Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152368.roa
File:                     AS152368.roa (raw, json)
Hash identifier:          wTCiTIgwy+g/UYc67wK7scMJoI9/5bLdHb+fzIfZgNo=
Subject key identifier:   5E:99:F0:4F:00:75:65:CB:37:14:1C:BD:A9:6F:2E:7D:52:80:9F:65
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       79B85850B1B7E5FBF4BF76F609BA183738C54C52
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152368.roa
Signing time:             Sat 22 Feb 2025 10:08:49 +0000
ROA not before:           Sat 22 Feb 2025 10:03:49 +0000
ROA not after:            Sat 21 Feb 2026 10:08:49 +0000
asID:                     152368
IP address blocks:        179.61.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:b8:58:50:b1:b7:e5:fb:f4:bf:76:f6:09:ba:18:37:38:c5:4c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 22 10:03:49 2025 GMT
            Not After : Feb 21 10:08:49 2026 GMT
        Subject: CN=5E99F04F007565CB37141CBDA96F2E7D52809F65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:3b:58:94:47:f9:a2:34:1b:f8:d1:7b:a0:
                    d3:ee:7c:46:56:07:45:6c:04:3b:38:42:69:f6:46:
                    47:a9:28:a5:f0:05:13:c6:08:35:76:8a:4e:b9:a8:
                    7f:43:86:79:c7:cb:b9:87:33:e0:18:46:ed:04:7e:
                    01:b6:87:c9:96:09:c9:72:90:4e:24:e3:d3:ea:df:
                    e7:54:ab:a0:47:48:84:d5:4a:b8:43:9b:97:0b:20:
                    54:d7:2e:f1:8b:b8:40:d5:0d:91:fb:07:90:68:58:
                    e2:8b:b7:2d:c5:a7:24:2c:2a:5a:de:78:5a:78:be:
                    78:ec:a7:b9:4b:83:dd:19:eb:a2:b4:ab:6d:87:54:
                    ae:09:b4:03:f4:03:0c:c8:ec:82:90:b7:d3:52:74:
                    17:61:db:fc:dc:d9:2e:23:8e:30:9d:ac:15:01:c8:
                    a0:f3:7d:bb:44:b6:c5:5e:2a:5e:95:d7:b0:95:fb:
                    6e:e5:65:d0:59:55:d6:ed:cf:ab:6b:09:09:18:da:
                    38:e8:70:57:5c:68:0a:0a:e2:12:79:d5:2f:93:f3:
                    16:54:b9:1a:8f:29:74:78:ed:b2:99:05:b6:8a:39:
                    cf:02:bc:69:9b:47:10:9a:91:0e:9d:9c:77:b2:8a:
                    ff:2f:d7:fd:ef:6a:c1:72:74:d5:b1:40:2e:30:c8:
                    00:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:99:F0:4F:00:75:65:CB:37:14:1C:BD:A9:6F:2E:7D:52:80:9F:65
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS152368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6f:93:fb:95:a3:0e:b0:40:dc:0d:91:65:09:71:a2:de:74:
         5a:65:3b:84:b5:c3:5b:3f:3b:2f:17:99:64:0a:c2:e0:45:ea:
         3d:bd:5c:03:14:ec:26:40:45:81:ab:16:ae:6e:26:a9:bb:c3:
         f2:40:8a:c4:15:b0:dc:34:61:7b:3e:02:6c:aa:20:01:de:67:
         04:ec:57:61:34:2a:73:0d:f6:f0:6f:a7:06:e9:14:7b:bf:13:
         08:79:cd:52:dc:e3:ff:7e:cd:e2:4b:80:bb:e6:0f:55:7a:c5:
         03:31:7c:31:90:87:a8:87:8b:39:36:a5:49:8e:98:3e:8a:82:
         ea:a1:52:00:24:91:a3:30:ec:74:84:b5:62:06:52:25:4b:48:
         3b:1d:ae:44:74:d3:e7:55:2c:33:d2:e6:02:13:0e:ac:d4:19:
         a8:a2:f3:4b:ce:c7:bb:6b:14:c3:36:c6:d1:25:9a:c4:86:2f:
         05:16:6c:2d:83:3c:d3:e1:3f:35:74:78:8d:23:6c:d3:ab:4c:
         42:6b:a3:25:96:cf:1d:a2:ed:46:ae:37:66:b3:aa:ed:51:44:
         fb:00:ca:e7:4f:61:77:31:fe:bd:b6:1d:1f:c7:63:29:6e:4f:
         dd:a6:ba:33:b4:2f:c0:a8:46:a0:8b:9a:d8:1b:e0:0f:bb:42:
         00:a8:fb:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUebhYULG35fv0v3b2CboYNzjFTFIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMjIxMDAzNDlaFw0yNjAyMjExMDA4NDlaMDMxMTAvBgNV
BAMTKDVFOTlGMDRGMDA3NTY1Q0IzNzE0MUNCREE5NkYyRTdENTI4MDlGNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkMDtYlEf5ojQb+NF7oNPufEZW
B0VsBDs4Qmn2RkepKKXwBRPGCDV2ik65qH9DhnnHy7mHM+AYRu0EfgG2h8mWCcly
kE4k49Pq3+dUq6BHSITVSrhDm5cLIFTXLvGLuEDVDZH7B5BoWOKLty3FpyQsKlre
eFp4vnjsp7lLg90Z66K0q22HVK4JtAP0AwzI7IKQt9NSdBdh2/zc2S4jjjCdrBUB
yKDzfbtEtsVeKl6V17CV+27lZdBZVdbtz6trCQkY2jjocFdcaAoK4hJ51S+T8xZU
uRqPKXR47bKZBbaKOc8CvGmbRxCakQ6dnHeyiv8v1/3vasFydNWxQC4wyABLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXpnwTwB1Zcs3FBy9qW8ufVKAn2UwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUyMzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2M
MA0GCSqGSIb3DQEBCwUAA4IBAQCTb5P7laMOsEDcDZFlCXGi3nRaZTuEtcNbPzsv
F5lkCsLgReo9vVwDFOwmQEWBqxaubiapu8PyQIrEFbDcNGF7PgJsqiAB3mcE7Fdh
NCpzDfbwb6cG6RR7vxMIec1S3OP/fs3iS4C75g9VesUDMXwxkIeoh4s5NqVJjpg+
ioLqoVIAJJGjMOx0hLViBlIlS0g7Ha5EdNPnVSwz0uYCEw6s1BmoovNLzse7axTD
NsbRJZrEhi8FFmwtgzzT4T81dHiNI2zTq0xCa6Mlls8dou1Grjdms6rtUUT7AMrn
T2F3Mf69th0fx2Mpbk/dproztC/AqEagi5rYG+APu0IAqPvV
-----END CERTIFICATE-----