Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS139660.roa
File:                     AS139660.roa (raw, json)
Hash identifier:          WKRIGwZbQQx3MUfv1Uf5KvDXiP343ViN/kYBpXeV0p4=
Subject key identifier:   24:D3:D0:96:3C:FA:80:2A:E9:AA:67:69:E5:80:C6:C9:45:78:D8:EE
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5C1F95AD17D3EDCA21FED0D84E9DD8E4575909EE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS139660.roa
Signing time:             Thu 09 May 2024 15:05:28 +0000
ROA not before:           Thu 09 May 2024 15:00:28 +0000
ROA not after:            Thu 08 May 2025 15:05:28 +0000
asID:                     139660
IP address blocks:        191.101.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:1f:95:ad:17:d3:ed:ca:21:fe:d0:d8:4e:9d:d8:e4:57:59:09:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  9 15:00:28 2024 GMT
            Not After : May  8 15:05:28 2025 GMT
        Subject: CN=24D3D0963CFA802AE9AA6769E580C6C94578D8EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cf:c4:d6:28:df:a3:6f:19:15:da:2f:04:29:
                    cc:da:55:c7:31:4d:39:1b:3c:36:1b:70:2b:74:de:
                    e8:96:bf:21:7d:4e:d1:81:42:4c:99:df:f8:62:ae:
                    85:0e:99:84:d3:c6:07:50:6c:db:86:b9:f8:8a:9b:
                    80:d6:88:79:42:e0:07:f7:33:23:22:22:a6:5a:c8:
                    0f:68:1d:7c:57:b0:52:f4:51:4b:2d:57:7b:75:85:
                    6a:15:16:36:c7:d1:8f:07:3e:27:e3:e0:d3:f1:75:
                    de:41:ee:e0:74:5b:a8:f8:05:87:e1:4d:9e:8b:60:
                    52:ec:e4:43:6f:63:b0:97:02:57:a6:98:95:20:e8:
                    1e:44:a7:8e:8e:62:27:73:87:c9:35:73:6d:01:c9:
                    bc:4c:9a:2a:2f:15:09:3a:00:bd:80:a6:50:a4:70:
                    2d:68:37:1d:0b:9e:05:6d:4d:a6:e9:b2:89:c1:d4:
                    e8:0b:d3:c7:96:2a:c9:69:85:5f:13:b4:18:c2:8a:
                    24:0d:78:00:48:da:2c:c3:41:68:e4:cf:20:b8:dd:
                    65:8f:de:1d:34:7f:92:c0:d5:3f:0c:35:bb:7b:75:
                    92:f0:22:f5:b1:33:24:10:dc:97:d5:a7:d7:d0:5d:
                    f7:3c:4b:cd:e4:41:e8:7e:d1:60:71:05:38:2e:8a:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D3:D0:96:3C:FA:80:2A:E9:AA:67:69:E5:80:C6:C9:45:78:D8:EE
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS139660.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f9:03:d1:1a:d5:0e:20:32:bd:3a:3a:f2:36:f0:98:97:dc:
         6c:d7:d0:67:cc:d4:ed:b4:ea:b2:a2:25:ad:5f:16:be:d8:54:
         68:c0:1d:df:e0:ca:5c:25:15:8e:43:b3:08:22:ec:73:03:87:
         ee:29:16:9c:a4:a6:d5:61:86:25:3b:b0:0f:fd:ba:78:eb:36:
         99:82:9f:3e:6a:c5:1d:ef:e1:b3:7a:fc:2f:a4:a2:0d:f3:7b:
         6e:be:b7:82:3c:19:95:2a:97:bd:97:59:60:58:31:ab:0d:fb:
         f1:aa:96:5e:4d:56:95:e6:33:99:8c:0c:0d:aa:cd:c0:c5:38:
         51:bb:08:23:e6:2d:de:24:bb:15:78:32:1f:95:fd:20:7c:f9:
         b4:48:93:66:7f:5d:09:ee:5c:1c:d3:cb:e1:eb:a3:0b:2e:9c:
         3e:e6:69:09:61:94:af:51:cc:18:12:9c:8c:41:70:dc:60:24:
         dc:19:e8:ac:0a:50:b1:e8:9d:42:7e:a9:ca:5b:59:42:59:29:
         4e:e4:ce:13:d8:73:49:f6:1a:f5:27:bc:c6:d1:51:b9:85:e0:
         ae:18:0e:60:02:99:9a:9e:6d:99:db:b6:15:ca:c3:ca:93:df:
         25:4e:e8:c3:4b:4c:e7:9a:0a:db:05:08:16:7b:39:82:0f:51:
         ed:b0:0d:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXB+VrRfT7coh/tDYTp3Y5FdZCe4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDkxNTAwMjhaFw0yNTA1MDgxNTA1MjhaMDMxMTAvBgNV
BAMTKDI0RDNEMDk2M0NGQTgwMkFFOUFBNjc2OUU1ODBDNkM5NDU3OEQ4RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsz8TWKN+jbxkV2i8EKczaVccx
TTkbPDYbcCt03uiWvyF9TtGBQkyZ3/hiroUOmYTTxgdQbNuGufiKm4DWiHlC4Af3
MyMiIqZayA9oHXxXsFL0UUstV3t1hWoVFjbH0Y8HPifj4NPxdd5B7uB0W6j4BYfh
TZ6LYFLs5ENvY7CXAlemmJUg6B5Ep46OYidzh8k1c20BybxMmiovFQk6AL2AplCk
cC1oNx0LngVtTabpsonB1OgL08eWKslphV8TtBjCiiQNeABI2izDQWjkzyC43WWP
3h00f5LA1T8MNbt7dZLwIvWxMyQQ3JfVp9fQXfc8S83kQeh+0WBxBTguik2/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJNPQljz6gCrpqmdp5YDGyUV42O4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM5NjYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2W2
MA0GCSqGSIb3DQEBCwUAA4IBAQA4+QPRGtUOIDK9OjryNvCYl9xs19BnzNTttOqy
oiWtXxa+2FRowB3f4MpcJRWOQ7MIIuxzA4fuKRacpKbVYYYlO7AP/bp46zaZgp8+
asUd7+GzevwvpKIN83tuvreCPBmVKpe9l1lgWDGrDfvxqpZeTVaV5jOZjAwNqs3A
xThRuwgj5i3eJLsVeDIflf0gfPm0SJNmf10J7lwc08vh66MLLpw+5mkJYZSvUcwY
EpyMQXDcYCTcGeisClCx6J1CfqnKW1lCWSlO5M4T2HNJ9hr1J7zG0VG5heCuGA5g
Apmanm2Z27YVysPKk98lTujDS0znmgrbBQgWezmCD1HtsA1y
-----END CERTIFICATE-----