Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa
File:                     AS207992.roa (raw, json)
Hash identifier:          kQXqfogiE709fMmJkL45A0WbZpqm5xCQR8Gt5yX9yqc=
Subject key identifier:   0F:92:5A:54:8D:7E:75:BE:5F:C4:70:42:70:60:30:CB:AB:BE:AE:2D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1DEA9172CB4DE164F90E7B47E0A8891BF64C3F78
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa
Signing time:             Thu 09 Nov 2023 23:37:06 +0000
ROA not before:           Thu 09 Nov 2023 23:32:06 +0000
ROA not after:            Thu 07 Nov 2024 23:37:06 +0000
asID:                     207992
IP address blocks:        181.214.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:ea:91:72:cb:4d:e1:64:f9:0e:7b:47:e0:a8:89:1b:f6:4c:3f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov  9 23:32:06 2023 GMT
            Not After : Nov  7 23:37:06 2024 GMT
        Subject: CN=0F925A548D7E75BE5FC47042706030CBABBEAE2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9f:d1:e7:1d:17:7f:63:8c:89:dc:b7:ae:f4:
                    50:08:ea:1f:28:17:91:3a:4e:88:e3:78:92:af:a4:
                    83:69:b3:c9:55:69:21:2e:d0:0e:6c:0f:cc:86:5b:
                    e0:2d:c2:b5:80:47:a8:3a:1e:c9:e1:1e:02:53:68:
                    5d:0d:a3:4c:df:60:a8:d0:67:4b:ab:2e:f6:39:a9:
                    48:69:41:c4:ed:b7:2b:f5:87:82:6e:40:d1:10:5d:
                    24:04:5a:2a:0b:1a:d7:f1:cd:1f:5c:1c:18:71:74:
                    9a:4c:81:9d:c8:25:1a:64:6c:24:b4:c7:ad:be:66:
                    7e:01:8b:4c:c8:b0:9b:f8:cf:fb:07:ec:bf:10:6b:
                    0d:d5:31:4c:41:f2:8f:08:f3:c3:4d:c4:33:bb:aa:
                    ac:cc:fa:9c:5f:61:87:74:33:1a:1c:bd:8b:3a:4b:
                    2f:cf:02:4f:1e:fe:47:67:a3:b0:10:3a:ae:c9:e1:
                    40:ad:7f:1d:a4:b0:03:81:6f:ae:00:6c:4d:51:1d:
                    ae:8a:16:0d:17:de:94:aa:8b:a4:40:7f:84:3b:cf:
                    ab:ee:79:1b:71:11:66:99:6a:2e:0e:1f:a1:15:6a:
                    73:2b:f6:37:6c:c5:2b:ef:92:50:73:21:de:f1:b3:
                    19:f6:f8:6f:0e:68:ba:6a:36:1c:43:a7:23:39:45:
                    4a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:92:5A:54:8D:7E:75:BE:5F:C4:70:42:70:60:30:CB:AB:BE:AE:2D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:8d:2a:af:a3:01:25:51:99:b7:09:33:9c:f7:67:ca:44:ec:
         b0:11:95:2c:a9:e3:77:29:a8:e0:61:70:c6:45:03:4b:fe:d7:
         ef:a9:c3:8b:f0:03:ec:13:5b:24:c1:08:ed:47:75:c9:52:55:
         6b:69:9d:0a:29:d5:da:02:21:a4:be:ff:eb:45:81:9a:1c:94:
         6c:e7:7e:3b:39:eb:91:ea:20:75:bb:9b:39:14:1b:5c:23:49:
         e3:1a:5e:fc:01:19:fc:3f:be:c0:55:16:b8:1a:3e:88:5e:23:
         d9:b7:de:ad:2f:94:6a:e8:3c:37:8e:b4:2f:3d:b9:dd:81:52:
         c5:fc:1f:02:f3:66:44:0f:b1:3c:87:a8:78:31:2f:10:26:15:
         a8:06:33:67:92:32:61:0c:6e:e6:77:23:74:a0:79:77:31:c6:
         d3:fa:d8:23:39:2a:24:1e:9e:9a:e3:8c:98:3b:e4:f7:f2:b1:
         93:3d:ce:db:a2:91:84:45:fb:ce:4f:42:92:9e:b6:ad:01:a3:
         f8:aa:61:1c:df:3b:2d:0d:19:1d:f7:c9:22:a0:13:03:44:da:
         b3:d6:ed:cd:a8:ab:95:3a:9f:45:c2:e1:95:8c:c4:a4:a2:2e:
         a6:c4:f4:fb:aa:12:b6:8e:7f:99:63:6b:c3:0d:d3:e8:94:39:
         75:af:45:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHeqRcstN4WT5DntH4KiJG/ZMP3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzExMDkyMzMyMDZaFw0yNDExMDcyMzM3MDZaMDMxMTAvBgNV
BAMTKDBGOTI1QTU0OEQ3RTc1QkU1RkM0NzA0MjcwNjAzMENCQUJCRUFFMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPn9HnHRd/Y4yJ3Leu9FAI6h8o
F5E6TojjeJKvpINps8lVaSEu0A5sD8yGW+AtwrWAR6g6HsnhHgJTaF0No0zfYKjQ
Z0urLvY5qUhpQcTttyv1h4JuQNEQXSQEWioLGtfxzR9cHBhxdJpMgZ3IJRpkbCS0
x62+Zn4Bi0zIsJv4z/sH7L8Qaw3VMUxB8o8I88NNxDO7qqzM+pxfYYd0MxocvYs6
Sy/PAk8e/kdno7AQOq7J4UCtfx2ksAOBb64AbE1RHa6KFg0X3pSqi6RAf4Q7z6vu
eRtxEWaZai4OH6EVanMr9jdsxSvvklBzId7xsxn2+G8OaLpqNhxDpyM5RUrLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUD5JaVI1+db5fxHBCcGAwy6u+ri0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3OTkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtda9
MA0GCSqGSIb3DQEBCwUAA4IBAQCOjSqvowElUZm3CTOc92fKROywEZUsqeN3Kajg
YXDGRQNL/tfvqcOL8APsE1skwQjtR3XJUlVraZ0KKdXaAiGkvv/rRYGaHJRs5347
OeuR6iB1u5s5FBtcI0njGl78ARn8P77AVRa4Gj6IXiPZt96tL5Rq6Dw3jrQvPbnd
gVLF/B8C82ZED7E8h6h4MS8QJhWoBjNnkjJhDG7mdyN0oHl3McbT+tgjOSokHp6a
44yYO+T38rGTPc7bopGERfvOT0KSnratAaP4qmEc3zstDRkd98kioBMDRNqz1u3N
qKuVOp9FwuGVjMSkoi6mxPT7qhK2jn+ZY2vDDdPolDl1r0VR
-----END CERTIFICATE-----