Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          sgzuzLXskqR9AnqLyjNfXPeHdxJFleK38UO3cxJMZsw=
Subject key identifier:   6D:EE:74:86:E6:C4:34:96:5B:51:20:BA:24:5C:76:7D:BE:76:A1:CA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4CE79793927EFB10A2B8BF903A09C18B6CA8794E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
Signing time:             Wed 28 Aug 2024 12:15:34 +0000
ROA not before:           Wed 28 Aug 2024 12:10:34 +0000
ROA not after:            Wed 27 Aug 2025 12:15:34 +0000
asID:                     202673
IP address blocks:        5.181.135.0/24 maxlen: 24
                          181.214.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:e7:97:93:92:7e:fb:10:a2:b8:bf:90:3a:09:c1:8b:6c:a8:79:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 28 12:10:34 2024 GMT
            Not After : Aug 27 12:15:34 2025 GMT
        Subject: CN=6DEE7486E6C434965B5120BA245C767DBE76A1CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fe:55:9e:71:2d:24:ed:4d:52:22:15:45:0b:
                    58:3e:a6:c8:2d:b6:99:81:6c:a3:00:64:11:33:14:
                    57:b7:d1:9b:37:56:df:5d:1f:48:0d:dd:84:d0:91:
                    d3:6b:2d:f3:3e:b6:a6:d8:e7:9b:17:50:c2:06:39:
                    07:d8:bb:4a:c3:01:1a:ea:39:2c:bf:db:bb:60:44:
                    49:db:aa:f4:d8:0a:60:e9:ed:21:00:09:9e:26:d6:
                    98:36:34:50:79:e6:3a:28:fd:1e:20:0e:0e:73:8f:
                    9a:8d:3d:59:be:70:e0:fb:ef:6b:1c:5e:d9:ff:0b:
                    ff:d4:4c:ab:8f:e1:d2:50:98:af:43:9b:d5:52:c4:
                    d9:62:5f:79:43:eb:0e:97:39:01:29:a2:0f:79:0f:
                    62:79:2b:86:69:03:0c:50:01:93:67:8b:61:11:c9:
                    03:cb:08:99:d8:8a:9a:e5:8e:65:d0:88:01:cb:13:
                    95:18:10:9c:99:9e:a2:88:5f:87:e5:a9:57:79:0a:
                    a5:43:a9:89:ef:4d:16:94:c0:c5:5e:d1:8d:d0:eb:
                    f3:df:1e:37:62:df:2d:6c:84:c3:dc:46:76:cf:45:
                    ee:4f:e1:ef:2f:29:39:aa:6e:0a:3a:b7:fa:7c:ee:
                    ec:90:e9:61:39:9d:2a:8f:9f:da:51:f2:41:88:a0:
                    6e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:EE:74:86:E6:C4:34:96:5B:51:20:BA:24:5C:76:7D:BE:76:A1:CA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.135.0/24
                  181.214.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:46:32:0a:dd:a0:97:c7:5f:8e:d2:7e:c5:25:2c:9e:e3:7b:
         cb:8b:5d:53:91:80:48:94:af:f2:0a:94:37:87:87:5f:f5:8d:
         cd:fc:25:57:c4:a4:e5:85:db:15:b3:9a:12:59:09:d6:c2:3a:
         3f:23:86:95:70:b5:05:cb:be:df:76:92:5e:4f:c7:5e:56:38:
         8b:9b:75:fd:02:0a:f9:54:e5:36:5f:06:0c:d9:8a:0e:18:70:
         36:4d:e9:06:d9:cd:31:7e:fc:f1:5f:a8:06:8c:60:33:31:c6:
         e5:bd:81:f0:95:38:cb:8c:ce:a9:de:b9:00:86:72:76:f4:94:
         73:7a:93:80:22:b8:e2:6a:7f:b2:db:3f:54:9d:e5:7f:be:90:
         52:15:e9:95:c0:23:36:c8:d1:ad:4c:38:f0:9a:f2:e9:6a:f2:
         bc:7c:73:03:ed:e3:2e:17:24:72:0e:75:ad:eb:56:58:8c:05:
         ff:98:a6:9a:39:a2:63:3f:23:79:d3:9b:21:1b:80:22:38:c8:
         5a:61:39:46:fa:4b:61:78:98:3f:da:b1:5b:cf:e0:fc:91:be:
         9f:e9:23:5c:81:1b:e9:a3:50:5c:f7:23:5a:0e:7a:18:8f:f8:
         42:8e:2b:26:41:4b:dc:e1:03:41:da:07:c1:89:42:6e:04:4d:
         f3:0c:4f:52
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUTOeXk5J++xCiuL+QOgnBi2yoeU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA4MjgxMjEwMzRaFw0yNTA4MjcxMjE1MzRaMDMxMTAvBgNV
BAMTKDZERUU3NDg2RTZDNDM0OTY1QjUxMjBCQTI0NUM3NjdEQkU3NkExQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE/lWecS0k7U1SIhVFC1g+psgt
tpmBbKMAZBEzFFe30Zs3Vt9dH0gN3YTQkdNrLfM+tqbY55sXUMIGOQfYu0rDARrq
OSy/27tgREnbqvTYCmDp7SEACZ4m1pg2NFB55joo/R4gDg5zj5qNPVm+cOD772sc
Xtn/C//UTKuP4dJQmK9Dm9VSxNliX3lD6w6XOQEpog95D2J5K4ZpAwxQAZNni2ER
yQPLCJnYiprljmXQiAHLE5UYEJyZnqKIX4flqVd5CqVDqYnvTRaUwMVe0Y3Q6/Pf
Hjdi3y1shMPcRnbPRe5P4e8vKTmqbgo6t/p87uyQ6WE5nSqPn9pR8kGIoG7zAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUbe50hubENJZbUSC6JFx2fb52ocowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbWH
AwQAtdYpMA0GCSqGSIb3DQEBCwUAA4IBAQB3RjIK3aCXx1+O0n7FJSye43vLi11T
kYBIlK/yCpQ3h4df9Y3N/CVXxKTlhdsVs5oSWQnWwjo/I4aVcLUFy77fdpJeT8de
VjiLm3X9Agr5VOU2XwYM2YoOGHA2TekG2c0xfvzxX6gGjGAzMcblvYHwlTjLjM6p
3rkAhnJ29JRzepOAIrjian+y2z9UneV/vpBSFemVwCM2yNGtTDjwmvLpavK8fHMD
7eMuFyRyDnWt61ZYjAX/mKaaOaJjPyN505shG4AiOMhaYTlG+ktheJg/2rFbz+D8
kb6f6SNcgRvpo1Bc9yNaDnoYj/hCjismQUvc4QNB2gfBiUJuBE3zDE9S
-----END CERTIFICATE-----