Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          2m9JC4/ilATdiOPi9qbkA6xXbOvEXNmSDNYu6rik9Y0=
Subject key identifier:   DB:7F:9E:98:4B:A6:FE:90:E8:BB:9F:7F:08:9D:85:6A:9C:56:C1:88
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4E29101C1C9167C6742C7D88EA5BE374059CFE8E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
Signing time:             Sun 02 Mar 2025 14:08:41 +0000
ROA not before:           Sun 02 Mar 2025 14:03:41 +0000
ROA not after:            Sun 01 Mar 2026 14:08:41 +0000
asID:                     202673
IP address blocks:        5.181.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:29:10:1c:1c:91:67:c6:74:2c:7d:88:ea:5b:e3:74:05:9c:fe:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  2 14:03:41 2025 GMT
            Not After : Mar  1 14:08:41 2026 GMT
        Subject: CN=DB7F9E984BA6FE90E8BB9F7F089D856A9C56C188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:54:4f:f6:a2:6b:88:6a:27:13:23:22:bb:bc:
                    a7:53:04:ea:d4:e1:8a:82:4e:6a:35:51:f2:11:36:
                    9d:5b:16:c2:64:5d:f1:60:90:43:dc:3d:69:c5:da:
                    33:e0:9f:64:1d:43:e3:5e:8d:af:b0:2c:3f:ba:04:
                    03:71:5b:fc:61:d4:08:f5:33:66:b0:64:76:e9:a1:
                    90:c9:98:0b:7d:13:e7:dc:12:fa:b0:a1:4f:8f:4e:
                    2f:d3:b5:2f:d1:f7:1e:ac:dd:bf:8a:9d:7b:30:e7:
                    2f:44:ea:f7:a5:9b:59:53:ae:85:3c:d5:0f:04:a1:
                    16:14:d2:2f:8c:8f:29:65:a5:71:41:0f:e0:11:6a:
                    f8:02:bf:07:8b:ab:5e:7a:8b:9f:b3:b1:0b:d6:45:
                    c1:21:1d:e9:fc:2b:8c:63:dc:5d:b0:c2:fc:76:6a:
                    e3:4c:b7:e5:7b:63:c6:c6:91:01:ec:bd:39:36:82:
                    d7:61:8d:fd:eb:77:db:d7:dd:bc:48:af:b9:90:ca:
                    f7:7d:0c:38:b4:71:87:4c:d9:23:fb:46:22:44:4a:
                    22:40:0d:bd:5c:c5:e4:fe:fe:f4:d7:76:48:de:32:
                    cd:f2:57:5c:7d:99:dc:e2:a5:d6:e8:4a:91:08:14:
                    81:66:ef:12:e8:14:01:e7:bf:12:be:cd:85:8e:c8:
                    c3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:7F:9E:98:4B:A6:FE:90:E8:BB:9F:7F:08:9D:85:6A:9C:56:C1:88
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:b7:75:d2:53:d5:28:57:b9:09:0b:8d:7c:61:8f:98:ea:cf:
         ba:68:3f:e1:07:01:91:71:42:f9:d7:98:2e:7f:8a:04:d4:e9:
         50:b7:39:be:cd:c5:05:9d:84:04:9b:0e:98:93:40:68:a2:b2:
         40:1c:3d:30:b3:c9:d4:53:b4:e0:bc:75:8c:b1:d0:b3:1f:23:
         61:20:1f:15:b3:ab:60:c1:9e:3e:f5:a5:a1:b3:e3:9d:48:6f:
         73:dd:18:05:13:7d:15:90:a4:cb:fd:3c:c7:e4:be:c3:ea:e9:
         60:4b:f0:20:be:37:0b:f1:7e:ca:9f:d1:fd:5f:80:e9:0b:ca:
         54:87:e4:e4:75:35:55:8e:c3:39:b4:50:97:fb:ec:f8:b9:44:
         5e:4e:84:f3:eb:40:1a:31:e2:ac:68:e6:ad:9d:5e:a2:ae:c9:
         e3:f9:ab:fb:64:b2:4f:a4:93:6f:e1:cc:86:f7:e1:be:4c:08:
         31:40:f0:38:98:d0:36:7d:71:ef:1a:38:44:66:54:84:65:c3:
         3b:85:82:31:b4:6a:2d:64:f1:a1:e5:a9:88:48:d1:27:9f:cb:
         43:a3:37:4a:0a:72:ae:51:12:dd:f4:3b:a3:0d:87:15:4c:f9:
         64:50:b1:39:ee:b5:1a:19:2c:89:54:ad:df:08:a1:a8:fb:ed:
         26:2c:45:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTikQHByRZ8Z0LH2I6lvjdAWc/o4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMDIxNDAzNDFaFw0yNjAzMDExNDA4NDFaMDMxMTAvBgNV
BAMTKERCN0Y5RTk4NEJBNkZFOTBFOEJCOUY3RjA4OUQ4NTZBOUM1NkMxODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwVE/2omuIaicTIyK7vKdTBOrU
4YqCTmo1UfIRNp1bFsJkXfFgkEPcPWnF2jPgn2QdQ+Neja+wLD+6BANxW/xh1Aj1
M2awZHbpoZDJmAt9E+fcEvqwoU+PTi/TtS/R9x6s3b+KnXsw5y9E6velm1lTroU8
1Q8EoRYU0i+MjyllpXFBD+ARavgCvweLq156i5+zsQvWRcEhHen8K4xj3F2wwvx2
auNMt+V7Y8bGkQHsvTk2gtdhjf3rd9vX3bxIr7mQyvd9DDi0cYdM2SP7RiJESiJA
Db1cxeT+/vTXdkjeMs3yV1x9mdzipdboSpEIFIFm7xLoFAHnvxK+zYWOyMN/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU23+emEum/pDou59/CJ2FapxWwYgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWH
MA0GCSqGSIb3DQEBCwUAA4IBAQAFt3XSU9UoV7kJC418YY+Y6s+6aD/hBwGRcUL5
15guf4oE1OlQtzm+zcUFnYQEmw6Yk0BoorJAHD0ws8nUU7TgvHWMsdCzHyNhIB8V
s6tgwZ4+9aWhs+OdSG9z3RgFE30VkKTL/TzH5L7D6ulgS/AgvjcL8X7Kn9H9X4Dp
C8pUh+TkdTVVjsM5tFCX++z4uUReToTz60AaMeKsaOatnV6irsnj+av7ZLJPpJNv
4cyG9+G+TAgxQPA4mNA2fXHvGjhEZlSEZcM7hYIxtGotZPGh5amISNEnn8tDozdK
CnKuURLd9DujDYcVTPlkULE57rUaGSyJVK3fCKGo++0mLEXg
-----END CERTIFICATE-----