Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19437.roa
File:                     AS19437.roa (raw, json)
Hash identifier:          moitKz/sfQY7YRY2TTqznGlmlRv4aYMNfoIvIoAm2XY=
Subject key identifier:   A2:55:63:8F:41:C8:3F:15:CD:FF:78:3F:48:90:47:F5:4E:8C:B6:AB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       68C758E774D647296694C8C7583A750793FC5964
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19437.roa
Signing time:             Fri 02 Feb 2024 08:34:24 +0000
ROA not before:           Fri 02 Feb 2024 08:29:24 +0000
ROA not after:            Fri 31 Jan 2025 08:34:24 +0000
asID:                     19437
IP address blocks:        181.215.139.0/24 maxlen: 24
                          191.96.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:c7:58:e7:74:d6:47:29:66:94:c8:c7:58:3a:75:07:93:fc:59:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  2 08:29:24 2024 GMT
            Not After : Jan 31 08:34:24 2025 GMT
        Subject: CN=A255638F41C83F15CDFF783F489047F54E8CB6AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6a:da:3b:ff:bb:37:99:1a:62:be:41:ed:39:
                    2d:86:9d:9b:dd:69:17:f6:45:ad:bb:8e:44:8c:af:
                    a1:37:85:71:0d:03:47:a9:ab:77:9d:0c:30:6e:fe:
                    2e:2e:14:6d:68:42:75:14:43:4b:20:73:50:78:0d:
                    49:ce:7c:3c:fb:d8:a7:20:d7:41:a4:ea:2c:7b:6d:
                    74:3f:fd:91:74:dd:a8:b5:22:b4:54:bb:fd:21:92:
                    cd:94:aa:8e:9e:6d:31:b2:3d:62:0f:cf:bc:4a:3d:
                    2d:1d:c5:41:3f:05:88:40:f2:cd:ac:c4:90:8a:90:
                    fe:db:ab:74:2f:64:3a:f4:5a:d6:b2:fc:ab:cb:55:
                    2a:d7:2b:08:7f:ea:02:03:35:7a:6c:18:34:62:40:
                    dc:0c:b7:b8:1e:75:78:b3:ec:f2:0e:1f:c6:75:bf:
                    b2:fc:79:6d:7a:f3:6c:fd:ba:4e:97:08:1f:52:b1:
                    81:fc:19:89:d2:8d:db:50:23:52:0a:5a:b8:25:be:
                    d4:7e:14:df:5f:e8:70:62:8e:d1:3d:66:99:0f:14:
                    7b:95:45:df:b8:5c:0e:b6:0c:20:65:2e:b4:99:96:
                    2d:33:8c:69:4e:22:7f:79:db:78:73:6a:be:d0:c2:
                    11:f2:1f:de:05:e9:24:9e:e0:ab:23:f5:ac:cc:02:
                    03:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:55:63:8F:41:C8:3F:15:CD:FF:78:3F:48:90:47:F5:4E:8C:B6:AB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS19437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.139.0/24
                  191.96.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:2e:ec:4c:14:14:41:d8:42:2d:a0:20:c0:a2:4d:95:fe:86:
         74:53:58:a0:62:d4:c7:4e:2a:d7:de:f5:6e:69:52:ee:56:d5:
         55:dc:9c:e5:23:63:cc:70:8a:3e:29:69:26:90:6a:aa:a7:15:
         ad:14:11:2b:0d:fb:21:64:34:07:ab:f5:ae:1b:22:8c:8a:3e:
         ce:3a:53:a4:23:6c:fc:47:2c:74:ab:f3:85:0d:bf:9c:e2:1b:
         cd:f5:78:a0:61:3b:6c:26:70:60:25:02:a2:02:05:5c:ed:be:
         b6:8c:d5:99:e0:8e:7d:29:16:14:23:d3:b0:a3:05:3e:51:5b:
         58:1a:7a:39:c2:13:1c:37:e0:b4:f8:4a:b7:d1:68:a6:21:e4:
         94:6c:26:af:b9:cd:a4:e8:34:ae:9c:62:e9:38:98:1b:ae:0a:
         b9:14:f3:9e:9c:2d:65:b7:26:08:4e:40:e9:de:18:35:2b:1c:
         65:5d:1b:6b:5c:18:83:f3:ab:e2:3b:65:e9:f9:84:c1:ac:6a:
         60:28:24:24:da:47:c4:db:2a:2b:ff:0e:a3:4e:05:bf:e6:35:
         16:eb:01:34:e6:44:22:d6:1f:f3:b7:de:b0:73:71:4f:d0:04:
         62:a7:16:cb:03:45:00:9a:86:d7:04:d4:6b:56:78:98:9e:ec:
         ef:1e:35:c7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUaMdY53TWRylmlMjHWDp1B5P8WWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMDIwODI5MjRaFw0yNTAxMzEwODM0MjRaMDMxMTAvBgNV
BAMTKEEyNTU2MzhGNDFDODNGMTVDREZGNzgzRjQ4OTA0N0Y1NEU4Q0I2QUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDato7/7s3mRpivkHtOS2GnZvd
aRf2Ra27jkSMr6E3hXENA0epq3edDDBu/i4uFG1oQnUUQ0sgc1B4DUnOfDz72Kcg
10Gk6ix7bXQ//ZF03ai1IrRUu/0hks2Uqo6ebTGyPWIPz7xKPS0dxUE/BYhA8s2s
xJCKkP7bq3QvZDr0Wtay/KvLVSrXKwh/6gIDNXpsGDRiQNwMt7gedXiz7PIOH8Z1
v7L8eW1682z9uk6XCB9SsYH8GYnSjdtQI1IKWrglvtR+FN9f6HBijtE9ZpkPFHuV
Rd+4XA62DCBlLrSZli0zjGlOIn9523hzar7QwhHyH94F6SSe4Ksj9azMAgPnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUolVjj0HIPxXN/3g/SJBH9U6MtqswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk0Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC114sD
BAC/YCYwDQYJKoZIhvcNAQELBQADggEBAG4u7EwUFEHYQi2gIMCiTZX+hnRTWKBi
1MdOKtfe9W5pUu5W1VXcnOUjY8xwij4paSaQaqqnFa0UESsN+yFkNAer9a4bIoyK
Ps46U6QjbPxHLHSr84UNv5ziG831eKBhO2wmcGAlAqICBVztvraM1Zngjn0pFhQj
07CjBT5RW1gaejnCExw34LT4SrfRaKYh5JRsJq+5zaToNK6cYuk4mBuuCrkU856c
LWW3JghOQOneGDUrHGVdG2tcGIPzq+I7Zen5hMGsamAoJCTaR8TbKiv/DqNOBb/m
NRbrATTmRCLWH/O33rBzcU/QBGKnFssDRQCahtcE1GtWeJie7O8eNcc=
-----END CERTIFICATE-----