Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
File:                     AS205361.roa (raw, json)
Hash identifier:          tzi/AreT7mSGpFyq/z5pyLHuA4DUVoN+Hg9EMoR4pEw=
Subject key identifier:   7A:6D:58:39:46:5D:60:20:27:34:A2:1D:C0:9F:E5:22:A3:B3:E8:EA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6B3D1792A0C3CE05B475C46A8ADCDE7C8C877295
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
Signing time:             Tue 18 Feb 2025 15:19:32 +0000
ROA not before:           Tue 18 Feb 2025 15:14:32 +0000
ROA not after:            Tue 17 Feb 2026 15:19:32 +0000
asID:                     205361
IP address blocks:        185.135.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:3d:17:92:a0:c3:ce:05:b4:75:c4:6a:8a:dc:de:7c:8c:87:72:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 18 15:14:32 2025 GMT
            Not After : Feb 17 15:19:32 2026 GMT
        Subject: CN=7A6D5839465D60202734A21DC09FE522A3B3E8EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:79:fd:49:e0:a4:9e:45:fa:ba:11:1d:8f:
                    2d:36:d0:ed:29:87:07:48:35:66:78:ae:57:be:3a:
                    14:30:c0:dd:dc:65:37:87:3c:2a:ee:33:36:6b:ae:
                    9f:bf:1c:8d:bc:65:41:6e:dd:a0:b8:e5:cb:33:ee:
                    95:2c:44:7d:b9:f1:0c:12:84:20:9d:cd:54:66:ce:
                    bb:08:19:f7:33:e8:8e:8d:d6:85:22:27:bc:41:96:
                    05:5c:04:a4:30:9d:b4:81:a6:64:74:41:1f:68:9f:
                    9f:91:fd:19:8a:33:e2:01:2e:77:c6:87:58:f5:11:
                    e1:85:20:ae:5d:a1:b6:ca:6e:04:04:cc:8b:d2:64:
                    37:20:1d:a7:c2:04:89:a7:76:8d:62:54:b1:85:c6:
                    a0:b9:2c:d9:bd:79:6c:d3:51:e4:77:4b:7e:16:85:
                    5b:0c:00:b7:d8:08:dd:98:dc:10:da:9f:c6:3d:d0:
                    17:93:c0:98:5a:a6:92:08:84:ad:29:ba:12:a3:65:
                    57:82:d0:c2:5b:5f:87:88:d4:60:42:69:a1:69:f5:
                    ff:3c:bb:d9:cb:f9:ef:6d:73:2b:b3:60:78:cc:33:
                    5b:f3:0b:8a:fe:9c:2d:f7:7b:b8:e2:68:3f:db:ca:
                    56:fc:da:94:5c:89:1f:5e:25:15:f9:37:4f:23:1b:
                    35:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:6D:58:39:46:5D:60:20:27:34:A2:1D:C0:9F:E5:22:A3:B3:E8:EA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f0:4d:b7:46:93:c6:11:d3:ac:35:25:f3:26:0b:90:5c:fc:
         6b:9b:33:f3:54:26:37:47:7d:50:66:95:e1:45:9d:40:af:26:
         69:4d:10:0f:6c:a9:17:db:30:9e:78:5a:3e:9c:0d:20:31:48:
         31:ab:06:d8:16:7f:98:51:5f:91:88:21:e3:60:b8:93:b3:f3:
         97:1d:5b:08:9a:22:6e:29:32:a5:dd:32:97:d5:b2:bd:83:10:
         25:32:a2:27:df:fb:bb:2b:1a:39:04:95:0d:f7:13:44:f3:fc:
         8d:06:ec:4f:3a:89:1a:8c:c1:98:5d:16:60:a8:e2:aa:e8:ab:
         34:e4:5a:84:76:aa:7c:fd:71:b7:92:38:62:d0:fd:e3:14:35:
         63:73:de:53:83:78:06:d9:77:22:0d:4d:ad:3d:79:9a:68:a8:
         82:b8:de:20:2a:be:39:ec:13:7d:6e:38:74:86:fd:84:90:c6:
         d6:44:3a:b0:63:5e:8c:b4:13:55:39:f3:86:2e:61:25:48:75:
         a4:30:a8:c6:61:e2:eb:c3:11:47:6f:8b:1a:30:84:17:ae:3b:
         24:13:2d:b6:87:0d:57:de:ee:76:05:17:3b:3f:6d:55:a0:77:
         42:cc:60:cf:be:44:cc:43:68:88:c0:56:e6:56:a2:40:dc:80:
         76:5b:32:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaz0XkqDDzgW0dcRqitzefIyHcpUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMTgxNTE0MzJaFw0yNjAyMTcxNTE5MzJaMDMxMTAvBgNV
BAMTKDdBNkQ1ODM5NDY1RDYwMjAyNzM0QTIxREMwOUZFNTIyQTNCM0U4RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeTXn9SeCknkX6uhEdjy020O0p
hwdINWZ4rle+OhQwwN3cZTeHPCruMzZrrp+/HI28ZUFu3aC45csz7pUsRH258QwS
hCCdzVRmzrsIGfcz6I6N1oUiJ7xBlgVcBKQwnbSBpmR0QR9on5+R/RmKM+IBLnfG
h1j1EeGFIK5dobbKbgQEzIvSZDcgHafCBImndo1iVLGFxqC5LNm9eWzTUeR3S34W
hVsMALfYCN2Y3BDan8Y90BeTwJhappIIhK0puhKjZVeC0MJbX4eI1GBCaaFp9f88
u9nL+e9tcyuzYHjMM1vzC4r+nC33e7jiaD/bylb82pRciR9eJRX5N08jGzUXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUem1YOUZdYCAnNKIdwJ/lIqOz6OowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1MzYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYed
MA0GCSqGSIb3DQEBCwUAA4IBAQAF8E23RpPGEdOsNSXzJguQXPxrmzPzVCY3R31Q
ZpXhRZ1AryZpTRAPbKkX2zCeeFo+nA0gMUgxqwbYFn+YUV+RiCHjYLiTs/OXHVsI
miJuKTKl3TKX1bK9gxAlMqIn3/u7Kxo5BJUN9xNE8/yNBuxPOokajMGYXRZgqOKq
6Ks05FqEdqp8/XG3kjhi0P3jFDVjc95Tg3gG2XciDU2tPXmaaKiCuN4gKr457BN9
bjh0hv2EkMbWRDqwY16MtBNVOfOGLmElSHWkMKjGYeLrwxFHb4saMIQXrjskEy22
hw1X3u52BRc7P21VoHdCzGDPvkTMQ2iIwFbmVqJA3IB2WzIp
-----END CERTIFICATE-----