Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa
File:                     AS199737.roa (raw, json)
Hash identifier:          cO9JJx6gITfa3owKAryWvwqPafkWk9+z7X0CEnypWso=
Subject key identifier:   AD:9B:F6:F3:DF:99:F3:4C:1F:66:2B:07:28:DB:F9:F2:31:23:2D:8D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0A19F2CA53FBEBEA1D436E8737F5EFF9A12DAC96
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa
Signing time:             Sun 07 Apr 2024 08:53:56 +0000
ROA not before:           Sun 07 Apr 2024 08:48:56 +0000
ROA not after:            Sun 06 Apr 2025 08:53:56 +0000
asID:                     199737
IP address blocks:        181.214.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:19:f2:ca:53:fb:eb:ea:1d:43:6e:87:37:f5:ef:f9:a1:2d:ac:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  7 08:48:56 2024 GMT
            Not After : Apr  6 08:53:56 2025 GMT
        Subject: CN=AD9BF6F3DF99F34C1F662B0728DBF9F231232D8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:98:fb:6b:4e:c5:35:8f:db:5b:b5:53:cc:0c:
                    c3:b8:04:d4:6a:b9:c4:6a:3b:b5:69:6d:f0:f7:d8:
                    d5:72:08:fd:4b:08:0d:44:b7:7b:83:6a:8f:7b:86:
                    07:3b:ae:2d:b4:8e:97:1b:1f:f0:28:fe:4d:16:e0:
                    d1:02:da:88:d8:39:03:67:63:09:93:39:36:87:61:
                    a9:05:1c:4a:30:75:4a:7f:7f:9e:ab:21:6e:ab:22:
                    02:96:d7:3c:16:a9:09:3f:d7:2f:60:ec:7a:c8:98:
                    1f:b0:9f:33:ad:fa:46:24:34:d2:d1:54:e2:1a:4e:
                    14:89:7f:41:3c:39:cb:c0:eb:f5:10:92:9c:3d:9c:
                    d3:77:91:d8:29:cf:47:05:bd:74:3e:b3:74:40:85:
                    fe:fc:4b:1b:15:ab:7b:1c:95:57:1a:42:5a:15:89:
                    c9:a9:cc:70:d0:8d:da:0c:9c:08:e3:32:d2:d4:fa:
                    31:cd:5c:16:18:f3:e5:37:6f:cd:2e:b3:7c:2f:89:
                    09:53:55:61:20:44:78:18:cc:8c:2a:8d:02:61:2e:
                    09:6b:7b:54:ee:b8:ec:80:39:1a:94:58:5c:98:56:
                    e8:e7:35:07:c6:23:d1:23:7f:c3:ee:d5:43:45:57:
                    46:53:c0:e9:a6:23:e1:d2:78:f9:f9:37:31:92:8d:
                    12:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9B:F6:F3:DF:99:F3:4C:1F:66:2B:07:28:DB:F9:F2:31:23:2D:8D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:d2:26:c3:49:de:24:70:ec:28:f2:35:33:ab:5a:03:7c:de:
         17:d5:6c:b5:7f:f2:c3:40:64:d4:0f:a7:c8:6b:a8:cc:88:14:
         d0:63:d0:44:5c:9d:f2:38:6a:5b:5c:ba:af:4d:5f:6b:bf:9f:
         6b:1a:0f:d2:d6:57:1a:e8:fd:74:11:83:6f:51:75:72:72:f7:
         43:4c:e9:f4:9d:c6:c7:77:0b:02:81:d8:6c:72:da:01:65:18:
         d0:00:6c:e4:23:1d:39:e4:73:78:68:61:22:de:fc:c4:c3:65:
         52:73:49:31:76:dc:6b:bd:3d:80:17:d9:19:33:e3:da:56:fa:
         1e:47:6d:98:1f:0d:be:77:5c:84:ed:58:00:c8:a3:5f:80:b5:
         ef:a7:8b:02:8a:81:56:39:9e:52:d6:9e:31:df:ba:50:64:2c:
         ff:b9:9d:eb:2e:09:1e:fa:cc:1f:39:c7:d9:1a:04:83:70:65:
         a8:c3:d0:c4:91:53:8a:cd:dc:09:30:5c:05:f6:a4:fc:21:ff:
         5c:ae:c1:3f:71:9c:d5:de:e8:77:0e:e3:23:a0:0c:58:fb:ec:
         1f:4c:d1:a2:60:65:b1:24:36:44:cd:41:fc:f2:22:9c:eb:49:
         ee:95:da:f4:da:0f:4e:67:a5:14:b5:aa:68:24:06:a0:67:59:
         0a:eb:30:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUChnyylP76+odQ26HN/Xv+aEtrJYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDcwODQ4NTZaFw0yNTA0MDYwODUzNTZaMDMxMTAvBgNV
BAMTKEFEOUJGNkYzREY5OUYzNEMxRjY2MkIwNzI4REJGOUYyMzEyMzJEOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTmPtrTsU1j9tbtVPMDMO4BNRq
ucRqO7VpbfD32NVyCP1LCA1Et3uDao97hgc7ri20jpcbH/Ao/k0W4NEC2ojYOQNn
YwmTOTaHYakFHEowdUp/f56rIW6rIgKW1zwWqQk/1y9g7HrImB+wnzOt+kYkNNLR
VOIaThSJf0E8OcvA6/UQkpw9nNN3kdgpz0cFvXQ+s3RAhf78SxsVq3sclVcaQloV
icmpzHDQjdoMnAjjMtLU+jHNXBYY8+U3b80us3wviQlTVWEgRHgYzIwqjQJhLglr
e1TuuOyAORqUWFyYVujnNQfGI9Ejf8Pu1UNFV0ZTwOmmI+HSePn5NzGSjRIXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUrZv289+Z80wfZisHKNv58jEjLY0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5NzM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdab
MA0GCSqGSIb3DQEBCwUAA4IBAQCo0ibDSd4kcOwo8jUzq1oDfN4X1Wy1f/LDQGTU
D6fIa6jMiBTQY9BEXJ3yOGpbXLqvTV9rv59rGg/S1lca6P10EYNvUXVycvdDTOn0
ncbHdwsCgdhsctoBZRjQAGzkIx055HN4aGEi3vzEw2VSc0kxdtxrvT2AF9kZM+Pa
VvoeR22YHw2+d1yE7VgAyKNfgLXvp4sCioFWOZ5S1p4x37pQZCz/uZ3rLgke+swf
OcfZGgSDcGWow9DEkVOKzdwJMFwF9qT8If9crsE/cZzV3uh3DuMjoAxY++wfTNGi
YGWxJDZEzUH88iKc60nuldr02g9OZ6UUtapoJAagZ1kK6zBS
-----END CERTIFICATE-----