Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS153656.roa
File:                     AS153656.roa (raw, json)
Hash identifier:          3oAbQR0ug7TvXWeCyskCNe16XlpJI20fJ9H9krfoSzQ=
Subject key identifier:   82:70:1F:47:19:9E:A5:DA:11:C2:C4:55:6F:C4:FD:9B:71:8F:C3:A9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3CD954EE937814B4F9BA7B69355A73672D839FD9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS153656.roa
Signing time:             Thu 15 May 2025 13:12:13 +0000
ROA not before:           Thu 15 May 2025 13:07:13 +0000
ROA not after:            Thu 14 May 2026 13:12:13 +0000
asID:                     153656
IP address blocks:        179.61.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:d9:54:ee:93:78:14:b4:f9:ba:7b:69:35:5a:73:67:2d:83:9f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 15 13:07:13 2025 GMT
            Not After : May 14 13:12:13 2026 GMT
        Subject: CN=82701F47199EA5DA11C2C4556FC4FD9B718FC3A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:03:78:3d:09:96:51:34:89:3a:52:54:d5:c9:
                    0e:c9:7f:68:52:48:d3:bb:aa:fd:fc:0a:6b:78:a1:
                    83:23:ca:dd:44:a9:2b:c8:f3:ab:03:c9:12:6f:6e:
                    b2:a3:06:f3:5e:e7:21:a3:99:70:c9:41:cd:f3:70:
                    3b:61:e5:6b:ea:01:28:0e:1d:1b:61:d0:97:49:5d:
                    a9:d8:7d:3c:fe:d7:ae:03:e8:b5:15:43:22:91:87:
                    51:cb:3c:14:64:d9:6f:34:58:c2:ce:bb:0a:95:ac:
                    6d:52:1a:5c:ee:93:35:6f:7b:41:a6:4a:f5:d9:d9:
                    5e:98:9a:28:88:23:c0:fe:d5:f9:0d:c8:07:b0:dc:
                    05:12:ae:63:a9:87:99:0f:52:ba:95:42:b9:e8:06:
                    e4:55:b4:04:a7:72:ef:b6:11:3d:f6:e8:c1:25:2c:
                    b8:2e:3a:25:db:a8:98:1b:e0:da:ba:ed:fb:ba:ed:
                    8a:47:4b:58:66:31:15:ba:7a:9d:0c:0b:0c:91:97:
                    cb:64:58:f8:15:17:2a:17:8f:05:b8:3b:46:7e:d2:
                    87:94:51:db:ee:c7:3d:0b:6a:d3:a0:13:f4:41:37:
                    49:e6:a7:51:28:94:00:ba:60:b2:ee:26:8a:83:41:
                    5f:6a:96:ad:71:ce:1e:0b:ae:06:b3:7d:12:78:1f:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:70:1F:47:19:9E:A5:DA:11:C2:C4:55:6F:C4:FD:9B:71:8F:C3:A9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS153656.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:16:a9:98:63:7f:4f:98:21:ca:f5:63:cd:62:87:f6:d6:0a:
         bc:5e:88:fb:23:29:5d:69:9f:c4:e8:1f:96:ed:e8:13:89:7a:
         3e:f7:b8:4e:29:7d:07:0b:f6:6c:1f:ce:fb:fd:8d:a9:c4:67:
         18:e0:60:ce:03:01:e2:21:f0:f2:d0:37:2c:e7:ee:4a:8a:b3:
         97:55:03:29:fd:5a:11:51:23:d0:f5:6e:bc:c3:e4:ed:ca:d4:
         1d:8a:76:c7:18:1d:25:72:8b:62:b1:fb:24:24:d9:c0:fa:9e:
         56:cd:10:c7:41:60:89:24:99:c1:9c:47:86:b6:f1:e8:13:d4:
         2a:42:85:50:fd:50:a1:58:7b:e2:81:fa:5b:2b:91:92:bc:03:
         36:9b:f6:6d:43:36:26:17:f0:6f:3f:e3:a8:82:d0:8b:9d:f4:
         f8:f2:bb:50:b0:35:96:04:50:98:d3:bb:8d:a3:b4:d6:1a:cb:
         e0:28:9d:ed:1e:af:e8:a0:f3:61:f3:f0:2e:2c:96:de:6b:90:
         75:59:13:13:89:d3:e6:e0:1a:f6:65:a2:ef:e8:cb:4b:f9:40:
         54:3e:3d:a2:32:54:f1:71:b7:85:07:44:fe:f4:52:83:16:87:
         1b:d6:be:4b:1c:0e:f8:8e:b4:83:85:85:41:85:44:e7:8c:3f:
         40:c1:89:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPNlU7pN4FLT5untpNVpzZy2Dn9kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTUxMzA3MTNaFw0yNjA1MTQxMzEyMTNaMDMxMTAvBgNV
BAMTKDgyNzAxRjQ3MTk5RUE1REExMUMyQzQ1NTZGQzRGRDlCNzE4RkMzQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtA3g9CZZRNIk6UlTVyQ7Jf2hS
SNO7qv38Cmt4oYMjyt1EqSvI86sDyRJvbrKjBvNe5yGjmXDJQc3zcDth5WvqASgO
HRth0JdJXanYfTz+164D6LUVQyKRh1HLPBRk2W80WMLOuwqVrG1SGlzukzVve0Gm
SvXZ2V6YmiiII8D+1fkNyAew3AUSrmOph5kPUrqVQrnoBuRVtASncu+2ET326MEl
LLguOiXbqJgb4Nq67fu67YpHS1hmMRW6ep0MCwyRl8tkWPgVFyoXjwW4O0Z+0oeU
Udvuxz0LatOgE/RBN0nmp1EolAC6YLLuJoqDQV9qlq1xzh4LrgazfRJ4H3FLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgnAfRxmepdoRwsRVb8T9m3GPw6kwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTUzNjU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz22
MA0GCSqGSIb3DQEBCwUAA4IBAQCjFqmYY39PmCHK9WPNYof21gq8Xoj7IyldaZ/E
6B+W7egTiXo+97hOKX0HC/ZsH877/Y2pxGcY4GDOAwHiIfDy0Dcs5+5KirOXVQMp
/VoRUSPQ9W68w+TtytQdinbHGB0lcotisfskJNnA+p5WzRDHQWCJJJnBnEeGtvHo
E9QqQoVQ/VChWHvigfpbK5GSvAM2m/ZtQzYmF/BvP+OogtCLnfT48rtQsDWWBFCY
07uNo7TWGsvgKJ3tHq/ooPNh8/AuLJbea5B1WRMTidPm4Br2ZaLv6MtL+UBUPj2i
MlTxcbeFB0T+9FKDFocb1r5LHA74jrSDhYVBhUTnjD9AwYnG
-----END CERTIFICATE-----