Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199058.roa
File:                     AS199058.roa (raw, json)
Hash identifier:          DAKVg2c755gA6eHOtsUiAf8f6suwq3jXaxspfkTVDX0=
Subject key identifier:   59:FC:C0:ED:71:F6:0B:CE:98:EC:90:5D:33:00:B9:E0:D8:BB:D6:42
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       016A1034A99DB814F0A04CFBAA104D1DADBD57CF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199058.roa
Signing time:             Tue 14 Jan 2025 10:43:12 +0000
ROA not before:           Tue 14 Jan 2025 10:38:12 +0000
ROA not after:            Tue 13 Jan 2026 10:43:12 +0000
asID:                     199058
IP address blocks:        191.101.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6a:10:34:a9:9d:b8:14:f0:a0:4c:fb:aa:10:4d:1d:ad:bd:57:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 14 10:38:12 2025 GMT
            Not After : Jan 13 10:43:12 2026 GMT
        Subject: CN=59FCC0ED71F60BCE98EC905D3300B9E0D8BBD642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:04:12:bf:91:ed:d9:26:da:1c:84:6c:b2:
                    b7:14:6b:dc:5d:b7:bd:c5:81:94:02:63:d1:d3:82:
                    73:27:8d:d2:8e:4b:00:53:54:50:c7:21:b5:07:85:
                    8c:a9:f6:65:07:df:f2:da:df:31:8b:33:6d:cf:c2:
                    69:3b:ec:af:f7:32:27:44:8b:b5:61:38:b6:df:5d:
                    27:22:8c:22:6f:73:fa:d5:a5:18:0c:98:63:8c:98:
                    39:3c:c8:45:15:9a:7f:76:5c:bd:17:fe:38:79:c4:
                    01:99:c3:c7:73:75:2b:93:82:6d:93:ed:c2:7e:c4:
                    f5:62:47:e0:c6:9e:f6:ef:39:b0:05:d9:7f:5c:e3:
                    b3:e3:6a:25:cd:1a:14:dc:d3:f1:70:c5:e6:63:b8:
                    20:99:c2:6d:55:18:12:04:29:01:22:c3:ce:28:4c:
                    d6:47:da:f3:64:0b:40:f0:00:e3:95:0b:9c:0d:24:
                    7c:f0:4e:71:f5:51:b2:48:da:61:e7:c4:57:10:51:
                    43:c9:8d:2a:ea:36:84:8b:29:9d:c0:aa:45:56:e9:
                    0f:aa:c3:b8:9b:55:43:4a:0b:68:c5:3b:d7:ea:26:
                    de:bf:da:a3:e7:e8:1e:b9:e6:70:3c:94:aa:1d:cc:
                    d7:15:c7:d0:33:bf:e3:23:ae:18:fc:f8:82:7f:1f:
                    90:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:FC:C0:ED:71:F6:0B:CE:98:EC:90:5D:33:00:B9:E0:D8:BB:D6:42
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:41:ab:0c:a3:d1:f1:62:4d:13:8d:3e:54:be:4c:62:1b:e6:
         a6:69:24:95:d6:0f:f7:d6:c7:9d:49:89:50:0b:93:7a:f0:fa:
         b0:45:19:6e:2a:3a:af:bb:50:e5:e7:46:79:da:49:30:38:7e:
         77:23:86:c0:d8:12:82:97:1a:ae:5a:60:02:f6:16:11:39:20:
         a3:b1:5c:5e:41:bb:5f:6a:5e:38:00:fb:55:ca:7c:d3:ed:e8:
         13:79:05:38:4e:2a:7d:44:72:25:6b:93:f0:58:76:c2:91:99:
         bb:59:b1:b5:21:a8:0a:51:e5:8a:e7:ac:e6:73:7f:3b:7a:1d:
         8a:27:2f:5f:c5:c4:0f:ce:76:c7:5c:14:0f:ac:03:e0:7a:6d:
         6a:c1:c8:c6:d0:e1:1e:e9:c7:4e:1a:04:31:f2:09:e6:8b:22:
         8d:a3:0e:06:9b:94:0c:67:96:44:e1:42:93:c0:0c:e0:a0:86:
         5e:b6:17:fc:6f:e2:e9:59:05:92:31:b1:cf:49:1f:c5:d6:86:
         2d:3f:79:63:78:e8:ea:f4:5d:3e:6b:74:3f:f7:e5:93:72:a7:
         e0:bd:75:57:a7:71:f5:77:44:9e:57:a7:15:71:8a:2c:09:ac:
         ab:1c:4d:e0:3c:22:60:c0:c2:35:84:f2:5e:93:2c:89:55:64:
         cd:c9:25:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAWoQNKmduBTwoEz7qhBNHa29V88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTQxMDM4MTJaFw0yNjAxMTMxMDQzMTJaMDMxMTAvBgNV
BAMTKDU5RkNDMEVENzFGNjBCQ0U5OEVDOTA1RDMzMDBCOUUwRDhCQkQ2NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqtgQSv5Ht2SbaHIRssrcUa9xd
t73FgZQCY9HTgnMnjdKOSwBTVFDHIbUHhYyp9mUH3/La3zGLM23Pwmk77K/3MidE
i7VhOLbfXScijCJvc/rVpRgMmGOMmDk8yEUVmn92XL0X/jh5xAGZw8dzdSuTgm2T
7cJ+xPViR+DGnvbvObAF2X9c47PjaiXNGhTc0/FwxeZjuCCZwm1VGBIEKQEiw84o
TNZH2vNkC0DwAOOVC5wNJHzwTnH1UbJI2mHnxFcQUUPJjSrqNoSLKZ3AqkVW6Q+q
w7ibVUNKC2jFO9fqJt6/2qPn6B655nA8lKodzNcVx9Azv+Mjrhj8+IJ/H5AFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWfzA7XH2C86Y7JBdMwC54Ni71kIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2W4
MA0GCSqGSIb3DQEBCwUAA4IBAQCOQasMo9HxYk0TjT5UvkxiG+amaSSV1g/31sed
SYlQC5N68PqwRRluKjqvu1Dl50Z52kkwOH53I4bA2BKClxquWmAC9hYROSCjsVxe
Qbtfal44APtVynzT7egTeQU4Tip9RHIla5PwWHbCkZm7WbG1IagKUeWK56zmc387
eh2KJy9fxcQPznbHXBQPrAPgem1qwcjG0OEe6cdOGgQx8gnmiyKNow4Gm5QMZ5ZE
4UKTwAzgoIZethf8b+LpWQWSMbHPSR/F1oYtP3ljeOjq9F0+a3Q/9+WTcqfgvXVX
p3H1d0SeV6cVcYosCayrHE3gPCJgwMI1hPJekyyJVWTNySUY
-----END CERTIFICATE-----