Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
File:                     AS205361.roa (raw, json)
Hash identifier:          +TbZGwapAVoMbsn5AAo2bkBYOuJtSpvnD2Ym914UtUE=
Subject key identifier:   30:BF:DC:F3:75:79:DB:B4:96:E7:A7:51:BA:AD:5E:C8:98:FD:A5:3D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6DC9463E03C749DC679E6E6EAA9459B3419DD5A4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa
Signing time:             Tue 30 Jan 2024 12:27:28 +0000
ROA not before:           Tue 30 Jan 2024 12:22:28 +0000
ROA not after:            Tue 28 Jan 2025 12:27:28 +0000
asID:                     205361
IP address blocks:        181.215.178.0/24 maxlen: 24
                          185.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c9:46:3e:03:c7:49:dc:67:9e:6e:6e:aa:94:59:b3:41:9d:d5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 30 12:22:28 2024 GMT
            Not After : Jan 28 12:27:28 2025 GMT
        Subject: CN=30BFDCF37579DBB496E7A751BAAD5EC898FDA53D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:45:8e:6e:74:7d:12:d0:72:29:3a:32:3e:d0:
                    c9:0e:d7:91:e9:fd:2b:32:0e:2c:9c:84:3e:20:11:
                    ee:07:fa:b4:b5:7d:8e:49:9b:67:88:ee:a6:6d:05:
                    f6:6e:ff:43:12:74:a1:07:ed:04:fc:e9:05:d5:f9:
                    66:c5:16:fa:e9:a4:0d:61:8b:23:17:fd:07:3b:ed:
                    21:89:e8:c1:aa:36:e9:91:3b:d8:ed:5d:63:e4:d1:
                    c1:7f:29:4f:20:e0:f1:6e:50:5b:ca:3d:71:7a:02:
                    eb:7d:7a:15:5f:f5:c0:39:0f:44:4d:93:d5:34:ab:
                    7a:dd:d9:91:68:03:a2:11:e1:fb:49:06:a6:a2:d5:
                    7b:a9:ce:97:4f:5c:85:9d:54:69:82:d8:63:58:ae:
                    10:68:6e:bb:d1:36:29:da:b0:77:16:58:bb:af:1e:
                    bd:8f:33:06:71:1f:1f:76:79:6c:b6:17:5f:3a:e3:
                    59:c7:3b:4c:1e:f2:fa:5a:92:b6:79:8a:1c:16:64:
                    ee:df:9d:23:e1:81:c5:8d:ec:5a:dd:1e:4b:5f:60:
                    ca:ef:28:95:97:9a:6f:bc:b6:21:0d:25:28:48:7e:
                    a3:b6:4c:c3:68:4a:49:83:f7:db:e8:c0:78:aa:29:
                    4b:c0:8b:35:4e:1b:07:64:cf:75:8a:a7:45:62:f0:
                    4e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BF:DC:F3:75:79:DB:B4:96:E7:A7:51:BA:AD:5E:C8:98:FD:A5:3D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205361.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.178.0/24
                  185.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:e7:74:95:85:7c:35:af:b9:21:8e:67:5c:d0:34:eb:2e:d2:
         e1:d3:f4:51:87:c5:8f:a3:7f:5a:ce:73:bf:b1:31:12:6d:e3:
         3c:5f:30:28:b1:aa:44:be:98:bc:56:ae:ee:72:d7:a9:22:88:
         60:c5:48:c4:e2:b8:7f:56:3c:fb:cd:b6:5b:f6:c1:98:12:2b:
         6e:ce:0e:cd:7b:54:06:9c:81:8c:92:05:ae:99:6c:4f:1c:f5:
         a3:cd:9c:d0:e1:3e:51:67:b2:ad:1b:11:e6:b2:01:71:8b:cd:
         8e:a9:48:79:77:bc:ad:70:b6:b1:36:be:f1:66:03:ff:11:43:
         39:18:21:2e:ca:d2:97:f4:f4:ae:99:bd:cb:ff:d0:56:2a:5a:
         3c:b4:76:63:90:1e:d5:f6:85:5e:03:c3:49:43:3c:41:45:5f:
         a4:ea:c6:2a:07:31:a3:fd:4a:43:95:bb:9e:e8:87:5b:17:9d:
         0b:9e:d9:0f:a4:33:84:3d:d6:8a:51:c9:89:72:4e:8c:3d:6b:
         d3:0d:81:76:d1:b8:74:f2:0a:b6:8a:1d:3c:35:f1:69:14:82:
         9e:e0:ce:27:42:79:49:a2:bc:b6:05:08:2a:94:7e:0d:cf:85:
         61:f0:b3:15:41:3b:e6:92:d4:73:f8:2b:85:d7:93:61:45:7e:
         88:cf:44:ab
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbclGPgPHSdxnnm5uqpRZs0Gd1aQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzAxMjIyMjhaFw0yNTAxMjgxMjI3MjhaMDMxMTAvBgNV
BAMTKDMwQkZEQ0YzNzU3OURCQjQ5NkU3QTc1MUJBQUQ1RUM4OThGREE1M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNRY5udH0S0HIpOjI+0MkO15Hp
/SsyDiychD4gEe4H+rS1fY5Jm2eI7qZtBfZu/0MSdKEH7QT86QXV+WbFFvrppA1h
iyMX/Qc77SGJ6MGqNumRO9jtXWPk0cF/KU8g4PFuUFvKPXF6Aut9ehVf9cA5D0RN
k9U0q3rd2ZFoA6IR4ftJBqai1XupzpdPXIWdVGmC2GNYrhBobrvRNinasHcWWLuv
Hr2PMwZxHx92eWy2F18641nHO0we8vpakrZ5ihwWZO7fnSPhgcWN7FrdHktfYMrv
KJWXmm+8tiENJShIfqO2TMNoSkmD99vowHiqKUvAizVOGwdkz3WKp0Vi8E5rAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUML/c83V527SW56dRuq1eyJj9pT0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1MzYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdey
AwQAuYedMA0GCSqGSIb3DQEBCwUAA4IBAQCA53SVhXw1r7khjmdc0DTrLtLh0/RR
h8WPo39aznO/sTESbeM8XzAosapEvpi8Vq7uctepIohgxUjE4rh/Vjz7zbZb9sGY
Eituzg7Ne1QGnIGMkgWumWxPHPWjzZzQ4T5RZ7KtGxHmsgFxi82OqUh5d7ytcLax
Nr7xZgP/EUM5GCEuytKX9PSumb3L/9BWKlo8tHZjkB7V9oVeA8NJQzxBRV+k6sYq
BzGj/UpDlbue6IdbF50LntkPpDOEPdaKUcmJck6MPWvTDYF20bh08gq2ih08NfFp
FIKe4M4nQnlJory2BQgqlH4Nz4Vh8LMVQTvmktRz+CuF15NhRX6Iz0Sr
-----END CERTIFICATE-----