Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
File:                     AS137571.roa (raw, json)
Hash identifier:          5lNWBh/egOOoyv2g0spLO8RQa3xljapPl3CZF/ZHTdA=
Subject key identifier:   00:19:46:99:EA:05:D3:E5:1A:81:F9:9B:2F:29:69:2C:F4:09:61:DC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4D3B82C50F8BC6150F42CBE2D8AC993990499D26
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     137571
IP address blocks:        191.101.44.0/22 maxlen: 24
                          191.101.45.0/24 maxlen: 24
                          191.101.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:3b:82:c5:0f:8b:c6:15:0f:42:cb:e2:d8:ac:99:39:90:49:9d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=00194699EA05D3E51A81F99B2F29692CF40961DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:aa:50:24:a8:4f:01:a4:85:8b:52:fb:40:
                    bc:d8:ae:8d:28:0e:f7:d8:18:f4:17:a0:92:4f:af:
                    69:26:9e:e8:bd:16:df:ab:4a:e1:e8:d3:f5:92:07:
                    0b:65:29:4c:be:b0:43:3f:aa:30:6f:67:c0:29:e8:
                    02:0e:a5:68:d7:f1:6c:b8:0f:25:01:0a:09:99:6c:
                    9f:dd:a3:7a:73:80:f1:7d:67:7f:e0:50:95:66:ac:
                    89:91:2f:0a:ef:fd:1b:cf:99:34:aa:5c:1c:e2:df:
                    cf:9f:91:8a:ff:93:8b:91:68:3e:26:e5:81:52:fa:
                    44:36:ff:af:be:d8:09:d2:e2:df:9d:b6:32:12:fb:
                    22:ce:f0:61:2b:c7:90:78:28:66:5a:83:8f:1f:ab:
                    fd:e4:52:40:95:99:67:ad:6e:7f:c8:2d:2f:7b:d0:
                    a1:30:7c:63:aa:0f:4e:f1:8d:bc:20:83:26:8a:e1:
                    c8:c8:2e:16:a0:92:4e:d8:41:75:d3:19:c8:e8:61:
                    6d:e9:3c:2c:b6:c8:ad:8a:70:46:e5:74:b4:e9:24:
                    51:7a:96:13:2a:ea:36:b2:33:8f:4a:3f:c8:5c:cf:
                    ad:57:c9:22:d5:59:c0:dd:e5:03:b2:20:1c:30:34:
                    9b:2a:96:74:e3:9e:1c:52:33:ac:dc:0f:22:c3:8b:
                    93:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:19:46:99:EA:05:D3:E5:1A:81:F9:9B:2F:29:69:2C:F4:09:61:DC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137571.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:ac:2f:d8:c2:b5:3e:90:22:13:6b:e2:13:60:36:d0:ba:43:
         3d:c9:03:9b:a3:66:37:09:30:67:09:84:2c:cb:e5:fc:da:c5:
         4c:64:39:c7:2c:00:aa:25:93:37:17:a8:34:b8:56:c0:aa:6b:
         44:12:28:6f:b2:f7:a5:47:b4:44:90:93:1f:66:c4:13:84:45:
         10:a2:f4:89:a9:18:1f:64:1e:ac:79:bb:6b:de:5d:24:81:c9:
         90:f4:ae:08:76:2e:30:8f:f6:a8:4a:d5:22:21:a0:c7:27:56:
         a6:11:25:f4:76:66:85:e9:d9:3c:87:cf:5f:cf:7d:8d:fe:cc:
         47:36:b5:d9:b5:20:b9:8b:be:71:f2:f3:9a:a8:03:ec:40:8d:
         e4:70:b3:2e:b6:3a:7c:fc:e4:0f:11:38:dc:c9:d9:8d:0f:1f:
         0d:9f:36:27:f8:ab:3c:78:c1:cb:f4:fd:be:ac:3d:7d:d4:cb:
         24:e6:38:58:9d:5c:bc:e5:f6:ae:c7:40:90:ba:7a:06:0a:8e:
         57:57:fb:54:9c:e0:14:a6:10:3c:3e:1f:b6:a4:81:e2:5e:1d:
         1f:52:f3:21:96:eb:6a:d2:47:fd:14:d1:d5:24:c0:74:9a:f7:
         25:97:78:d8:ce:aa:02:63:e5:2d:c0:cf:88:38:88:1a:aa:10:
         87:cb:e4:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTTuCxQ+LxhUPQsvi2KyZOZBJnSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDAwMTk0Njk5RUEwNUQzRTUxQTgxRjk5QjJGMjk2OTJDRjQwOTYxREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZnapQJKhPAaSFi1L7QLzYro0o
DvfYGPQXoJJPr2kmnui9Ft+rSuHo0/WSBwtlKUy+sEM/qjBvZ8Ap6AIOpWjX8Wy4
DyUBCgmZbJ/do3pzgPF9Z3/gUJVmrImRLwrv/RvPmTSqXBzi38+fkYr/k4uRaD4m
5YFS+kQ2/6++2AnS4t+dtjIS+yLO8GErx5B4KGZag48fq/3kUkCVmWetbn/ILS97
0KEwfGOqD07xjbwggyaK4cjILhagkk7YQXXTGcjoYW3pPCy2yK2KcEbldLTpJFF6
lhMq6jayM49KP8hcz61XySLVWcDd5QOyIBwwNJsqlnTjnhxSM6zcDyLDi5NnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUABlGmeoF0+UagfmbLylpLPQJYdwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCv2Us
MA0GCSqGSIb3DQEBCwUAA4IBAQB7rC/YwrU+kCITa+ITYDbQukM9yQObo2Y3CTBn
CYQsy+X82sVMZDnHLACqJZM3F6g0uFbAqmtEEihvsvelR7REkJMfZsQThEUQovSJ
qRgfZB6sebtr3l0kgcmQ9K4Idi4wj/aoStUiIaDHJ1amESX0dmaF6dk8h89fz32N
/sxHNrXZtSC5i75x8vOaqAPsQI3kcLMutjp8/OQPETjcydmNDx8NnzYn+Ks8eMHL
9P2+rD191Msk5jhYnVy85faux0CQunoGCo5XV/tUnOAUphA8Ph+2pIHiXh0fUvMh
lutq0kf9FNHVJMB0mvcll3jYzqoCY+UtwM+IOIgaqhCHy+Qs
-----END CERTIFICATE-----