Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14840.roa
File:                     AS14840.roa (raw, json)
Hash identifier:          HBAlIwvsUwd8TB/GG3lzCjuqW2r2o3ktWVL6iKmSTlU=
Subject key identifier:   17:59:A7:26:CF:09:66:6D:AA:59:99:6A:27:3B:7A:C9:43:82:65:0C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       750FEA5406F7E75AD0CB14F9875AAE4B784CE2A9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14840.roa
Signing time:             Fri 14 Feb 2025 19:24:58 +0000
ROA not before:           Fri 14 Feb 2025 19:19:58 +0000
ROA not after:            Fri 13 Feb 2026 19:24:58 +0000
asID:                     14840
IP address blocks:        181.214.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:0f:ea:54:06:f7:e7:5a:d0:cb:14:f9:87:5a:ae:4b:78:4c:e2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 14 19:19:58 2025 GMT
            Not After : Feb 13 19:24:58 2026 GMT
        Subject: CN=1759A726CF09666DAA59996A273B7AC94382650C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4e:22:a2:92:97:14:d7:d0:73:4c:62:d2:31:
                    8c:0f:0a:87:f3:28:49:8c:d8:5f:ea:75:af:60:0b:
                    61:14:81:c9:ce:8e:76:e2:12:6f:9e:98:62:4a:cc:
                    98:09:52:d2:bf:22:0d:24:31:f1:b5:c5:39:14:d8:
                    8e:3a:d1:50:70:d4:3b:78:c6:4a:ae:92:e2:e3:e3:
                    2d:23:06:d6:c8:55:69:30:29:15:b0:2f:28:e4:95:
                    ee:7b:7d:9e:84:12:99:5b:63:ce:f5:09:e4:c6:09:
                    e6:dc:a0:01:db:55:6c:21:b5:af:42:1e:1d:9b:87:
                    44:06:f0:47:ff:50:cc:7f:b6:ef:f7:22:0b:39:52:
                    a9:48:b4:e4:cc:8f:dc:54:64:a9:95:67:5a:19:4b:
                    3b:0e:0f:85:1c:74:09:a7:64:0f:8a:f6:63:4a:0d:
                    74:f8:66:3d:3b:6f:10:f8:4d:a1:1e:43:54:70:38:
                    72:2e:ff:9d:54:4d:87:b6:b1:16:0e:e1:d4:6d:d4:
                    01:93:dc:57:a9:3f:c7:4d:71:9a:1a:9c:b0:35:c0:
                    3d:b8:8f:2a:bf:bf:33:2f:aa:f4:8e:2d:20:61:27:
                    b6:b8:52:16:06:06:b5:e8:ef:61:3a:eb:4a:48:f6:
                    2e:2f:26:f1:ef:c6:f7:f0:86:4a:45:ab:db:b4:92:
                    6e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:59:A7:26:CF:09:66:6D:AA:59:99:6A:27:3B:7A:C9:43:82:65:0C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS14840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:0a:ce:ab:22:dc:31:3f:f4:f2:76:0e:fe:c7:0a:ce:0f:26:
         ac:35:fa:1b:2d:d8:7b:70:f9:4b:50:9d:b8:06:c5:95:d1:25:
         82:7b:5d:fe:ef:30:63:ab:6b:2c:a5:22:4e:36:b8:6d:a2:98:
         58:e8:20:0e:b7:d5:86:1c:12:40:18:fa:e7:25:79:41:ab:03:
         46:c1:da:9f:12:cb:c4:d9:96:67:e8:8a:47:63:00:52:3a:56:
         fa:46:b3:f4:a3:f3:f9:56:a0:02:2f:66:e3:c8:e2:7f:ab:e4:
         22:31:3a:da:43:1a:23:c3:2d:b9:ac:8d:19:0b:f9:08:81:69:
         69:19:2b:5a:aa:05:b3:c0:79:d4:77:a8:81:ff:65:2e:12:fe:
         25:4e:9a:b4:c8:49:b2:67:a9:3b:4d:aa:d9:88:f1:2d:32:bc:
         34:aa:ed:49:1e:3f:f5:06:04:ff:11:cf:4a:ce:53:cf:9c:2a:
         95:a7:a6:10:9f:71:4e:93:17:2d:4c:aa:f5:ea:7d:fb:0c:19:
         b1:66:40:5d:7c:da:13:95:99:d6:a6:47:6e:b6:24:7c:06:e9:
         4e:a8:a8:e7:91:55:64:04:82:43:8e:54:b8:e6:47:2c:bb:ab:
         09:58:a7:f8:2a:7a:ea:ae:b3:e9:fb:c8:11:e8:f1:70:b9:d0:
         03:96:22:bb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdQ/qVAb351rQyxT5h1quS3hM4qkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMTQxOTE5NThaFw0yNjAyMTMxOTI0NThaMDMxMTAvBgNV
BAMTKDE3NTlBNzI2Q0YwOTY2NkRBQTU5OTk2QTI3M0I3QUM5NDM4MjY1MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9TiKikpcU19BzTGLSMYwPCofz
KEmM2F/qda9gC2EUgcnOjnbiEm+emGJKzJgJUtK/Ig0kMfG1xTkU2I460VBw1Dt4
xkqukuLj4y0jBtbIVWkwKRWwLyjkle57fZ6EEplbY871CeTGCebcoAHbVWwhta9C
Hh2bh0QG8Ef/UMx/tu/3Igs5UqlItOTMj9xUZKmVZ1oZSzsOD4UcdAmnZA+K9mNK
DXT4Zj07bxD4TaEeQ1RwOHIu/51UTYe2sRYO4dRt1AGT3FepP8dNcZoanLA1wD24
jyq/vzMvqvSOLSBhJ7a4UhYGBrXo72E660pI9i4vJvHvxvfwhkpFq9u0km6TAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUF1mnJs8JZm2qWZlqJzt6yUOCZQwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTQ4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11jkw
DQYJKoZIhvcNAQELBQADggEBAKsKzqsi3DE/9PJ2Dv7HCs4PJqw1+hst2Htw+UtQ
nbgGxZXRJYJ7Xf7vMGOrayylIk42uG2imFjoIA631YYcEkAY+ucleUGrA0bB2p8S
y8TZlmfoikdjAFI6VvpGs/Sj8/lWoAIvZuPI4n+r5CIxOtpDGiPDLbmsjRkL+QiB
aWkZK1qqBbPAedR3qIH/ZS4S/iVOmrTISbJnqTtNqtmI8S0yvDSq7UkeP/UGBP8R
z0rOU8+cKpWnphCfcU6TFy1MqvXqffsMGbFmQF182hOVmdamR262JHwG6U6oqOeR
VWQEgkOOVLjmRyy7qwlYp/gqeuqus+n7yBHo8XC50AOWIrs=
-----END CERTIFICATE-----