Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa
File:                     AS140641.roa (raw, json)
Hash identifier:          Zkb4S8TCJAreNTMCBwkHr6w7GxZFbkSzDM0tSUV0ptw=
Subject key identifier:   45:75:BE:F0:DB:3F:7B:60:CA:E1:AA:86:98:8F:34:83:D9:D1:D5:15
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       571FD7623721FBC351A981CF625BD4B4AC198D7B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa
Signing time:             Mon 26 Jun 2023 06:44:18 +0000
ROA not before:           Mon 26 Jun 2023 06:39:18 +0000
ROA not after:            Mon 24 Jun 2024 06:44:18 +0000
asID:                     140641
IP address blocks:        181.214.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:1f:d7:62:37:21:fb:c3:51:a9:81:cf:62:5b:d4:b4:ac:19:8d:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 26 06:39:18 2023 GMT
            Not After : Jun 24 06:44:18 2024 GMT
        Subject: CN=4575BEF0DB3F7B60CAE1AA86988F3483D9D1D515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ea:8d:b9:6f:72:c7:a3:31:77:e6:6e:e1:79:
                    ac:b6:91:27:ca:2f:1f:48:3e:c7:8c:6f:2b:c3:09:
                    a7:b4:3a:71:96:cd:ef:a5:37:72:4e:2a:d3:a5:5a:
                    da:6e:cf:23:e5:8c:31:11:c1:36:9d:e6:90:86:c4:
                    7e:1e:5c:3c:07:fd:16:a9:88:4d:81:05:2d:2e:7e:
                    16:a3:b8:5a:a8:89:fe:2a:e1:ac:4b:f7:f0:3f:fb:
                    d1:b3:8a:ca:43:9a:f3:98:8d:a3:f4:a3:bd:fe:08:
                    5a:7a:2f:ac:bf:f4:4f:bb:46:f3:39:29:27:b2:1e:
                    26:57:5f:b5:0c:66:4f:d7:36:2d:3f:78:d8:14:b0:
                    d1:c7:3a:3f:76:8c:df:5c:aa:89:de:09:b0:c7:fa:
                    54:25:4e:3b:7c:1a:18:0e:9c:f8:4d:43:23:c0:d7:
                    8b:11:4b:40:5c:39:68:3f:e4:5d:7d:b8:47:80:bd:
                    fb:1f:5b:87:5f:1c:2d:a2:fc:e4:46:86:eb:df:f1:
                    56:8f:38:2a:eb:09:88:42:9f:70:d1:3d:d5:35:fc:
                    d1:3d:83:27:86:9f:2e:88:69:da:4b:a4:1b:c0:3f:
                    79:2a:28:dc:e1:d7:b6:d2:ce:4f:21:50:6f:59:57:
                    3c:7f:33:06:2d:b3:d2:8d:92:32:b4:90:e7:6a:fc:
                    2d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:75:BE:F0:DB:3F:7B:60:CA:E1:AA:86:98:8F:34:83:D9:D1:D5:15
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS140641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:bc:ef:07:66:40:8a:6c:53:ff:a0:3d:5f:0f:5f:80:b3:7d:
         43:b9:39:d0:10:cd:2a:bc:44:af:81:33:81:c3:22:58:8e:c0:
         e7:3d:83:97:b4:e0:e9:4e:02:3b:78:24:ee:dc:a4:43:f3:74:
         37:44:9c:db:5f:53:bd:62:52:6d:80:5d:8c:9f:97:44:41:58:
         25:59:ea:27:da:74:7b:a2:54:bd:b1:26:0f:c4:56:79:86:46:
         a1:be:91:e2:91:31:d9:52:0a:57:d0:71:d5:30:e2:36:89:a7:
         c9:b5:10:30:4c:09:df:44:1f:c6:75:14:8d:e4:35:0c:68:a3:
         c5:9f:7f:d6:ed:c5:ff:e3:1a:3e:e5:fc:ff:7f:d4:81:6a:b9:
         81:fb:c5:08:41:6d:26:a7:18:5f:57:49:7f:5b:37:2f:df:81:
         43:10:ae:98:71:33:66:9b:9d:8e:32:33:81:eb:48:18:64:8e:
         79:e4:7b:98:06:4b:08:05:82:0d:22:69:39:b9:34:7b:a4:c1:
         f4:b1:ff:36:53:19:54:08:44:b1:5d:27:88:08:e1:03:e6:02:
         de:d5:f8:d8:e9:6d:fc:61:36:f2:1a:9c:83:ee:b0:36:82:b6:
         f3:02:89:51:a7:67:f5:32:79:a3:ee:e4:55:4d:9f:54:8c:6d:
         43:3d:bc:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVx/XYjch+8NRqYHPYlvUtKwZjXswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjYwNjM5MThaFw0yNDA2MjQwNjQ0MThaMDMxMTAvBgNV
BAMTKDQ1NzVCRUYwREIzRjdCNjBDQUUxQUE4Njk4OEYzNDgzRDlEMUQ1MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj6o25b3LHozF35m7heay2kSfK
Lx9IPseMbyvDCae0OnGWze+lN3JOKtOlWtpuzyPljDERwTad5pCGxH4eXDwH/Rap
iE2BBS0ufhajuFqoif4q4axL9/A/+9GzispDmvOYjaP0o73+CFp6L6y/9E+7RvM5
KSeyHiZXX7UMZk/XNi0/eNgUsNHHOj92jN9cqoneCbDH+lQlTjt8GhgOnPhNQyPA
14sRS0BcOWg/5F19uEeAvfsfW4dfHC2i/ORGhuvf8VaPOCrrCYhCn3DRPdU1/NE9
gyeGny6IadpLpBvAP3kqKNzh17bSzk8hUG9ZVzx/MwYts9KNkjK0kOdq/C37AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQURXW+8Ns/e2DK4aqGmI80g9nR1RUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQwNjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYK
MA0GCSqGSIb3DQEBCwUAA4IBAQADvO8HZkCKbFP/oD1fD1+As31DuTnQEM0qvESv
gTOBwyJYjsDnPYOXtODpTgI7eCTu3KRD83Q3RJzbX1O9YlJtgF2Mn5dEQVglWeon
2nR7olS9sSYPxFZ5hkahvpHikTHZUgpX0HHVMOI2iafJtRAwTAnfRB/GdRSN5DUM
aKPFn3/W7cX/4xo+5fz/f9SBarmB+8UIQW0mpxhfV0l/Wzcv34FDEK6YcTNmm52O
MjOB60gYZI555HuYBksIBYINImk5uTR7pMH0sf82UxlUCESxXSeICOED5gLe1fjY
6W38YTbyGpyD7rA2grbzAolRp2f1Mnmj7uRVTZ9UjG1DPbw4
-----END CERTIFICATE-----