Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
File:                     AS199925.roa (raw, json)
Hash identifier:          31NJ8mDHe7nSWdUpXTbrZh8AkTZKV7G1aSgKTmabKog=
Subject key identifier:   9F:ED:89:59:54:59:05:37:C1:16:8F:59:3F:D8:73:DE:23:D2:32:46
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1D7A84B43EDF93C47873375471B4852661E3E1F1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa
Signing time:             Mon 26 Aug 2024 10:05:19 +0000
ROA not before:           Mon 26 Aug 2024 10:00:19 +0000
ROA not after:            Mon 25 Aug 2025 10:05:19 +0000
asID:                     199925
IP address blocks:        181.41.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:7a:84:b4:3e:df:93:c4:78:73:37:54:71:b4:85:26:61:e3:e1:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 26 10:00:19 2024 GMT
            Not After : Aug 25 10:05:19 2025 GMT
        Subject: CN=9FED895954590537C1168F593FD873DE23D23246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f6:b8:b7:46:2c:7b:2c:bd:ef:49:9d:9f:62:
                    65:f7:87:99:7c:4b:4d:97:73:f0:42:65:de:f0:a3:
                    fb:8b:ea:d5:59:e8:cb:ff:2f:e0:bd:84:b3:ee:ca:
                    38:72:61:7c:17:28:fd:bd:cb:6b:1b:d4:92:8f:22:
                    bc:17:7d:26:f5:51:c4:ae:04:b9:0a:d3:37:4a:f3:
                    5e:1f:ba:ea:8a:e4:dc:17:ac:29:77:19:40:fa:a6:
                    f9:48:5d:ee:64:1c:12:50:40:ff:35:df:20:02:ce:
                    12:f1:aa:9d:ba:14:89:c2:0b:bb:8e:4c:b8:cf:42:
                    20:a2:ba:24:15:cc:4d:17:38:c8:75:e4:87:c7:1b:
                    46:20:1c:03:6b:d8:c8:5f:ff:32:ee:cd:ef:52:e1:
                    56:32:bc:eb:f4:5d:dd:fe:f9:62:fa:d5:2b:18:9a:
                    41:f3:da:f1:cb:34:98:6e:89:63:89:62:99:61:b9:
                    02:8e:9d:c2:03:a8:f8:53:35:2e:ad:8e:d2:5c:1d:
                    ab:bc:e7:74:a0:71:a1:f8:01:ec:86:98:17:7c:10:
                    59:66:35:dd:1f:7d:fc:24:16:66:a7:1b:1f:ed:9f:
                    a5:78:71:71:e5:ca:02:0c:e4:0d:87:af:0f:67:8a:
                    e4:2c:f8:3a:33:97:23:d0:96:97:26:46:e0:09:4d:
                    f6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:ED:89:59:54:59:05:37:C1:16:8F:59:3F:D8:73:DE:23:D2:32:46
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS199925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:65:5c:e8:d6:30:53:ef:37:f1:a3:df:c8:aa:b3:80:2b:4d:
         2c:bb:ab:81:29:78:00:50:74:7d:cb:e6:35:6c:1e:1f:0c:86:
         7a:76:0e:5a:f8:54:9e:bb:16:d6:7d:6a:7b:8a:98:5a:22:55:
         0a:3a:52:46:84:e0:d5:4c:be:8d:1a:c5:0c:56:9b:d9:4b:e1:
         79:89:9a:4e:23:86:cf:4b:d3:fc:c7:0d:23:78:cc:c6:9a:56:
         40:f8:90:32:15:06:7a:08:25:93:b1:2b:f0:14:f3:a8:5f:13:
         5e:f9:f3:0a:01:55:bb:a5:27:4b:ce:49:d7:18:5b:ff:71:9d:
         a4:d8:7f:77:e9:96:ab:ce:44:f2:39:14:82:cc:38:30:61:cb:
         1c:d1:97:ea:01:b5:5f:83:52:60:21:6a:6b:fd:01:b5:30:e9:
         5e:5a:a7:a3:98:a4:14:97:13:bd:08:79:46:4c:00:f6:3a:6e:
         40:c7:b1:34:ff:5b:e2:e4:ae:39:e6:95:af:a6:79:45:82:6e:
         41:ca:0b:45:7d:57:5b:bc:ce:4f:15:ae:4e:cd:39:d5:c7:21:
         97:79:60:00:83:31:c2:a2:c3:32:56:1d:69:e9:45:58:c7:8b:
         1b:f9:2a:e8:4d:37:a7:9c:fc:0d:18:7b:d1:6b:3b:65:24:81:
         44:c7:98:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHXqEtD7fk8R4czdUcbSFJmHj4fEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MjYxMDAwMTlaFw0yNTA4MjUxMDA1MTlaMDMxMTAvBgNV
BAMTKDlGRUQ4OTU5NTQ1OTA1MzdDMTE2OEY1OTNGRDg3M0RFMjNEMjMyNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi9ri3Rix7LL3vSZ2fYmX3h5l8
S02Xc/BCZd7wo/uL6tVZ6Mv/L+C9hLPuyjhyYXwXKP29y2sb1JKPIrwXfSb1UcSu
BLkK0zdK814fuuqK5NwXrCl3GUD6pvlIXe5kHBJQQP813yACzhLxqp26FInCC7uO
TLjPQiCiuiQVzE0XOMh15IfHG0YgHANr2Mhf/zLuze9S4VYyvOv0Xd3++WL61SsY
mkHz2vHLNJhuiWOJYplhuQKOncIDqPhTNS6tjtJcHau853SgcaH4AeyGmBd8EFlm
Nd0fffwkFmanGx/tn6V4cXHlygIM5A2Hrw9niuQs+DozlyPQlpcmRuAJTfb1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUn+2JWVRZBTfBFo9ZP9hz3iPSMkYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk5OTI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSnB
MA0GCSqGSIb3DQEBCwUAA4IBAQA/ZVzo1jBT7zfxo9/IqrOAK00su6uBKXgAUHR9
y+Y1bB4fDIZ6dg5a+FSeuxbWfWp7iphaIlUKOlJGhODVTL6NGsUMVpvZS+F5iZpO
I4bPS9P8xw0jeMzGmlZA+JAyFQZ6CCWTsSvwFPOoXxNe+fMKAVW7pSdLzknXGFv/
cZ2k2H936ZarzkTyORSCzDgwYcsc0ZfqAbVfg1JgIWpr/QG1MOleWqejmKQUlxO9
CHlGTAD2Om5Ax7E0/1vi5K455pWvpnlFgm5BygtFfVdbvM5PFa5OzTnVxyGXeWAA
gzHCosMyVh1p6UVYx4sb+SroTTennPwNGHvRaztlJIFEx5g/
-----END CERTIFICATE-----