Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202505.roa
File:                     AS202505.roa (raw, json)
Hash identifier:          EBGJ1Q99/m6sraIEhMgQVjCp69FB3joHKA/oIZwTCdM=
Subject key identifier:   51:D1:B9:8F:6A:58:17:09:76:B9:65:75:1A:47:66:DC:4B:43:BE:AA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6FE21578DEABA379E1163EF926EB450417DFFAEF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202505.roa
Signing time:             Sat 09 Mar 2024 07:05:14 +0000
ROA not before:           Sat 09 Mar 2024 07:00:14 +0000
ROA not after:            Sat 08 Mar 2025 07:05:14 +0000
asID:                     202505
IP address blocks:        181.214.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e2:15:78:de:ab:a3:79:e1:16:3e:f9:26:eb:45:04:17:df:fa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  9 07:00:14 2024 GMT
            Not After : Mar  8 07:05:14 2025 GMT
        Subject: CN=51D1B98F6A58170976B965751A4766DC4B43BEAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f3:0e:54:49:0f:24:c2:14:9a:b5:4d:51:26:
                    0a:3d:0b:f6:7d:16:ea:25:77:bf:89:2a:6e:d9:1e:
                    a5:1b:48:15:ac:95:9d:f2:65:e8:52:49:b8:27:2b:
                    74:86:1a:be:aa:2e:82:16:7a:40:77:87:3a:07:e2:
                    c8:35:00:ea:66:1d:7b:15:d1:67:5c:36:cd:8e:b9:
                    38:49:1f:2d:3e:b4:28:56:0a:4c:b4:61:e3:f7:a1:
                    2d:8a:5d:0a:87:2a:aa:a5:a5:f0:0e:f8:23:6d:a0:
                    b4:83:0c:28:20:ae:32:99:f9:19:98:d2:9d:0b:0f:
                    a9:3d:3a:78:85:ef:ed:30:eb:b6:8f:01:0e:25:db:
                    1f:bb:4e:ab:ae:f8:cb:af:d8:d8:98:d4:fd:ee:95:
                    f5:85:d0:7e:ad:f8:28:24:4b:12:5d:0f:52:fb:b2:
                    8b:04:27:c9:21:df:83:99:a7:95:89:b4:62:63:fc:
                    f0:9d:63:4f:38:9b:4a:e6:cf:95:44:ea:9f:80:20:
                    4a:bc:1a:fd:e2:0b:83:a5:dc:14:18:7b:8a:e9:1c:
                    5c:e5:e0:ef:70:21:38:31:82:70:00:b7:92:f0:ea:
                    2f:48:66:9e:4a:05:6f:be:06:5c:13:4d:51:21:e0:
                    63:05:71:f2:8b:6d:ce:42:96:07:13:1b:04:17:2e:
                    81:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D1:B9:8F:6A:58:17:09:76:B9:65:75:1A:47:66:DC:4B:43:BE:AA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202505.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:e1:75:bd:5d:ba:47:8f:4a:52:82:e6:da:c8:7a:ff:93:55:
         c7:11:a9:6f:b4:4f:bc:f6:41:c2:48:55:29:4b:4c:64:75:1c:
         2c:b4:32:61:66:c2:6b:e6:50:cd:d3:8d:ae:bc:c7:15:37:4f:
         d4:04:1e:78:bc:15:1e:fe:8f:87:3b:22:36:8d:98:e5:23:cc:
         be:69:fd:cc:72:95:26:35:e0:12:bb:2a:fb:79:c3:e0:38:ce:
         bd:5e:04:13:23:3a:cb:ba:1b:55:04:1b:9a:f4:32:aa:7e:5d:
         73:c7:7b:54:73:81:f3:cb:d6:cf:c1:d5:c5:73:9e:6f:56:c4:
         21:95:f1:a1:4a:54:5e:58:04:0b:e2:11:34:11:ac:2e:5f:7f:
         67:1b:dd:7a:ab:f0:7c:1f:6d:9c:81:80:b9:8c:73:86:6c:6f:
         da:18:89:36:ba:7e:23:fd:3c:67:72:11:38:9a:95:5e:8e:87:
         14:16:19:ca:33:42:8e:55:c6:35:e0:9d:f6:10:da:e9:a5:b7:
         31:71:43:91:87:78:8e:91:3a:8e:b0:87:6f:d6:d5:72:77:d3:
         05:43:9c:46:2d:a0:51:67:6b:0f:44:a1:95:a9:4f:c9:d5:84:
         0b:cf:49:3c:53:8d:81:a4:7d:56:8a:33:b5:ab:66:48:74:11:
         e7:60:91:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUb+IVeN6ro3nhFj75JutFBBff+u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMDkwNzAwMTRaFw0yNTAzMDgwNzA1MTRaMDMxMTAvBgNV
BAMTKDUxRDFCOThGNkE1ODE3MDk3NkI5NjU3NTFBNDc2NkRDNEI0M0JFQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI8w5USQ8kwhSatU1RJgo9C/Z9
Fuold7+JKm7ZHqUbSBWslZ3yZehSSbgnK3SGGr6qLoIWekB3hzoH4sg1AOpmHXsV
0WdcNs2OuThJHy0+tChWCky0YeP3oS2KXQqHKqqlpfAO+CNtoLSDDCggrjKZ+RmY
0p0LD6k9OniF7+0w67aPAQ4l2x+7Tquu+Muv2NiY1P3ulfWF0H6t+CgkSxJdD1L7
sosEJ8kh34OZp5WJtGJj/PCdY084m0rmz5VE6p+AIEq8Gv3iC4Ol3BQYe4rpHFzl
4O9wITgxgnAAt5Lw6i9IZp5KBW++BlwTTVEh4GMFcfKLbc5ClgcTGwQXLoGtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUdG5j2pYFwl2uWV1Gkdm3EtDvqowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdaa
MA0GCSqGSIb3DQEBCwUAA4IBAQC24XW9XbpHj0pSgubayHr/k1XHEalvtE+89kHC
SFUpS0xkdRwstDJhZsJr5lDN042uvMcVN0/UBB54vBUe/o+HOyI2jZjlI8y+af3M
cpUmNeASuyr7ecPgOM69XgQTIzrLuhtVBBua9DKqfl1zx3tUc4Hzy9bPwdXFc55v
VsQhlfGhSlReWAQL4hE0EawuX39nG916q/B8H22cgYC5jHOGbG/aGIk2un4j/Txn
chE4mpVejocUFhnKM0KOVcY14J32ENrppbcxcUORh3iOkTqOsIdv1tVyd9MFQ5xG
LaBRZ2sPRKGVqU/J1YQLz0k8U42BpH1WijO1q2ZIdBHnYJE8
-----END CERTIFICATE-----