Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150249.roa
File:                     AS150249.roa (raw, json)
Hash identifier:          BH7x3StHHBSHmKa9zEQ8Z9ADeEvVN4dzUbwgoAvlkJ8=
Subject key identifier:   5C:8A:3B:6F:7F:8E:22:DA:0B:14:BD:46:00:3F:CE:3C:CA:C3:77:15
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       53EC7E6BBFEA67CC0E15D223C46641645527CF79
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150249.roa
Signing time:             Fri 19 Apr 2024 08:39:42 +0000
ROA not before:           Fri 19 Apr 2024 08:34:42 +0000
ROA not after:            Fri 18 Apr 2025 08:39:42 +0000
asID:                     150249
IP address blocks:        191.101.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ec:7e:6b:bf:ea:67:cc:0e:15:d2:23:c4:66:41:64:55:27:cf:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 19 08:34:42 2024 GMT
            Not After : Apr 18 08:39:42 2025 GMT
        Subject: CN=5C8A3B6F7F8E22DA0B14BD46003FCE3CCAC37715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:53:fd:2c:75:10:33:d6:98:b0:5c:1d:dc:7e:
                    c5:8f:59:df:32:7c:20:2a:ef:66:c9:fa:85:62:e7:
                    63:cc:cb:f8:5c:14:04:ba:d7:91:78:be:3c:49:34:
                    2b:80:9c:c5:d5:ea:05:b5:aa:c7:ed:df:31:d1:d4:
                    3e:fb:ac:64:ba:b1:28:3d:ac:cd:9e:4f:d7:c2:4a:
                    ad:4a:44:cc:1d:0d:0f:37:60:c2:18:1b:1a:2c:27:
                    9f:20:21:62:da:cd:df:d3:41:e6:90:fa:05:b6:42:
                    4c:57:59:da:1a:a9:db:d8:4d:ef:45:90:18:a0:8b:
                    ab:45:a1:d7:d3:cb:1a:02:88:d8:62:5a:30:6e:66:
                    47:6c:07:64:15:ef:3d:cd:6e:37:99:83:b8:68:d1:
                    a9:08:c0:78:3c:13:24:82:ec:56:78:55:5b:a2:69:
                    54:03:37:f1:46:76:d4:99:16:71:71:20:72:60:34:
                    5d:92:4a:92:a6:5b:32:26:b8:c7:64:59:cc:b3:70:
                    c4:f1:d0:16:7b:ef:3a:64:19:5e:5d:4e:dd:e8:90:
                    aa:36:a6:83:f1:58:48:ee:b7:06:16:ff:31:26:0d:
                    95:62:38:4b:cb:0b:92:13:08:ac:d5:a7:3c:5f:6b:
                    12:7b:e1:55:76:4f:76:61:7c:3d:d7:39:62:d5:bd:
                    37:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8A:3B:6F:7F:8E:22:DA:0B:14:BD:46:00:3F:CE:3C:CA:C3:77:15
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS150249.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ae:45:69:0c:e4:ad:5d:45:6e:6a:0b:68:bf:63:76:b7:e9:
         a9:76:34:ef:5f:92:e3:b0:01:ba:ec:05:f7:e1:0f:fb:18:da:
         17:8c:23:8b:43:ce:80:2a:72:71:e7:0d:3f:8a:d2:94:8d:b2:
         cb:ec:76:91:f5:87:49:77:9e:06:d2:f4:14:95:bd:11:db:26:
         09:39:56:bb:42:8d:ce:7e:3b:ac:60:d9:6f:bf:f4:c2:64:48:
         2d:e0:57:db:1d:a2:b0:ff:c3:4b:7c:6f:c4:0c:c0:f6:49:f0:
         52:6b:25:c5:9b:dc:f3:c8:43:36:66:cb:d3:0c:47:91:8a:c0:
         31:4b:b8:1a:8d:4f:9a:0f:c9:e1:1c:1f:59:59:ee:e5:a2:7d:
         b0:b8:52:c0:17:9d:c6:b6:4f:42:dd:4a:68:f4:18:c3:17:2c:
         89:5a:5d:a5:4d:c0:b5:b1:b8:9c:16:0b:70:74:95:6c:93:29:
         46:04:bf:1a:a4:28:30:26:ad:9f:2f:6d:87:6c:d4:81:59:69:
         fb:27:d6:b8:91:ff:fa:91:5f:07:cb:56:e1:bd:47:0a:e4:5d:
         93:a3:38:4a:55:12:7b:85:df:1f:4f:52:b0:a1:31:68:84:87:
         d7:67:ad:93:46:1f:9c:9b:ec:e2:b3:03:b5:a1:ba:e3:29:98:
         1a:5b:0d:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU+x+a7/qZ8wOFdIjxGZBZFUnz3kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTkwODM0NDJaFw0yNTA0MTgwODM5NDJaMDMxMTAvBgNV
BAMTKDVDOEEzQjZGN0Y4RTIyREEwQjE0QkQ0NjAwM0ZDRTNDQ0FDMzc3MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1U/0sdRAz1piwXB3cfsWPWd8y
fCAq72bJ+oVi52PMy/hcFAS615F4vjxJNCuAnMXV6gW1qsft3zHR1D77rGS6sSg9
rM2eT9fCSq1KRMwdDQ83YMIYGxosJ58gIWLazd/TQeaQ+gW2QkxXWdoaqdvYTe9F
kBigi6tFodfTyxoCiNhiWjBuZkdsB2QV7z3NbjeZg7ho0akIwHg8EySC7FZ4VVui
aVQDN/FGdtSZFnFxIHJgNF2SSpKmWzImuMdkWcyzcMTx0BZ77zpkGV5dTt3okKo2
poPxWEjutwYW/zEmDZViOEvLC5ITCKzVpzxfaxJ74VV2T3ZhfD3XOWLVvTejAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXIo7b3+OItoLFL1GAD/OPMrDdxUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUwMjQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2UZ
MA0GCSqGSIb3DQEBCwUAA4IBAQCJrkVpDOStXUVuagtov2N2t+mpdjTvX5LjsAG6
7AX34Q/7GNoXjCOLQ86AKnJx5w0/itKUjbLL7HaR9YdJd54G0vQUlb0R2yYJOVa7
Qo3OfjusYNlvv/TCZEgt4FfbHaKw/8NLfG/EDMD2SfBSayXFm9zzyEM2ZsvTDEeR
isAxS7gajU+aD8nhHB9ZWe7lon2wuFLAF53Gtk9C3Upo9BjDFyyJWl2lTcC1sbic
FgtwdJVskylGBL8apCgwJq2fL22HbNSBWWn7J9a4kf/6kV8Hy1bhvUcK5F2TozhK
VRJ7hd8fT1KwoTFohIfXZ62TRh+cm+ziswO1obrjKZgaWw0r
-----END CERTIFICATE-----