Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
File:                     AS141158.roa (raw, json)
Hash identifier:          IGaWOZF3b3fUTsHkOy4lFs4Sz/6KKRX9DhEE6gGHH5Y=
Subject key identifier:   28:4E:8C:28:37:45:FC:37:E1:75:E4:58:F7:F2:BB:7C:D1:E9:38:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7AD37A39656CF6D57DE28157030103B9B7AB737F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     141158
IP address blocks:        2.57.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d3:7a:39:65:6c:f6:d5:7d:e2:81:57:03:01:03:b9:b7:ab:73:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=284E8C283745FC37E175E458F7F2BB7CD1E9382F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cd:64:74:c4:c2:2a:23:ac:96:d2:e6:f4:fb:
                    0a:f4:cf:a0:13:13:42:4c:27:23:2d:eb:30:32:25:
                    49:29:c3:2f:bc:90:30:ab:62:ae:d0:56:8b:0f:28:
                    5e:31:a5:5e:80:36:a3:ef:9e:20:b1:cc:2b:51:fc:
                    09:78:d0:79:16:c9:a0:a4:16:d0:54:4c:f4:e9:7f:
                    d9:d2:e9:7c:24:80:0a:ff:3d:30:30:c1:43:27:cd:
                    85:8b:5e:52:d0:92:ec:d9:c7:a1:ae:ea:89:40:f2:
                    f8:57:34:1c:f7:61:fe:88:d7:f6:0c:cb:a4:8a:ff:
                    00:d3:06:80:b8:bd:5a:95:f5:a4:b9:f8:f7:1e:3a:
                    be:a7:4f:1d:e5:09:d9:50:76:9a:03:dc:1e:00:6e:
                    b8:7c:63:8d:a2:72:33:f9:b2:88:93:c2:d2:9e:48:
                    7c:d3:44:14:a0:a3:4f:ec:63:7e:5b:e8:20:a9:6c:
                    43:93:23:b2:8d:d3:97:74:2d:ec:06:3e:b2:5d:93:
                    70:f8:19:6a:f9:e7:d8:0f:8a:01:df:ba:f9:63:d6:
                    9e:23:d9:6e:db:30:34:d8:ee:e7:38:2f:19:c0:6d:
                    66:0e:4a:bf:12:2f:9e:ce:8e:e4:38:0a:7d:51:ad:
                    fd:d1:c0:07:34:fe:1b:02:97:8d:98:3d:32:70:ff:
                    df:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4E:8C:28:37:45:FC:37:E1:75:E4:58:F7:F2:BB:7C:D1:E9:38:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS141158.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:86:34:37:6d:a6:7c:44:05:36:4e:a3:79:6b:c6:86:33:99:
         ea:bf:08:d4:c0:d1:f8:a7:d6:0b:ea:75:69:e0:a8:d7:b3:51:
         06:64:55:29:e0:c4:5b:2d:24:a7:f8:25:bd:c0:1b:f9:f4:1f:
         c4:e5:c6:a9:c2:84:0e:07:37:3f:75:b2:0b:bc:05:40:3d:11:
         e3:f0:7a:bb:ec:4d:88:80:5d:5b:01:d4:54:94:3c:4b:88:c5:
         9e:83:5f:35:48:67:dd:8e:d8:ee:57:59:70:8c:70:d4:8a:f1:
         04:d4:a8:c5:3d:d4:6c:41:b3:93:fe:b4:3e:67:ea:57:ec:5b:
         48:fa:2e:2c:f0:e8:6e:06:8a:e6:24:00:72:d8:49:4d:d5:b4:
         e1:ff:57:19:81:e3:c7:e5:b7:c3:35:ee:08:54:b1:37:8a:22:
         69:94:35:f0:8d:16:c9:ed:1a:a7:98:9a:b7:77:70:2c:95:44:
         b7:ff:70:03:00:dc:3d:a8:3c:18:29:61:dc:38:07:8e:53:47:
         7f:b1:21:ed:dc:16:a5:f7:2f:6f:11:0d:9c:67:95:9f:ac:7f:
         47:86:50:d1:57:e3:74:fe:10:cb:77:fe:2d:23:d8:e9:7f:bb:
         b3:31:94:4c:e8:0c:cd:97:07:27:ab:e5:0d:64:bc:e3:84:df:
         e6:07:5f:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUetN6OWVs9tV94oFXAwEDuberc38wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKDI4NEU4QzI4Mzc0NUZDMzdFMTc1RTQ1OEY3RjJCQjdDRDFFOTM4MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJzWR0xMIqI6yW0ub0+wr0z6AT
E0JMJyMt6zAyJUkpwy+8kDCrYq7QVosPKF4xpV6ANqPvniCxzCtR/Al40HkWyaCk
FtBUTPTpf9nS6XwkgAr/PTAwwUMnzYWLXlLQkuzZx6Gu6olA8vhXNBz3Yf6I1/YM
y6SK/wDTBoC4vVqV9aS5+PceOr6nTx3lCdlQdpoD3B4Abrh8Y42icjP5soiTwtKe
SHzTRBSgo0/sY35b6CCpbEOTI7KN05d0LewGPrJdk3D4GWr559gPigHfuvlj1p4j
2W7bMDTY7uc4LxnAbWYOSr8SL57OjuQ4Cn1Rrf3RwAc0/hsCl42YPTJw/9/lAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKE6MKDdF/DfhdeRY9/K7fNHpOC8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQxMTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAQhjQ3baZ8RAU2TqN5a8aGM5nqvwjUwNH4p9YL
6nVp4KjXs1EGZFUp4MRbLSSn+CW9wBv59B/E5capwoQOBzc/dbILvAVAPRHj8Hq7
7E2IgF1bAdRUlDxLiMWeg181SGfdjtjuV1lwjHDUivEE1KjFPdRsQbOT/rQ+Z+pX
7FtI+i4s8OhuBormJABy2ElN1bTh/1cZgePH5bfDNe4IVLE3iiJplDXwjRbJ7Rqn
mJq3d3AslUS3/3ADANw9qDwYKWHcOAeOU0d/sSHt3Bal9y9vEQ2cZ5WfrH9HhlDR
V+N0/hDLd/4tI9jpf7uzMZRM6AzNlwcnq+UNZLzjhN/mB1+l
-----END CERTIFICATE-----