Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142111.roa
File:                     AS142111.roa (raw, json)
Hash identifier:          +VcX5cOqj0PmojaRoz/ivPfMqSnc208IXWWJjZPPszs=
Subject key identifier:   6E:9C:C7:04:7A:E8:8B:46:11:B2:3E:C0:18:C5:CD:D2:21:C6:4B:75
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7325FDA881BC90E6405FED96481966344146E034
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142111.roa
Signing time:             Mon 30 Jun 2025 21:08:24 +0000
ROA not before:           Mon 30 Jun 2025 21:03:24 +0000
ROA not after:            Mon 29 Jun 2026 21:08:24 +0000
asID:                     142111
IP address blocks:        191.96.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:25:fd:a8:81:bc:90:e6:40:5f:ed:96:48:19:66:34:41:46:e0:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 30 21:03:24 2025 GMT
            Not After : Jun 29 21:08:24 2026 GMT
        Subject: CN=6E9CC7047AE88B4611B23EC018C5CDD221C64B75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:09:34:a7:2f:be:96:a0:e6:e7:00:01:13:0b:
                    ce:b5:09:91:0c:90:30:b2:bf:7c:bf:2d:9e:31:46:
                    5b:43:fb:ae:a7:c8:47:47:4b:ae:fd:48:14:78:fb:
                    6a:b7:16:ac:b1:aa:ca:71:e8:06:93:f4:90:f8:1b:
                    47:2e:60:83:a7:80:cf:0c:44:c1:42:d5:87:30:31:
                    9b:b7:ee:25:c0:04:09:95:a3:42:bf:ad:7e:57:81:
                    d2:0a:83:32:85:29:7a:2b:92:3e:9d:e6:21:90:fd:
                    3e:56:58:a1:e3:40:97:68:90:1e:ef:fe:9c:19:7e:
                    15:4d:e6:22:a0:b4:d3:5d:e3:f4:ef:e9:2f:43:e7:
                    0b:7e:74:0d:b6:f9:0a:79:0c:9c:cb:87:c8:ef:8e:
                    b6:47:cc:c3:20:6c:87:3c:c4:8d:19:fd:3e:16:be:
                    00:ca:9d:99:9e:d6:03:e0:d7:da:44:f6:23:31:82:
                    35:90:b8:37:25:28:36:bf:1d:6f:fa:21:7b:1d:99:
                    8c:ba:f2:cf:af:20:95:f7:4f:d0:b0:88:38:bd:52:
                    20:4e:b8:3d:a0:dc:47:9f:8f:cc:24:c1:c7:da:80:
                    c6:51:62:60:e7:90:1d:a3:96:7e:62:bd:ff:87:35:
                    9f:08:a8:23:da:f3:50:44:7b:f4:42:9c:a4:16:4c:
                    9e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9C:C7:04:7A:E8:8B:46:11:B2:3E:C0:18:C5:CD:D2:21:C6:4B:75
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS142111.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:31:a3:0b:81:91:ea:8c:b2:8f:44:ca:17:da:b8:20:f1:3f:
         d5:53:83:9f:41:c8:f5:68:f9:4c:1d:e6:64:b2:ac:75:1f:68:
         40:b5:32:2c:d0:73:3b:38:a5:0f:8f:01:a2:2b:57:13:26:cf:
         83:ff:b1:08:3d:c3:b2:eb:0c:85:88:6a:14:c8:b6:31:e8:d3:
         31:5c:bd:e7:91:d3:01:fe:4b:35:ed:cd:22:b4:88:d7:64:1e:
         90:e6:34:28:2e:80:47:c6:e5:6d:88:39:c7:8a:00:ca:1b:d8:
         55:72:fc:65:5d:33:04:46:3e:da:b1:53:e3:ac:1e:6b:35:74:
         c7:bb:94:41:8d:4d:73:36:c4:ba:84:10:1a:aa:d3:72:41:78:
         7f:9a:40:71:cc:2a:8c:49:6a:c5:51:34:00:5e:2e:80:62:e8:
         90:ba:f2:e1:1d:af:53:ca:c5:a2:52:57:45:19:d1:60:31:4f:
         8a:77:1c:e6:61:74:ed:2e:60:06:b6:f3:35:0b:57:6f:ed:10:
         df:82:81:3e:fb:c0:f0:c5:5f:ec:d8:da:61:b6:e4:1f:1a:9b:
         13:95:04:df:ad:f9:10:e7:9b:72:53:75:8d:a2:91:67:e4:a9:
         94:78:29:64:e0:0c:5e:c3:6a:71:cb:8b:f0:b7:75:2b:1f:7d:
         4d:e8:a7:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUcyX9qIG8kOZAX+2WSBlmNEFG4DQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MzAyMTAzMjRaFw0yNjA2MjkyMTA4MjRaMDMxMTAvBgNV
BAMTKDZFOUNDNzA0N0FFODhCNDYxMUIyM0VDMDE4QzVDREQyMjFDNjRCNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXCTSnL76WoObnAAETC861CZEM
kDCyv3y/LZ4xRltD+66nyEdHS679SBR4+2q3Fqyxqspx6AaT9JD4G0cuYIOngM8M
RMFC1YcwMZu37iXABAmVo0K/rX5XgdIKgzKFKXorkj6d5iGQ/T5WWKHjQJdokB7v
/pwZfhVN5iKgtNNd4/Tv6S9D5wt+dA22+Qp5DJzLh8jvjrZHzMMgbIc8xI0Z/T4W
vgDKnZme1gPg19pE9iMxgjWQuDclKDa/HW/6IXsdmYy68s+vIJX3T9CwiDi9UiBO
uD2g3Eefj8wkwcfagMZRYmDnkB2jln5ivf+HNZ8IqCPa81BEe/RCnKQWTJ4HAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUbpzHBHroi0YRsj7AGMXN0iHGS3UwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQyMTExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2CS
MA0GCSqGSIb3DQEBCwUAA4IBAQBpMaMLgZHqjLKPRMoX2rgg8T/VU4OfQcj1aPlM
HeZksqx1H2hAtTIs0HM7OKUPjwGiK1cTJs+D/7EIPcOy6wyFiGoUyLYx6NMxXL3n
kdMB/ks17c0itIjXZB6Q5jQoLoBHxuVtiDnHigDKG9hVcvxlXTMERj7asVPjrB5r
NXTHu5RBjU1zNsS6hBAaqtNyQXh/mkBxzCqMSWrFUTQAXi6AYuiQuvLhHa9TysWi
UldFGdFgMU+KdxzmYXTtLmAGtvM1C1dv7RDfgoE++8DwxV/s2NphtuQfGpsTlQTf
rfkQ55tyU3WNopFn5KmUeClk4Axew2pxy4vwt3UrH31N6KcB
-----END CERTIFICATE-----