Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138997.roa
File:                     AS138997.roa (raw, json)
Hash identifier:          g8N3D1RhqxUCoI9oCkWhYuWS1q+btzT73jLrcXsm/6s=
Subject key identifier:   C9:74:E0:BF:69:4B:53:0B:9A:6A:78:26:33:95:1E:7F:1A:7B:61:BA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7237B77C3C3771AC4848EDFA335307C3AFE59DAF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138997.roa
Signing time:             Mon 22 Apr 2024 05:13:08 +0000
ROA not before:           Mon 22 Apr 2024 05:08:08 +0000
ROA not after:            Mon 21 Apr 2025 05:13:08 +0000
asID:                     138997
IP address blocks:        181.215.94.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:37:b7:7c:3c:37:71:ac:48:48:ed:fa:33:53:07:c3:af:e5:9d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 22 05:08:08 2024 GMT
            Not After : Apr 21 05:13:08 2025 GMT
        Subject: CN=C974E0BF694B530B9A6A782633951E7F1A7B61BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ff:66:60:6f:82:82:ff:51:41:31:18:c1:06:
                    86:b2:a3:d0:4b:14:7a:67:9c:94:be:c0:41:4e:65:
                    b7:54:7a:f8:e3:88:4c:0f:9a:42:9f:13:51:20:98:
                    3c:aa:e4:78:79:6a:04:f7:dd:5b:14:cf:bc:06:89:
                    76:dd:b8:a4:85:d7:59:8f:45:84:af:61:2b:fe:ac:
                    ef:79:7e:36:64:bd:a4:c3:63:2c:9f:e9:da:4e:65:
                    4b:4b:0c:0e:48:5d:a7:74:b7:ba:4f:8e:58:f0:31:
                    56:b0:b6:c5:ae:a5:f2:e0:f1:a1:53:7c:12:38:37:
                    9e:91:2e:06:ce:a6:c0:f4:a7:88:09:90:98:60:a0:
                    65:51:ea:4f:31:72:2c:2e:cc:8b:8f:70:64:a8:73:
                    54:86:4d:bc:eb:c6:a1:36:d9:c3:3c:c8:37:0c:f7:
                    c0:9a:c1:95:7f:cc:3b:02:a5:cf:fe:68:41:6d:94:
                    59:c5:e9:2a:41:f0:6a:d5:61:c3:77:32:c9:f3:a5:
                    72:d7:43:d2:ac:d0:c3:3f:60:6c:90:85:9a:f9:c0:
                    df:ee:e9:12:1f:8a:a6:c5:f9:d8:03:97:d1:7f:52:
                    18:e0:cf:07:4d:c9:38:c0:16:c3:a5:a5:a0:74:91:
                    6c:de:db:f1:a5:b9:ba:1b:f5:37:00:06:41:d1:bc:
                    08:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:74:E0:BF:69:4B:53:0B:9A:6A:78:26:33:95:1E:7F:1A:7B:61:BA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS138997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:9d:20:08:0a:85:53:54:54:f3:ce:3b:e4:71:a8:7e:45:9c:
         e2:e8:0a:39:42:75:a3:9a:10:79:b6:eb:c7:30:9b:51:0f:42:
         61:88:ef:c9:8a:dd:47:c9:62:c0:c3:dd:89:33:36:82:0b:8a:
         86:10:33:70:c6:14:a5:40:a3:02:99:b4:b9:73:52:2b:8f:2c:
         f0:59:92:54:cc:84:9d:c6:8a:e8:08:4a:fd:62:e3:91:77:d1:
         0e:d6:bf:48:e2:d7:e5:17:c9:e1:74:82:5e:2b:54:7f:df:f3:
         6f:29:41:ae:ba:fe:78:a8:a2:fb:65:75:fb:4e:a8:eb:28:3f:
         bb:74:d1:14:e9:28:04:da:97:7a:a6:d2:88:6c:00:32:0a:41:
         ae:63:81:89:23:05:1d:9c:ec:e7:4f:40:db:a3:04:fc:3d:67:
         ba:4d:9d:fc:b7:2d:bc:a6:b1:56:ed:c2:81:9c:27:d5:fe:e5:
         a2:c9:9c:cc:f7:71:03:a4:09:03:0b:2a:e8:34:15:0f:82:98:
         bf:fe:6c:79:ff:35:0e:ea:f9:9a:0a:cf:81:22:e6:76:ad:91:
         d1:67:3e:1f:a2:9c:44:8f:f8:d3:e6:8e:bc:7b:b7:de:fc:07:
         96:b6:d5:a5:07:9c:fe:ea:10:a4:51:cd:7f:1a:42:35:25:4f:
         1b:60:dc:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcje3fDw3caxISO36M1MHw6/lna8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjIwNTA4MDhaFw0yNTA0MjEwNTEzMDhaMDMxMTAvBgNV
BAMTKEM5NzRFMEJGNjk0QjUzMEI5QTZBNzgyNjMzOTUxRTdGMUE3QjYxQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV/2Zgb4KC/1FBMRjBBoayo9BL
FHpnnJS+wEFOZbdUevjjiEwPmkKfE1EgmDyq5Hh5agT33VsUz7wGiXbduKSF11mP
RYSvYSv+rO95fjZkvaTDYyyf6dpOZUtLDA5IXad0t7pPjljwMVawtsWupfLg8aFT
fBI4N56RLgbOpsD0p4gJkJhgoGVR6k8xciwuzIuPcGSoc1SGTbzrxqE22cM8yDcM
98CawZV/zDsCpc/+aEFtlFnF6SpB8GrVYcN3MsnzpXLXQ9Ks0MM/YGyQhZr5wN/u
6RIfiqbF+dgDl9F/UhjgzwdNyTjAFsOlpaB0kWze2/Glubob9TcABkHRvAhJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyXTgv2lLUwuaangmM5Uefxp7YbowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM4OTk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBtdde
MA0GCSqGSIb3DQEBCwUAA4IBAQBHnSAICoVTVFTzzjvkcah+RZzi6Ao5QnWjmhB5
tuvHMJtRD0JhiO/Jit1HyWLAw92JMzaCC4qGEDNwxhSlQKMCmbS5c1IrjyzwWZJU
zISdxoroCEr9YuORd9EO1r9I4tflF8nhdIJeK1R/3/NvKUGuuv54qKL7ZXX7Tqjr
KD+7dNEU6SgE2pd6ptKIbAAyCkGuY4GJIwUdnOznT0DbowT8PWe6TZ38ty28prFW
7cKBnCfV/uWiyZzM93EDpAkDCyroNBUPgpi//mx5/zUO6vmaCs+BIuZ2rZHRZz4f
opxEj/jT5o68e7fe/AeWttWlB5z+6hCkUc1/GkI1JU8bYNy1
-----END CERTIFICATE-----