Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
File:                     AS199218.roa (raw, json)
Hash identifier:          RbAENRPPnPrWLLcsfhOatJJgxEiGPB8UnGcEI892HHo=
Subject key identifier:   E6:60:6F:41:5C:4E:6A:25:A8:9C:F3:36:0F:65:44:96:6A:CB:2B:E7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5D2A959175E2E6426FD3C42152796F671FA24200
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa
Signing time:             Fri 09 May 2025 11:54:08 +0000
ROA not before:           Fri 09 May 2025 11:49:08 +0000
ROA not after:            Fri 08 May 2026 11:54:08 +0000
asID:                     199218
IP address blocks:        181.214.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:2a:95:91:75:e2:e6:42:6f:d3:c4:21:52:79:6f:67:1f:a2:42:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  9 11:49:08 2025 GMT
            Not After : May  8 11:54:08 2026 GMT
        Subject: CN=E6606F415C4E6A25A89CF3360F6544966ACB2BE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:70:64:dd:78:a8:d6:bc:3b:05:b2:1d:a3:
                    a9:c7:52:56:b3:97:87:d8:b1:7c:ce:d5:76:4e:a0:
                    93:36:73:74:5e:18:32:f7:4a:84:98:8e:17:0d:9d:
                    27:dc:bf:cd:82:25:be:b7:07:9a:73:82:bf:b6:66:
                    1d:09:7b:e9:c1:76:ad:2c:63:99:47:e5:a6:6e:ab:
                    59:d3:cc:bc:06:05:6b:26:56:5b:73:a5:ec:d3:af:
                    d5:1f:db:28:be:95:dc:8b:24:7e:34:7c:77:d0:7d:
                    27:05:34:2b:27:16:62:d6:0c:10:bf:c2:30:e8:3e:
                    65:c9:e6:85:3d:67:1d:53:56:f9:3d:6e:99:e5:63:
                    67:df:1c:0f:29:00:51:2e:92:a7:51:e0:4e:40:06:
                    bd:9f:f6:cf:5d:51:77:6a:af:e5:98:f3:ca:88:fb:
                    ad:d6:41:49:a9:2e:5f:20:93:90:53:93:79:ce:4c:
                    01:52:e3:b1:c7:ae:a1:7f:1c:74:a4:08:4e:f5:9a:
                    36:65:cc:6a:1b:d4:10:fe:d9:ba:f2:9d:cd:2e:fa:
                    56:09:19:b9:3f:50:5d:ff:25:a8:a8:e1:a2:c1:71:
                    47:3c:31:b2:48:f7:2d:92:cd:84:29:42:89:8c:a4:
                    68:2a:40:99:df:eb:83:ee:7b:fc:78:39:b5:8c:4a:
                    e9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:60:6F:41:5C:4E:6A:25:A8:9C:F3:36:0F:65:44:96:6A:CB:2B:E7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199218.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e0:a1:ff:56:0d:be:be:c8:e6:2d:a3:62:5e:a7:c5:63:eb:
         7d:44:30:76:f6:82:93:29:4a:78:c9:51:e8:67:3f:41:dc:33:
         b6:8a:3b:a9:f1:3e:c1:65:d9:bd:22:7a:9a:4a:47:36:28:bd:
         c3:f1:cc:d7:34:70:d0:2f:78:2d:0c:f8:71:cb:d1:22:c9:ad:
         bd:75:80:bb:b1:08:91:c5:b1:2f:59:ae:bc:50:5d:6f:32:60:
         e4:2a:18:1f:f0:21:60:ff:cc:04:1f:5b:c5:4f:4a:44:cc:bb:
         7c:4c:59:fc:da:d1:5e:ad:1c:e9:07:b9:6f:2a:5d:c4:d0:88:
         50:54:98:5c:04:ec:dd:fb:5e:46:6c:ba:70:fe:25:0f:27:c3:
         60:a0:e9:c0:74:fb:4f:bb:2e:cb:99:25:32:85:15:94:84:99:
         22:4e:4c:67:3b:67:ec:74:77:3b:07:ae:5d:75:29:69:8d:f3:
         d9:b8:cb:56:3d:31:c4:54:72:38:91:2d:b7:d2:be:de:ec:c5:
         54:a0:78:0f:66:c4:d9:83:25:2e:44:6a:ff:ec:20:57:1d:13:
         fd:26:04:12:17:44:96:b6:1a:72:08:d9:9d:cc:b5:54:52:46:
         79:4a:30:0e:6e:1b:0f:4c:43:9a:ed:8b:03:55:42:e4:96:8c:
         39:dd:75:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXSqVkXXi5kJv08QhUnlvZx+iQgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDkxMTQ5MDhaFw0yNjA1MDgxMTU0MDhaMDMxMTAvBgNV
BAMTKEU2NjA2RjQxNUM0RTZBMjVBODlDRjMzNjBGNjU0NDk2NkFDQjJCRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeh3Bk3Xio1rw7BbIdo6nHUlaz
l4fYsXzO1XZOoJM2c3ReGDL3SoSYjhcNnSfcv82CJb63B5pzgr+2Zh0Je+nBdq0s
Y5lH5aZuq1nTzLwGBWsmVltzpezTr9Uf2yi+ldyLJH40fHfQfScFNCsnFmLWDBC/
wjDoPmXJ5oU9Zx1TVvk9bpnlY2ffHA8pAFEukqdR4E5ABr2f9s9dUXdqr+WY88qI
+63WQUmpLl8gk5BTk3nOTAFS47HHrqF/HHSkCE71mjZlzGob1BD+2brync0u+lYJ
Gbk/UF3/Jaio4aLBcUc8MbJI9y2SzYQpQomMpGgqQJnf64Pue/x4ObWMSulvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU5mBvQVxOaiWonPM2D2VElmrLK+cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5MjE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdaD
MA0GCSqGSIb3DQEBCwUAA4IBAQCv4KH/Vg2+vsjmLaNiXqfFY+t9RDB29oKTKUp4
yVHoZz9B3DO2ijup8T7BZdm9InqaSkc2KL3D8czXNHDQL3gtDPhxy9Eiya29dYC7
sQiRxbEvWa68UF1vMmDkKhgf8CFg/8wEH1vFT0pEzLt8TFn82tFerRzpB7lvKl3E
0IhQVJhcBOzd+15GbLpw/iUPJ8NgoOnAdPtPuy7LmSUyhRWUhJkiTkxnO2fsdHc7
B65ddSlpjfPZuMtWPTHEVHI4kS230r7e7MVUoHgPZsTZgyUuRGr/7CBXHRP9JgQS
F0SWthpyCNmdzLVUUkZ5SjAObhsPTEOa7YsDVULklow53XWf
-----END CERTIFICATE-----