Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          W67v9vLNn84ph4espk8DVs3/MDXTNM0ortYjk6+fsQs=
Subject key identifier:   7D:7A:F5:4D:02:39:84:EF:07:63:4B:C5:07:8D:37:9A:C6:BD:C9:44
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       45A13CD1EEFD2B6CFC360F012F08AFFFCB861A8B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa
Signing time:             Mon 25 Sep 2023 11:14:01 +0000
ROA not before:           Mon 25 Sep 2023 11:09:01 +0000
ROA not after:            Mon 23 Sep 2024 11:14:01 +0000
asID:                     202673
IP address blocks:        5.181.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a1:3c:d1:ee:fd:2b:6c:fc:36:0f:01:2f:08:af:ff:cb:86:1a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 25 11:09:01 2023 GMT
            Not After : Sep 23 11:14:01 2024 GMT
        Subject: CN=7D7AF54D023984EF07634BC5078D379AC6BDC944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b2:4a:9c:a6:fb:02:63:76:8f:50:0d:5a:96:
                    99:e8:62:98:7c:a2:12:0b:7a:3c:1d:c3:73:36:bd:
                    f0:99:3b:67:9c:3a:dd:8e:45:bb:84:b1:aa:52:3c:
                    06:25:16:65:24:bf:db:60:d7:d4:b9:b8:7a:ae:fc:
                    73:b7:90:2c:d6:e7:68:db:6d:61:5a:8d:9a:02:3f:
                    45:d5:9f:f1:b8:d2:45:d4:d2:b6:2c:d9:98:fb:56:
                    17:b0:8f:ea:ee:a8:87:cd:06:6d:0a:31:65:91:c9:
                    32:d0:5d:dc:81:32:a9:19:f6:a5:8e:d0:3a:b0:39:
                    89:0c:21:c2:3f:93:59:8e:78:69:59:4e:14:47:4f:
                    7e:37:22:78:b5:d8:6b:58:5d:61:51:68:7c:14:c5:
                    0d:e9:cf:dd:66:2e:95:c6:72:c2:56:a3:56:05:28:
                    f9:54:1b:af:e2:56:71:76:08:c8:5f:8b:76:0e:5a:
                    d1:bd:f3:2b:e2:6c:00:dc:86:55:52:fc:b5:32:da:
                    99:4e:81:f9:96:8c:6f:f7:1a:1c:58:20:d1:47:5e:
                    1b:48:f4:8e:68:e4:c5:dd:a5:e7:89:e3:1e:38:4a:
                    53:d6:e3:0b:29:71:b1:33:f0:8f:06:92:61:74:c7:
                    97:98:58:09:1a:32:3a:13:55:f9:31:8f:a6:c0:63:
                    66:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7A:F5:4D:02:39:84:EF:07:63:4B:C5:07:8D:37:9A:C6:BD:C9:44
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cb:28:a7:f3:80:4a:16:3a:dc:a3:34:54:62:9f:c3:95:8f:
         f1:49:d3:30:2d:0a:23:a2:9d:aa:3c:ab:3b:be:5a:f1:f6:24:
         4a:10:cc:18:30:7b:0d:f4:09:82:d7:b0:93:f4:20:fc:bc:eb:
         9b:87:e2:da:af:de:cc:f0:5b:1d:9f:e8:df:0e:ac:6b:ee:09:
         26:0b:ec:df:fb:44:f3:0f:48:19:a6:17:1c:99:1e:55:e2:9d:
         ce:43:c9:e4:e8:e4:de:8b:84:e3:d7:15:5d:05:3a:26:e9:8f:
         f4:ed:c8:83:75:f4:b0:79:41:75:4f:0f:1d:f1:34:05:0c:9d:
         5d:e2:94:b1:12:9c:40:ab:0a:1d:44:16:1f:48:85:85:1a:e2:
         31:b1:fe:db:33:3b:f7:cb:8d:67:24:95:d9:40:9f:a7:11:28:
         9d:b7:ea:30:85:d2:a3:9d:ac:5c:d9:09:a4:9d:89:73:8a:ca:
         bb:06:a9:90:85:5b:a4:cb:84:63:eb:8b:79:09:47:2f:12:5a:
         bd:35:85:e4:8e:ba:3b:d1:47:cf:6d:10:ea:9c:94:46:4f:ab:
         ad:ad:fe:ae:96:40:04:c5:5c:09:c3:69:c7:f3:d0:37:d3:0d:
         07:37:dc:05:98:cd:52:46:76:bb:0c:18:12:94:8d:35:01:e9:
         11:02:9b:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURaE80e79K2z8Ng8BLwiv/8uGGoswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA5MjUxMTA5MDFaFw0yNDA5MjMxMTE0MDFaMDMxMTAvBgNV
BAMTKDdEN0FGNTREMDIzOTg0RUYwNzYzNEJDNTA3OEQzNzlBQzZCREM5NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2skqcpvsCY3aPUA1alpnoYph8
ohILejwdw3M2vfCZO2ecOt2ORbuEsapSPAYlFmUkv9tg19S5uHqu/HO3kCzW52jb
bWFajZoCP0XVn/G40kXU0rYs2Zj7Vhewj+ruqIfNBm0KMWWRyTLQXdyBMqkZ9qWO
0DqwOYkMIcI/k1mOeGlZThRHT343Ini12GtYXWFRaHwUxQ3pz91mLpXGcsJWo1YF
KPlUG6/iVnF2CMhfi3YOWtG98yvibADchlVS/LUy2plOgfmWjG/3GhxYINFHXhtI
9I5o5MXdpeeJ4x44SlPW4wspcbEz8I8GkmF0x5eYWAkaMjoTVfkxj6bAY2ZTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfXr1TQI5hO8HY0vFB403msa9yUQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbWH
MA0GCSqGSIb3DQEBCwUAA4IBAQCYyyin84BKFjrcozRUYp/DlY/xSdMwLQojop2q
PKs7vlrx9iRKEMwYMHsN9AmC17CT9CD8vOubh+Lar97M8Fsdn+jfDqxr7gkmC+zf
+0TzD0gZphccmR5V4p3OQ8nk6OTei4Tj1xVdBTom6Y/07ciDdfSweUF1Tw8d8TQF
DJ1d4pSxEpxAqwodRBYfSIWFGuIxsf7bMzv3y41nJJXZQJ+nESidt+owhdKjnaxc
2QmknYlzisq7BqmQhVuky4Rj64t5CUcvElq9NYXkjro70UfPbRDqnJRGT6utrf6u
lkAExVwJw2nH89A30w0HN9wFmM1SRna7DBgSlI01AekRApv4
-----END CERTIFICATE-----