Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
File:                     AS204914.roa (raw, json)
Hash identifier:          LDI1mbke5HdJqq6AoRo6xApjYp0CoxLKtVLiKZ6vMvU=
Subject key identifier:   98:BD:01:2C:DC:6E:52:67:90:67:35:FE:88:BF:FD:C1:B7:FB:4B:D8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5F3A0EBFBE6521166A0F24BFB8A20BE4F8A4FEFB
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
Signing time:             Sun 11 May 2025 11:54:08 +0000
ROA not before:           Sun 11 May 2025 11:49:08 +0000
ROA not after:            Sun 10 May 2026 11:54:08 +0000
asID:                     204914
IP address blocks:        2.57.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:3a:0e:bf:be:65:21:16:6a:0f:24:bf:b8:a2:0b:e4:f8:a4:fe:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 11 11:49:08 2025 GMT
            Not After : May 10 11:54:08 2026 GMT
        Subject: CN=98BD012CDC6E5267906735FE88BFFDC1B7FB4BD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:22:9f:ef:cb:f1:18:eb:e5:fc:0a:b8:88:f1:
                    6d:1a:31:e7:3a:71:0a:94:0a:d2:f2:27:c2:c0:ce:
                    8b:50:bf:59:55:bb:aa:ec:ba:46:fa:c9:04:fa:6e:
                    15:19:50:7f:46:f5:99:18:e2:95:6d:71:16:c9:2a:
                    0a:50:15:82:b0:b8:f1:3c:82:48:aa:ff:04:97:9e:
                    67:c6:33:09:eb:4b:51:2d:ba:4b:29:4a:73:94:c2:
                    02:7a:d2:16:28:ee:df:9b:97:63:39:7b:a6:86:c2:
                    33:aa:4d:02:31:4a:44:cf:5f:f3:ff:c3:eb:cd:fc:
                    9c:0e:ad:a6:9c:cc:de:33:b2:fd:05:53:ea:e1:cf:
                    d9:da:62:36:ef:54:15:74:7b:66:03:1b:bd:c0:c1:
                    c4:d0:fe:ce:0d:ba:b8:50:f6:62:e4:24:05:de:e5:
                    fc:68:b4:72:0b:20:d2:89:36:d9:0b:47:59:6c:10:
                    e9:95:02:e1:69:8d:62:a6:16:16:d2:18:9f:ea:18:
                    73:76:5b:b0:e9:37:79:23:33:f6:74:19:88:8a:2b:
                    8b:b6:eb:68:79:7b:4e:8a:aa:ff:44:45:84:55:46:
                    4b:06:33:ba:a6:a4:28:a5:ea:f2:97:5c:26:ad:a1:
                    9c:79:b4:c2:be:bd:44:3e:5f:5b:c6:85:73:2a:db:
                    0b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BD:01:2C:DC:6E:52:67:90:67:35:FE:88:BF:FD:C1:B7:FB:4B:D8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:fa:ce:50:0c:9a:69:ad:d4:45:79:36:5e:eb:38:4a:a0:19:
         b2:89:45:2e:2b:aa:b4:7e:7a:9f:73:26:01:7a:07:c3:7f:66:
         ff:e3:54:b5:87:ea:ab:7a:11:eb:a1:9d:f5:ee:52:81:6a:85:
         7b:43:9a:cc:74:f4:4c:97:fa:a1:e8:7d:ef:f2:46:89:75:10:
         7d:76:57:13:b7:fe:f0:48:c9:10:0c:65:7d:67:93:59:26:6f:
         78:5a:a7:a5:b3:3b:c6:bf:42:72:f5:23:d5:82:0c:ef:99:8d:
         a1:73:13:d7:56:7a:26:70:af:48:f4:89:08:dc:b9:2a:87:a5:
         dc:93:f7:05:9a:fa:90:8f:eb:0f:5e:ed:89:90:9e:4b:58:03:
         20:42:d0:25:f6:7f:1c:38:1f:62:50:4e:3d:12:31:0f:20:dd:
         5f:d0:16:98:21:e3:fc:2c:f0:c2:ad:b2:e5:6a:b2:8c:fa:ff:
         98:71:1a:4b:42:25:97:46:5d:2e:ae:b4:1f:b7:7d:22:49:5c:
         26:7a:d5:89:70:d9:af:f8:9a:2c:d4:ea:bd:c5:61:b6:2b:85:
         bb:88:3a:cf:ec:f5:c8:53:f7:01:4e:42:b9:15:05:4c:d3:72:
         52:cb:1c:50:80:15:7c:86:3f:61:eb:cc:ac:89:d5:72:3e:56:
         3c:88:5d:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXzoOv75lIRZqDyS/uKIL5Pik/vswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTExMTQ5MDhaFw0yNjA1MTAxMTU0MDhaMDMxMTAvBgNV
BAMTKDk4QkQwMTJDREM2RTUyNjc5MDY3MzVGRTg4QkZGREMxQjdGQjRCRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ip/vy/EY6+X8CriI8W0aMec6
cQqUCtLyJ8LAzotQv1lVu6rsukb6yQT6bhUZUH9G9ZkY4pVtcRbJKgpQFYKwuPE8
gkiq/wSXnmfGMwnrS1EtukspSnOUwgJ60hYo7t+bl2M5e6aGwjOqTQIxSkTPX/P/
w+vN/JwOraaczN4zsv0FU+rhz9naYjbvVBV0e2YDG73AwcTQ/s4NurhQ9mLkJAXe
5fxotHILINKJNtkLR1lsEOmVAuFpjWKmFhbSGJ/qGHN2W7DpN3kjM/Z0GYiKK4u2
62h5e06Kqv9ERYRVRksGM7qmpCil6vKXXCatoZx5tMK+vUQ+X1vGhXMq2wuHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmL0BLNxuUmeQZzX+iL/9wbf7S9gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkT
MA0GCSqGSIb3DQEBCwUAA4IBAQAN+s5QDJpprdRFeTZe6zhKoBmyiUUuK6q0fnqf
cyYBegfDf2b/41S1h+qrehHroZ317lKBaoV7Q5rMdPRMl/qh6H3v8kaJdRB9dlcT
t/7wSMkQDGV9Z5NZJm94WqelszvGv0Jy9SPVggzvmY2hcxPXVnomcK9I9IkI3Lkq
h6Xck/cFmvqQj+sPXu2JkJ5LWAMgQtAl9n8cOB9iUE49EjEPIN1f0BaYIeP8LPDC
rbLlarKM+v+YcRpLQiWXRl0urrQft30iSVwmetWJcNmv+Jos1Oq9xWG2K4W7iDrP
7PXIU/cBTkK5FQVM03JSyxxQgBV8hj9h68ysidVyPlY8iF1M
-----END CERTIFICATE-----