:bf:59:66:95:2b:
                    ba:38:f6:b8:a9:42:05:3b:df:7a:1f:ef:c4:fd:76:
                    b0:d0:3a:20:4c:32:3f:97:16:40:cd:de:ff:5b:43:
                    c8:86:c4:3d:a2:61:87:69:24:91:c4:6b:d4:9c:bf:
                    55:4d:36:b7:c2:29:52:72:7c:89:10:78:cc:bc:6c:
                    28:1d:ec:4c:f0:b4:84:1c:cb:98:07:18:87:e5:10:
                    7b:3a:f8:12:65:3e:20:34:84:6e:1a:7e:67:96:41:
                    d1:62:ab:4e:78:78:0a:a2:99:07:4c:81:bd:11:ee:
                    9f:3d:67:9b:9b:94:b6:5f:bd:0f:30:64:6d:bf:08:
                    c3:31:50:f5:a0:a9:96:22:c3:56:c6:73:4b:ef:97:
                    10:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0C:29:CD:98:6B:ED:F9:B9:FE:9B:6E:AA:3B:DE:6B:A0:49:C8:6E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13627.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:5a:a2:ba:fe:29:ad:e6:a0:ab:e5:71:e3:70:e3:b9:c7:b3:
         84:cd:de:c0:2c:b8:02:29:7c:8d:31:8d:a0:6b:bb:b9:18:f8:
         26:a0:63:d4:57:7a:f1:02:a2:13:a4:8c:41:8c:03:de:55:9f:
         47:6a:66:ed:99:b5:3f:2e:16:11:b6:91:dd:a9:22:b7:24:f9:
         be:9b:10:f2:8b:7a:25:06:7a:4d:1e:80:96:7d:ed:ae:ae:30:
         6e:e9:7a:24:9f:e8:f9:d5:03:5d:87:c7:f4:4d:d1:ae:6c:76:
         59:85:2b:1c:20:56:20:c4:d5:1a:66:64:f5:5e:eb:de:3c:12:
         6e:4b:47:5b:4f:e2:c9:94:80:a3:ee:21:6a:4d:51:20:35:77:
         0a:f4:1f:d3:74:10:ea:c6:0b:24:19:a3:e4:77:04:4c:e7:a5:
         e7:0b:84:fe:85:e4:c0:56:da:72:63:80:e3:af:32:0d:f4:56:
         1e:f1:4c:3b:5f:6a:dd:7a:19:bc:a7:04:6e:bd:3f:ec:eb:1e:
         73:37:3a:45:72:88:c1:5f:32:b4:23:0f:93:6f:9c:f1:8d:f2:
         4a:e8:47:a4:08:c9:5a:c1:dc:c8:8d:c6:07:05:2b:86:40:67:
         38:79:b1:a1:ea:28:59:6b:62:28:07:e7:05:1f:29:88:fc:b8:
         90:a7:bd:64
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZu/1ko9cmrSJlqwyAifYSzCIl9MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKEEyMEMyOUNEOTg2QkVERjlCOUZFOUI2RUFBM0JERTZCQTA0OUM4NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO2QQB6ueop09Qg88FE7UYmeD0
fXZKrZzSVRfGYCA+MruKGZaHcziEoVYz8fuIUhM1bxaiq6IXj+XqGyhSpWxIushJ
C/NyhbpXwsqxqPXI9DJjFBOfm61jsxjrpmknmx6vtClpPecEkufkZf/JG3qb6X6/
WWaVK7o49ripQgU733of78T9drDQOiBMMj+XFkDN3v9bQ8iGxD2iYYdpJJHEa9Sc
v1VNNrfCKVJyfIkQeMy8bCgd7EzwtIQcy5gHGIflEHs6+BJlPiA0hG4afmeWQdFi
q054eAqimQdMgb0R7p89Z5ublLZfvQ8wZG2/CMMxUPWgqZYiw1bGc0vvlxBTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUogwpzZhr7fm5/ptuqjvea6BJyG4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM2Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5iV4w
DQYJKoZIhvcNAQELBQADggEBAIxaorr+Ka3moKvlceNw47nHs4TN3sAsuAIpfI0x
jaBru7kY+CagY9RXevECohOkjEGMA95Vn0dqZu2ZtT8uFhG2kd2pIrck+b6bEPKL
eiUGek0egJZ97a6uMG7peiSf6PnVA12Hx/RN0a5sdlmFKxwgViDE1RpmZPVe6948
Em5LR1tP4smUgKPuIWpNUSA1dwr0H9N0EOrGCyQZo+R3BEznpecLhP6F5MBW2nJj
gOOvMg30Vh7xTDtfat16GbynBG69P+zrHnM3OkVyiMFfMrQjD5NvnPGN8kroR6QI
yVrB3MiNxgcFK4ZAZzh5saHqKFlrYigH5wUfKYj8uJCnvWQ=
-----END CERTIFICATE-----