Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
File:                     AS204914.roa (raw, json)
Hash identifier:          NlpdvIU1uP1lw93UG+1hP9T7uum1yUA530AxCwSAygc=
Subject key identifier:   A7:42:BB:A6:F4:11:2D:D7:E6:C9:F1:CF:4F:9A:51:00:E9:F0:FE:BA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5F604EE2F7AB24FC023BCD2F94D10B910E5C3E68
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa
Signing time:             Sun 09 Jun 2024 11:05:18 +0000
ROA not before:           Sun 09 Jun 2024 11:00:18 +0000
ROA not after:            Sun 08 Jun 2025 11:05:18 +0000
asID:                     204914
IP address blocks:        2.57.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:60:4e:e2:f7:ab:24:fc:02:3b:cd:2f:94:d1:0b:91:0e:5c:3e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  9 11:00:18 2024 GMT
            Not After : Jun  8 11:05:18 2025 GMT
        Subject: CN=A742BBA6F4112DD7E6C9F1CF4F9A5100E9F0FEBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:37:9d:96:9a:ce:25:a7:ff:60:02:38:3c:e2:
                    3c:7b:9c:4d:15:66:9d:d5:be:4e:7d:73:7b:d9:d2:
                    4a:ad:c7:0a:78:ae:a0:3b:9e:33:35:3c:73:5a:6e:
                    9d:90:c3:88:e9:04:79:9b:c0:2b:41:c6:37:31:d5:
                    43:9f:07:f4:1b:99:7e:ee:5b:d2:fe:18:21:e8:46:
                    ab:b2:97:9e:c2:28:1f:a4:1b:6a:33:48:92:e4:dc:
                    65:74:f1:82:61:b5:7c:ad:8a:d3:02:ed:1e:37:9b:
                    28:84:d6:0e:2e:46:d7:5a:ba:84:04:b4:34:c4:33:
                    00:2c:f7:43:70:0f:c4:97:50:8c:05:2a:e9:0c:08:
                    d4:3b:5b:e0:1d:08:22:72:2d:92:05:a6:fb:17:7c:
                    65:e7:c2:27:5a:b2:a0:73:80:d6:4d:90:ac:cd:49:
                    0f:f2:32:90:93:25:36:78:42:19:58:cc:3a:b9:7e:
                    e5:01:78:2d:3b:43:0b:38:c6:a0:32:79:22:5a:dc:
                    2b:90:4a:1b:d8:88:59:88:3b:6b:c6:da:7b:8a:c8:
                    0b:32:4e:ea:99:2d:73:06:f0:16:eb:50:a5:01:99:
                    b1:6e:f6:1c:54:85:9e:53:d2:80:41:09:a4:30:53:
                    31:55:e2:41:d2:8e:99:e2:b1:df:ec:59:3b:fa:9d:
                    77:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:42:BB:A6:F4:11:2D:D7:E6:C9:F1:CF:4F:9A:51:00:E9:F0:FE:BA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:4c:33:98:8c:74:ec:42:37:fb:02:1d:b3:25:2f:84:79:8c:
         5a:19:2b:d6:6c:a3:ec:64:ef:38:b4:22:61:60:5a:46:db:8e:
         02:eb:5d:06:d8:dd:7c:53:9c:4e:e2:1c:a0:3d:f5:dd:c8:36:
         27:90:c7:92:c3:b1:dc:93:b4:83:27:88:33:e9:f1:b5:96:83:
         14:73:30:bf:43:99:f8:72:3f:6b:29:73:8a:96:5a:fe:21:91:
         e6:51:93:0e:3e:23:2d:d9:5d:b7:98:f2:7b:52:e2:49:3e:d9:
         c1:10:d4:0e:48:0a:57:a7:2c:97:c7:b1:26:6f:b7:b0:6a:18:
         d2:b0:c8:d6:02:44:fc:75:09:f5:bd:3a:fc:94:96:2e:38:f5:
         d7:2c:95:0a:76:3d:b8:5a:3e:3e:d3:ab:94:da:93:9d:5a:5a:
         97:5a:4d:38:32:99:11:84:45:38:b5:8b:a7:95:06:42:41:d6:
         be:35:d9:f0:76:1e:4c:f0:61:c4:13:09:84:88:fa:fc:36:18:
         50:3a:fb:51:eb:54:14:33:23:8b:bc:04:ec:28:a5:7d:58:73:
         5e:f7:1a:4a:c5:be:3c:4e:c4:7c:a5:0b:58:51:8b:ce:5d:7c:
         de:80:ff:d5:b2:6f:1b:48:8a:22:1f:14:a8:5f:98:21:19:f8:
         3d:23:72:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX2BO4verJPwCO80vlNELkQ5cPmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MDkxMTAwMThaFw0yNTA2MDgxMTA1MThaMDMxMTAvBgNV
BAMTKEE3NDJCQkE2RjQxMTJERDdFNkM5RjFDRjRGOUE1MTAwRTlGMEZFQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClN52Wms4lp/9gAjg84jx7nE0V
Zp3Vvk59c3vZ0kqtxwp4rqA7njM1PHNabp2Qw4jpBHmbwCtBxjcx1UOfB/QbmX7u
W9L+GCHoRquyl57CKB+kG2ozSJLk3GV08YJhtXytitMC7R43myiE1g4uRtdauoQE
tDTEMwAs90NwD8SXUIwFKukMCNQ7W+AdCCJyLZIFpvsXfGXnwidasqBzgNZNkKzN
SQ/yMpCTJTZ4QhlYzDq5fuUBeC07Qws4xqAyeSJa3CuQShvYiFmIO2vG2nuKyAsy
TuqZLXMG8BbrUKUBmbFu9hxUhZ5T0oBBCaQwUzFV4kHSjpnisd/sWTv6nXfdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUp0K7pvQRLdfmyfHPT5pRAOnw/rowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkT
MA0GCSqGSIb3DQEBCwUAA4IBAQCkTDOYjHTsQjf7Ah2zJS+EeYxaGSvWbKPsZO84
tCJhYFpG244C610G2N18U5xO4hygPfXdyDYnkMeSw7Hck7SDJ4gz6fG1loMUczC/
Q5n4cj9rKXOKllr+IZHmUZMOPiMt2V23mPJ7UuJJPtnBENQOSApXpyyXx7Emb7ew
ahjSsMjWAkT8dQn1vTr8lJYuOPXXLJUKdj24Wj4+06uU2pOdWlqXWk04MpkRhEU4
tYunlQZCQda+Ndnwdh5M8GHEEwmEiPr8NhhQOvtR61QUMyOLvATsKKV9WHNe9xpK
xb48TsR8pQtYUYvOXXzegP/Vsm8bSIoiHxSoX5ghGfg9I3J2
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:44:45 2024 by rpki-client on console-fra.rpki-client.org