Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208949.roa
File:                     AS208949.roa (raw, json)
Hash identifier:          MkVgNOcStG60mqM0odn+g2eq4wnFAcPweY6I+VHrxwA=
Subject key identifier:   7E:5E:D9:4F:30:0D:14:8B:67:62:6D:AA:FC:90:87:C6:1B:BD:72:4D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       096AA6F7469A135051CD61FD56A40FDDC3C589AC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208949.roa
Signing time:             Sun 05 May 2024 00:00:10 +0000
ROA not before:           Sat 04 May 2024 23:55:10 +0000
ROA not after:            Sun 04 May 2025 00:00:10 +0000
asID:                     208949
IP address blocks:        181.215.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:6a:a6:f7:46:9a:13:50:51:cd:61:fd:56:a4:0f:dd:c3:c5:89:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  4 23:55:10 2024 GMT
            Not After : May  4 00:00:10 2025 GMT
        Subject: CN=7E5ED94F300D148B67626DAAFC9087C61BBD724D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:79:86:ae:73:b2:cb:37:bd:eb:b1:af:33:
                    0e:77:1e:70:0e:90:a7:9a:66:c9:8d:cb:c0:01:3d:
                    90:5d:95:33:5f:d8:a8:07:79:00:12:84:b4:bd:65:
                    c0:a7:47:e0:6c:b8:08:6c:4b:19:e5:f1:0b:15:40:
                    97:b4:58:57:d3:6d:cc:d5:52:b0:d7:99:29:df:0f:
                    33:f3:37:41:4c:82:67:3b:91:a4:9f:6a:ec:db:d9:
                    2e:26:7b:26:0a:ff:59:98:30:3a:f1:13:17:6d:99:
                    56:bd:0e:ec:1c:60:ae:0d:f4:60:50:a3:80:09:73:
                    57:6f:a8:96:35:82:f2:c5:a1:52:03:ee:2c:85:5c:
                    cc:90:e0:0b:e9:25:3d:2b:d9:23:c8:29:7e:6e:e5:
                    94:eb:ad:86:4e:c8:13:5e:8b:7c:93:fd:20:bc:1d:
                    d6:cc:00:e4:9d:2a:62:96:3d:ef:c6:7e:45:76:67:
                    bd:5f:4b:68:7c:17:29:d8:8c:6b:fd:74:8f:cc:cb:
                    f5:fd:06:f2:50:c7:aa:60:0c:7a:a1:13:f3:8b:fa:
                    7c:0f:23:85:0b:12:4d:72:01:c2:42:9f:d8:06:a7:
                    88:9b:d6:ac:37:1d:7f:fa:b5:28:ac:96:bc:33:4f:
                    93:5d:37:3d:f0:43:85:37:50:3e:e1:dd:c1:60:f8:
                    e7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5E:D9:4F:30:0D:14:8B:67:62:6D:AA:FC:90:87:C6:1B:BD:72:4D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:76:61:40:cb:bc:6e:e2:6d:6a:74:a9:80:52:d5:56:27:12:
         48:8b:0d:58:ff:0d:94:3d:52:f4:d2:64:bb:d8:03:a7:68:1f:
         b1:c9:3a:bb:00:f7:21:4e:58:2c:48:c6:5c:e7:00:08:8a:c3:
         28:29:31:6f:93:dc:d7:58:0f:f9:7b:de:db:5c:86:96:68:89:
         0f:be:e8:cd:f5:33:12:50:5d:e3:da:0e:e1:a3:a2:05:de:e5:
         2e:a6:09:52:ff:4d:f8:2e:d9:f2:f2:0e:e5:58:41:ad:b7:3a:
         c8:f3:79:ae:21:3a:76:c5:29:6e:5e:b0:f8:5c:63:43:c5:dc:
         79:bd:22:6c:de:14:89:6f:d1:23:56:f1:23:f6:0d:a3:45:f1:
         ad:38:10:7c:73:d4:aa:a3:ab:d9:b4:be:a6:67:48:24:31:17:
         f4:c3:b6:53:07:3c:ad:31:08:49:88:ca:ef:e2:e5:bb:9f:f0:
         cd:7a:86:57:d6:5d:82:db:5f:63:25:86:e1:1a:95:91:eb:51:
         b0:72:e1:1d:d9:e6:77:eb:ad:81:52:5f:0a:9d:70:a9:7e:91:
         0f:88:85:33:86:9d:1c:de:9d:df:40:02:16:cc:bf:35:8b:90:
         20:e2:8c:e4:7e:80:90:b9:35:53:29:fc:76:a1:83:a5:11:f4:
         f6:60:43:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCWqm90aaE1BRzWH9VqQP3cPFiawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDQyMzU1MTBaFw0yNTA1MDQwMDAwMTBaMDMxMTAvBgNV
BAMTKDdFNUVEOTRGMzAwRDE0OEI2NzYyNkRBQUZDOTA4N0M2MUJCRDcyNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycXmGrnOyyze967GvMw53HnAO
kKeaZsmNy8ABPZBdlTNf2KgHeQAShLS9ZcCnR+BsuAhsSxnl8QsVQJe0WFfTbczV
UrDXmSnfDzPzN0FMgmc7kaSfauzb2S4meyYK/1mYMDrxExdtmVa9DuwcYK4N9GBQ
o4AJc1dvqJY1gvLFoVID7iyFXMyQ4AvpJT0r2SPIKX5u5ZTrrYZOyBNei3yT/SC8
HdbMAOSdKmKWPe/GfkV2Z71fS2h8FynYjGv9dI/My/X9BvJQx6pgDHqhE/OL+nwP
I4ULEk1yAcJCn9gGp4ib1qw3HX/6tSislrwzT5NdNz3wQ4U3UD7h3cFg+OfFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfl7ZTzANFItnYm2q/JCHxhu9ck0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA4OTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdeT
MA0GCSqGSIb3DQEBCwUAA4IBAQBadmFAy7xu4m1qdKmAUtVWJxJIiw1Y/w2UPVL0
0mS72AOnaB+xyTq7APchTlgsSMZc5wAIisMoKTFvk9zXWA/5e97bXIaWaIkPvujN
9TMSUF3j2g7ho6IF3uUupglS/034Ltny8g7lWEGttzrI83muITp2xSluXrD4XGND
xdx5vSJs3hSJb9EjVvEj9g2jRfGtOBB8c9Sqo6vZtL6mZ0gkMRf0w7ZTBzytMQhJ
iMrv4uW7n/DNeoZX1l2C219jJYbhGpWR61GwcuEd2eZ3662BUl8KnXCpfpEPiIUz
hp0c3p3fQAIWzL81i5Ag4ozkfoCQuTVTKfx2oYOlEfT2YEMw
-----END CERTIFICATE-----
Generated at Fri May 10 08:14:30 2024 by rpki-client on console-ams.rpki-client.org