Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          zMv4kirFxXSvAegj8A60KXPaUMv9ZRM3n9CuPNn4UDI=
Subject key identifier:   FB:EC:0E:32:FA:14:07:6A:FF:F7:56:AF:C5:D2:C3:90:2D:BE:D6:77
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       489F6EE2A649276AB784D9FB1E3B17B3890BE6A4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
Signing time:             Wed 31 Jan 2024 08:05:08 +0000
ROA not before:           Wed 31 Jan 2024 08:00:08 +0000
ROA not after:            Wed 29 Jan 2025 08:05:08 +0000
asID:                     141158
IP address blocks:        2.57.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:9f:6e:e2:a6:49:27:6a:b7:84:d9:fb:1e:3b:17:b3:89:0b:e6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:08 2024 GMT
            Not After : Jan 29 08:05:08 2025 GMT
        Subject: CN=FBEC0E32FA14076AFFF756AFC5D2C3902DBED677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cb:62:bd:9c:ed:e1:7b:64:ac:13:99:ed:88:
                    73:df:26:aa:4a:26:3e:f0:a7:51:1f:11:56:c5:be:
                    9d:ff:3b:0b:f5:58:96:04:ba:e1:fb:7c:31:c9:ce:
                    52:de:2e:73:3a:0a:be:de:a0:73:af:0b:30:aa:25:
                    bb:39:11:73:c8:97:ed:23:21:a0:db:26:6f:5e:49:
                    fd:2d:d9:f5:a9:a1:c1:be:6d:ad:bc:18:0b:a1:ec:
                    c8:97:d6:9f:dd:b5:b6:ee:88:15:ae:92:22:f3:36:
                    56:b5:10:ec:5d:46:d2:2f:44:7b:c5:73:2e:4f:37:
                    40:90:05:86:05:57:ed:69:9f:af:9b:95:27:a4:b7:
                    aa:14:c1:b3:14:51:9b:cc:a2:92:b6:c6:f5:a3:13:
                    7e:98:cd:24:07:dd:e5:aa:8a:44:7d:c1:cb:c0:aa:
                    e3:21:33:55:b5:60:7a:ea:03:83:f6:f7:95:5a:10:
                    66:aa:57:4d:9e:ee:c5:83:7c:a6:cd:bb:0e:28:3f:
                    22:16:c3:33:27:a2:89:9a:34:67:33:c9:f5:86:23:
                    76:0f:34:50:42:89:f8:9d:57:ed:a5:a3:00:5c:70:
                    e2:a5:63:88:ba:cc:bb:9b:ad:38:b2:46:20:5b:23:
                    63:d3:01:d4:c9:71:ba:c1:e4:a5:6d:4c:99:e9:f9:
                    f4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EC:0E:32:FA:14:07:6A:FF:F7:56:AF:C5:D2:C3:90:2D:BE:D6:77
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a7:bd:6c:50:a6:55:7e:dd:37:a1:a9:22:ca:b6:06:e3:3c:
         b4:93:bd:01:b5:64:43:41:e5:22:bc:ad:00:1e:9c:41:46:77:
         9d:cd:07:10:f6:a0:08:5e:d9:67:2a:96:44:74:79:8e:41:c3:
         76:13:5d:f2:17:10:a5:37:cc:ca:69:18:fc:76:a1:3c:2b:32:
         e3:6e:3e:10:9a:69:7b:37:31:dd:ff:c2:f7:19:97:66:aa:bb:
         67:b2:97:a0:2f:ee:d8:b6:c4:cb:f3:ec:90:5b:72:c2:d5:3b:
         2d:60:81:0b:bb:17:e4:d1:a8:11:e3:e1:0e:7c:0b:9a:5c:2e:
         dd:6e:91:b9:25:2b:28:0b:57:5a:6f:20:39:84:2a:02:dc:63:
         45:15:21:dc:a2:23:88:99:1d:79:75:29:0a:90:58:38:23:ee:
         71:d1:56:b0:6d:cd:1e:5c:61:51:a8:69:4c:4a:73:e0:9c:20:
         a0:c6:67:ed:a6:40:2d:24:6c:7a:54:10:9d:61:93:25:0f:ad:
         a8:35:7b:44:cc:7a:af:bd:51:b9:83:bb:a7:c4:f2:0e:fb:c7:
         6d:44:62:ab:4b:ad:1e:f2:34:02:a6:4a:aa:30:8f:09:87:60:
         21:68:2e:cb:49:fa:3c:fd:c1:be:8a:c7:59:e7:bd:bb:46:b8:
         8e:85:2f:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSJ9u4qZJJ2q3hNn7HjsXs4kL5qQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDhaFw0yNTAxMjkwODA1MDhaMDMxMTAvBgNV
BAMTKEZCRUMwRTMyRkExNDA3NkFGRkY3NTZBRkM1RDJDMzkwMkRCRUQ2NzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDay2K9nO3he2SsE5ntiHPfJqpK
Jj7wp1EfEVbFvp3/Owv1WJYEuuH7fDHJzlLeLnM6Cr7eoHOvCzCqJbs5EXPIl+0j
IaDbJm9eSf0t2fWpocG+ba28GAuh7MiX1p/dtbbuiBWukiLzNla1EOxdRtIvRHvF
cy5PN0CQBYYFV+1pn6+blSekt6oUwbMUUZvMopK2xvWjE36YzSQH3eWqikR9wcvA
quMhM1W1YHrqA4P295VaEGaqV02e7sWDfKbNuw4oPyIWwzMnoomaNGczyfWGI3YP
NFBCifidV+2lowBccOKlY4i6zLubrTiyRiBbI2PTAdTJcbrB5KVtTJnp+fQfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU++wOMvoUB2r/91avxdLDkC2+1ncwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB1p71sUKZVft03oakiyrYG4zy0k70BtWRDQeUi
vK0AHpxBRnedzQcQ9qAIXtlnKpZEdHmOQcN2E13yFxClN8zKaRj8dqE8KzLjbj4Q
mml7NzHd/8L3GZdmqrtnspegL+7YtsTL8+yQW3LC1TstYIELuxfk0agR4+EOfAua
XC7dbpG5JSsoC1dabyA5hCoC3GNFFSHcoiOImR15dSkKkFg4I+5x0Vawbc0eXGFR
qGlMSnPgnCCgxmftpkAtJGx6VBCdYZMlD62oNXtEzHqvvVG5g7unxPIO+8dtRGKr
S60e8jQCpkqqMI8Jh2AhaC7LSfo8/cG+isdZ5727RriOhS/T
-----END CERTIFICATE-----