Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa
File:                     AS199829.roa (raw, json)
Hash identifier:          5aEl9+pltoiJYLEVzPzVkTb9MW+JECwMXTIJnzDZT+U=
Subject key identifier:   40:20:90:D3:B8:24:99:FF:05:87:E3:F8:7E:70:5F:F6:17:DB:09:94
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       630D3B0FC3D3AD814659042D37EAD3FA388D2616
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa
Signing time:             Thu 28 Aug 2025 16:54:58 +0000
ROA not before:           Thu 28 Aug 2025 16:49:58 +0000
ROA not after:            Thu 27 Aug 2026 16:54:58 +0000
asID:                     199829
IP address blocks:        181.215.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:0d:3b:0f:c3:d3:ad:81:46:59:04:2d:37:ea:d3:fa:38:8d:26:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 28 16:49:58 2025 GMT
            Not After : Aug 27 16:54:58 2026 GMT
        Subject: CN=402090D3B82499FF0587E3F87E705FF617DB0994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:74:b6:10:fb:6f:72:6b:02:43:e1:fc:ce:6a:
                    a1:7b:00:7e:ac:93:90:6e:e3:e9:ae:82:f3:10:2c:
                    5c:29:8e:e4:f1:11:3b:27:37:fe:d8:1c:0f:bd:ca:
                    62:85:3d:fa:49:eb:ed:7c:eb:5c:e7:5a:bf:10:ac:
                    76:44:0c:c0:be:b9:e9:3e:d2:ce:c0:cd:e9:b4:d8:
                    5d:95:82:6b:27:86:d4:0a:09:7c:63:fd:3b:56:d1:
                    16:5b:e0:7d:e7:11:91:82:45:56:8d:64:61:fa:e2:
                    f4:68:94:33:d1:4b:d1:1d:d4:18:d2:57:32:25:d8:
                    12:4f:30:17:e9:c5:7d:9b:6c:66:c8:88:1e:22:89:
                    11:ce:2c:74:7e:04:08:f0:85:6f:31:c3:6c:2a:97:
                    ec:83:54:d0:36:b2:a6:53:7d:ee:50:a4:49:b0:78:
                    9e:96:68:3f:03:69:70:cb:98:ff:5b:13:1d:02:41:
                    e2:7c:06:87:8c:a1:98:9c:0e:69:fd:75:b9:aa:59:
                    cc:98:73:1c:bd:39:4d:d2:20:22:e5:50:57:c6:14:
                    56:c4:a5:89:05:09:2a:39:fe:5c:b3:5c:9e:b8:df:
                    2a:6d:41:25:4e:a9:02:c0:58:c6:ad:dd:ee:14:b2:
                    f2:05:69:08:74:5e:43:75:cd:e3:e7:f5:7a:ca:b3:
                    c2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:20:90:D3:B8:24:99:FF:05:87:E3:F8:7E:70:5F:F6:17:DB:09:94
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:ca:41:7a:0f:37:a5:8c:ca:ec:2c:b9:42:7e:c8:be:c3:5b:
         dd:48:67:52:e3:09:b5:0d:e2:5d:62:ca:45:96:27:ed:29:86:
         69:9a:9b:ba:df:e3:cc:94:d1:81:bd:4a:7f:ca:85:f1:7f:77:
         da:53:93:e4:d1:a4:d5:c7:ee:f0:a6:84:f1:3b:2b:43:d9:5b:
         c8:fa:24:f9:fd:15:ae:d8:05:10:08:fd:9c:29:a5:da:69:bf:
         94:a3:a0:23:8f:07:5f:55:d1:0f:f7:ff:d4:ff:9f:db:db:7f:
         87:1d:45:f4:79:37:e5:d8:69:6f:a9:55:4f:05:ac:28:76:b3:
         9a:79:61:d5:b3:f3:03:ee:02:65:d8:2a:67:da:c3:00:02:d5:
         5a:10:7f:ec:8e:74:6a:5d:07:69:6c:42:08:9f:b1:99:f3:56:
         72:be:fd:12:a2:bd:27:7c:62:33:a9:c1:07:18:dc:94:34:19:
         26:3b:f4:d2:79:09:2f:cd:77:23:b0:c1:1f:cb:96:84:a6:b5:
         1d:0f:e1:9d:74:a5:46:49:a0:02:a4:5c:3e:c1:6c:f0:0b:bf:
         35:5e:be:3a:bf:34:9c:b8:57:d1:2a:b8:48:b4:b1:c0:9d:57:
         b5:ae:0c:5f:22:eb:d9:80:de:cf:e9:17:94:cd:fb:3b:49:da:
         1a:3f:0f:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYw07D8PTrYFGWQQtN+rT+jiNJhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjgxNjQ5NThaFw0yNjA4MjcxNjU0NThaMDMxMTAvBgNV
BAMTKDQwMjA5MEQzQjgyNDk5RkYwNTg3RTNGODdFNzA1RkY2MTdEQjA5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2dLYQ+29yawJD4fzOaqF7AH6s
k5Bu4+mugvMQLFwpjuTxETsnN/7YHA+9ymKFPfpJ6+1861znWr8QrHZEDMC+uek+
0s7Azem02F2VgmsnhtQKCXxj/TtW0RZb4H3nEZGCRVaNZGH64vRolDPRS9Ed1BjS
VzIl2BJPMBfpxX2bbGbIiB4iiRHOLHR+BAjwhW8xw2wql+yDVNA2sqZTfe5QpEmw
eJ6WaD8DaXDLmP9bEx0CQeJ8BoeMoZicDmn9dbmqWcyYcxy9OU3SICLlUFfGFFbE
pYkFCSo5/lyzXJ643yptQSVOqQLAWMat3e4UsvIFaQh0XkN1zePn9XrKs8JZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQCCQ07gkmf8Fh+P4fnBf9hfbCZQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5ODI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdct
MA0GCSqGSIb3DQEBCwUAA4IBAQBlykF6DzeljMrsLLlCfsi+w1vdSGdS4wm1DeJd
YspFliftKYZpmpu63+PMlNGBvUp/yoXxf3faU5Pk0aTVx+7wpoTxOytD2VvI+iT5
/RWu2AUQCP2cKaXaab+Uo6AjjwdfVdEP9//U/5/b23+HHUX0eTfl2GlvqVVPBawo
drOaeWHVs/MD7gJl2Cpn2sMAAtVaEH/sjnRqXQdpbEIIn7GZ81Zyvv0Sor0nfGIz
qcEHGNyUNBkmO/TSeQkvzXcjsMEfy5aEprUdD+GddKVGSaACpFw+wWzwC781Xr46
vzScuFfRKrhItLHAnVe1rgxfIuvZgN7P6ReUzfs7SdoaPw/a
-----END CERTIFICATE-----