Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16589.roa
File:                     AS16589.roa (raw, json)
Hash identifier:          d/H3XcxQhUy8lKUAFNwWFp4D1AOd/bq9G1OGzxOFY2M=
Subject key identifier:   A8:64:E7:3B:B6:ED:CC:73:6A:88:3F:61:F1:CF:6E:95:F6:65:A2:07
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       535D3A9B6841360422B395B7BA3B55E393CB864F
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16589.roa
Signing time:             Fri 19 Apr 2024 17:05:16 +0000
ROA not before:           Fri 19 Apr 2024 17:00:16 +0000
ROA not after:            Fri 18 Apr 2025 17:05:16 +0000
asID:                     16589
IP address blocks:        181.214.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:5d:3a:9b:68:41:36:04:22:b3:95:b7:ba:3b:55:e3:93:cb:86:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 19 17:00:16 2024 GMT
            Not After : Apr 18 17:05:16 2025 GMT
        Subject: CN=A864E73BB6EDCC736A883F61F1CF6E95F665A207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:30:08:0f:6a:93:60:28:ab:17:31:26:04:
                    a1:aa:ac:99:ba:fa:12:67:91:be:08:26:ef:a6:1b:
                    35:b7:9d:66:5d:34:cd:97:0b:53:7b:1d:d0:61:d4:
                    57:ab:e2:a3:cf:0f:e9:e5:ef:d4:db:ca:d9:fa:eb:
                    b5:ee:3c:a0:c3:27:84:47:10:e6:3f:c0:5a:e9:b3:
                    3f:a6:2d:15:c8:70:00:d4:51:01:72:98:c2:5c:d9:
                    91:d5:a8:73:a1:ef:ca:f8:16:13:ea:d1:67:c9:3d:
                    d3:0f:82:f5:e0:c4:5c:f6:13:80:f2:bd:18:af:8e:
                    80:17:89:1b:f9:88:74:b1:91:71:4f:8e:2f:18:b4:
                    e3:70:2b:72:49:2e:ab:d7:c1:57:77:94:27:d1:f4:
                    0b:de:d4:98:1b:67:2f:81:c3:06:8f:36:a4:1f:32:
                    aa:2a:90:e5:8b:14:a9:2c:b7:7a:62:57:8f:aa:ff:
                    e2:93:6e:56:88:f0:1f:31:a7:92:62:23:1d:9e:54:
                    9d:93:34:f6:d8:36:10:b4:ff:76:3f:04:67:81:48:
                    fc:6d:55:a6:46:b6:cb:a4:13:d7:d7:b1:76:3b:c9:
                    c0:96:33:22:aa:c8:db:04:3d:c1:9e:cc:88:90:02:
                    63:36:5f:bf:6a:92:e5:4e:b4:2c:9f:af:73:17:f8:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:64:E7:3B:B6:ED:CC:73:6A:88:3F:61:F1:CF:6E:95:F6:65:A2:07
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS16589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d9:3f:de:d4:b5:94:54:1a:81:9a:9f:91:03:5f:eb:79:9a:
         db:e3:32:ae:44:2e:1f:36:94:c6:1f:bc:3c:29:ce:92:dc:ae:
         0f:a4:a4:67:04:fe:49:00:ee:7c:23:6b:1a:5f:f3:88:72:e9:
         a1:71:1d:46:6b:d7:77:d4:67:49:2a:2e:d2:ae:cf:2e:55:a4:
         b5:01:17:d5:56:9a:74:db:55:93:ff:1e:a3:3b:d2:39:24:98:
         46:ce:d9:51:c4:91:1e:3a:bd:58:d9:47:72:43:7b:20:d8:23:
         ab:a9:76:4b:ba:a1:24:e0:92:12:16:1d:01:c0:32:d8:44:48:
         43:b4:8e:8b:f6:32:e1:9d:f2:6c:e3:77:4f:de:97:86:b5:85:
         b4:c5:6c:3f:57:9b:d4:b0:8e:1f:b2:d7:cc:c7:0f:59:a2:bb:
         d9:c8:a5:56:37:4c:bd:5b:50:87:7b:27:a7:ec:47:8f:ab:23:
         b0:8b:a9:5a:5c:db:1e:dc:ed:40:5c:3f:52:3f:9c:9e:58:81:
         93:f4:d1:1c:92:81:1d:57:1f:70:b1:08:af:61:5c:6d:10:88:
         30:0c:65:7d:85:2f:0d:84:12:70:9d:ce:6a:73:98:e3:58:3f:
         51:fa:54:c4:56:d9:5a:36:b5:1e:af:b0:58:ca:9f:82:40:cc:
         ad:bf:cb:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUU106m2hBNgQis5W3ujtV45PLhk8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MTkxNzAwMTZaFw0yNTA0MTgxNzA1MTZaMDMxMTAvBgNV
BAMTKEE4NjRFNzNCQjZFRENDNzM2QTg4M0Y2MUYxQ0Y2RTk1RjY2NUEyMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxHTAID2qTYCirFzEmBKGqrJm6
+hJnkb4IJu+mGzW3nWZdNM2XC1N7HdBh1Fer4qPPD+nl79Tbytn667XuPKDDJ4RH
EOY/wFrpsz+mLRXIcADUUQFymMJc2ZHVqHOh78r4FhPq0WfJPdMPgvXgxFz2E4Dy
vRivjoAXiRv5iHSxkXFPji8YtONwK3JJLqvXwVd3lCfR9Ave1JgbZy+BwwaPNqQf
MqoqkOWLFKkst3piV4+q/+KTblaI8B8xp5JiIx2eVJ2TNPbYNhC0/3Y/BGeBSPxt
VaZGtsukE9fXsXY7ycCWMyKqyNsEPcGezIiQAmM2X79qkuVOtCyfr3MX+PqbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUqGTnO7btzHNqiD9h8c9ulfZlogcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTY1ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11kkw
DQYJKoZIhvcNAQELBQADggEBABnZP97UtZRUGoGan5EDX+t5mtvjMq5ELh82lMYf
vDwpzpLcrg+kpGcE/kkA7nwjaxpf84hy6aFxHUZr13fUZ0kqLtKuzy5VpLUBF9VW
mnTbVZP/HqM70jkkmEbO2VHEkR46vVjZR3JDeyDYI6updku6oSTgkhIWHQHAMthE
SEO0jov2MuGd8mzjd0/el4a1hbTFbD9Xm9Swjh+y18zHD1miu9nIpVY3TL1bUId7
J6fsR4+rI7CLqVpc2x7c7UBcP1I/nJ5YgZP00RySgR1XH3CxCK9hXG0QiDAMZX2F
Lw2EEnCdzmpzmONYP1H6VMRW2Vo2tR6vsFjKn4JAzK2/y3Q=
-----END CERTIFICATE-----