Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
File:                     AS199925.roa (raw, json)
Hash identifier:          YOptNTMYzb4Nf2dzWutmXRsRYEibXIFX369d9ipgJA8=
Subject key identifier:   19:A1:58:3B:9A:78:01:31:C9:B1:D0:EB:D3:59:46:0C:E7:A7:D0:2A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4C441790C4489B8A0BA2C0A01C7A491FD5286149
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
Signing time:             Mon 25 Sep 2023 09:19:59 +0000
ROA not before:           Mon 25 Sep 2023 09:14:59 +0000
ROA not after:            Mon 23 Sep 2024 09:19:59 +0000
asID:                     199925
IP address blocks:        181.41.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:44:17:90:c4:48:9b:8a:0b:a2:c0:a0:1c:7a:49:1f:d5:28:61:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 25 09:14:59 2023 GMT
            Not After : Sep 23 09:19:59 2024 GMT
        Subject: CN=19A1583B9A780131C9B1D0EBD359460CE7A7D02A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:93:d6:43:61:cb:0b:c9:e5:13:e7:a1:04:
                    75:d6:72:55:d3:df:50:d2:45:04:9e:bd:25:d5:3d:
                    65:da:51:31:94:09:54:8e:e2:87:b8:b2:26:1f:36:
                    be:d5:7e:1a:0a:e3:be:7c:4d:a3:47:db:16:dc:62:
                    9c:ee:7e:23:9f:b0:6c:64:4d:d3:27:63:e9:6f:6c:
                    f9:5e:b9:a5:43:ad:60:f6:c4:5a:2d:dc:31:a3:d2:
                    c3:42:cb:1c:03:ee:56:5c:66:2f:69:af:ef:61:13:
                    4a:f0:76:ae:ca:ca:a1:f7:df:16:ec:2a:93:3e:36:
                    ae:b2:9d:c6:0f:0b:da:0e:22:76:d6:ce:a2:68:48:
                    d9:33:92:9c:71:f4:26:57:a4:24:6f:51:d4:e5:2e:
                    cb:6c:68:60:0d:17:1d:f7:99:6e:5f:a0:dd:f1:ed:
                    44:75:9f:d7:63:33:f2:c3:dc:66:ce:50:bf:91:17:
                    f8:17:f5:06:76:37:30:22:3a:3b:1e:23:a2:35:97:
                    c5:ad:8b:bd:25:89:35:57:d6:f8:ca:69:84:f9:7a:
                    25:b8:15:e8:3b:da:fd:7b:ba:e2:aa:11:48:2f:ee:
                    64:95:b8:64:44:4c:60:77:f5:61:b6:4f:fb:bb:5e:
                    3f:20:5c:f6:a9:55:f4:4e:2e:17:04:2d:95:42:d6:
                    3d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A1:58:3B:9A:78:01:31:C9:B1:D0:EB:D3:59:46:0C:E7:A7:D0:2A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:65:12:12:41:27:f6:9f:7d:35:a5:93:46:00:f3:ad:16:93:
         84:60:50:31:0f:52:dc:fc:ce:cb:e6:e4:53:f3:ba:02:c4:47:
         d0:ba:86:4d:73:b0:3e:4d:f8:50:8a:cf:05:a5:7e:77:2b:df:
         64:4a:18:ec:25:33:42:ca:5b:04:e7:85:ea:a8:26:21:54:59:
         9a:7e:93:35:b0:ae:56:fc:d0:b5:6b:03:6d:67:3f:14:33:0a:
         27:67:3e:63:bd:86:a3:ef:8d:80:a4:32:17:9d:4c:0f:a5:54:
         ee:cb:2d:47:b2:3a:4f:63:d1:fb:e7:85:32:30:a7:43:e6:4b:
         5f:95:3b:43:d3:13:e9:94:5c:09:eb:7d:bc:05:7b:54:5a:75:
         ee:d8:d0:6b:e5:23:e1:1a:40:58:68:4f:6f:1e:49:de:ca:58:
         46:55:ed:14:fb:0f:03:b2:c9:04:d6:91:56:15:82:0d:b6:6f:
         13:2c:65:db:21:89:03:85:fe:53:7c:f5:8a:f4:e7:4d:13:37:
         e2:2c:91:f3:c8:6a:17:ae:e4:f3:d0:46:50:57:f5:92:f8:f0:
         0e:eb:f2:c9:3a:21:67:21:a6:c4:35:24:3f:61:d7:52:2d:85:
         38:2e:ea:b5:cd:5a:ca:ca:01:88:f5:14:30:8a:35:d5:47:6b:
         28:71:77:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTEQXkMRIm4oLosCgHHpJH9UoYUkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA5MjUwOTE0NTlaFw0yNDA5MjMwOTE5NTlaMDMxMTAvBgNV
BAMTKDE5QTE1ODNCOUE3ODAxMzFDOUIxRDBFQkQzNTk0NjBDRTdBN0QwMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnUJPWQ2HLC8nlE+ehBHXWclXT
31DSRQSevSXVPWXaUTGUCVSO4oe4siYfNr7VfhoK4758TaNH2xbcYpzufiOfsGxk
TdMnY+lvbPleuaVDrWD2xFot3DGj0sNCyxwD7lZcZi9pr+9hE0rwdq7KyqH33xbs
KpM+Nq6yncYPC9oOInbWzqJoSNkzkpxx9CZXpCRvUdTlLstsaGANFx33mW5foN3x
7UR1n9djM/LD3GbOUL+RF/gX9QZ2NzAiOjseI6I1l8Wti70liTVX1vjKaYT5eiW4
Feg72v17uuKqEUgv7mSVuGRETGB39WG2T/u7Xj8gXPapVfROLhcELZVC1j1RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGaFYO5p4ATHJsdDr01lGDOen0CowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5OTI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSnB
MA0GCSqGSIb3DQEBCwUAA4IBAQBZZRISQSf2n301pZNGAPOtFpOEYFAxD1Lc/M7L
5uRT87oCxEfQuoZNc7A+TfhQis8FpX53K99kShjsJTNCylsE54XqqCYhVFmafpM1
sK5W/NC1awNtZz8UMwonZz5jvYaj742ApDIXnUwPpVTuyy1HsjpPY9H754UyMKdD
5ktflTtD0xPplFwJ6328BXtUWnXu2NBr5SPhGkBYaE9vHkneylhGVe0U+w8DsskE
1pFWFYINtm8TLGXbIYkDhf5TfPWK9OdNEzfiLJHzyGoXruTz0EZQV/WS+PAO6/LJ
OiFnIabENSQ/YddSLYU4Luq1zVrKygGI9RQwijXVR2socXec
-----END CERTIFICATE-----