Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213168.roa
File:                     AS213168.roa (raw, json)
Hash identifier:          juTXs8mirbCBoyxQrtLEJK2f27EXL9efy+Y+j2cpmsY=
Subject key identifier:   B4:6E:B0:15:FA:41:26:D4:B5:94:B2:3B:3C:72:12:8F:32:6B:41:D5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5CEC25670ADFC9D220D6E4E3339B8427D9FFF295
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213168.roa
Signing time:             Sun 04 Feb 2024 11:28:33 +0000
ROA not before:           Sun 04 Feb 2024 11:23:33 +0000
ROA not after:            Sun 02 Feb 2025 11:28:33 +0000
asID:                     213168
IP address blocks:        181.214.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ec:25:67:0a:df:c9:d2:20:d6:e4:e3:33:9b:84:27:d9:ff:f2:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  4 11:23:33 2024 GMT
            Not After : Feb  2 11:28:33 2025 GMT
        Subject: CN=B46EB015FA4126D4B594B23B3C72128F326B41D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:76:23:b3:6f:d2:e0:cb:9d:73:c0:30:1c:06:
                    0e:4a:18:3a:a3:de:29:18:67:5a:da:14:02:22:e7:
                    cf:99:ba:d4:8d:f7:9f:99:ad:c8:ce:f2:c3:6f:a9:
                    cb:d7:a5:2d:fe:b9:b0:37:58:8e:39:35:a9:c0:a1:
                    ac:87:42:89:46:c6:1d:13:7e:6c:b2:4b:22:79:f4:
                    9a:fe:f9:bd:c9:c2:42:50:7f:91:4e:46:02:41:f6:
                    17:ba:34:c3:64:c0:9a:a3:a1:74:c6:f3:44:4f:c4:
                    ab:78:70:1f:85:82:c6:91:dd:d5:cb:c7:05:ce:03:
                    40:f6:2e:3b:2b:7b:cd:8d:b9:98:8c:ea:10:c0:de:
                    6e:fc:67:b3:1d:cd:bc:26:f2:fd:1c:6a:d9:46:96:
                    50:2c:c7:c2:3f:7b:b5:b1:19:23:33:92:25:c6:51:
                    f3:ee:27:90:3a:e7:69:b6:14:3b:93:94:9e:a2:a0:
                    ad:e8:91:04:c5:40:14:52:88:6d:be:81:79:d4:a0:
                    b1:1f:08:57:a1:83:9c:a5:bd:36:50:01:bc:83:58:
                    06:ef:e0:ad:21:45:6a:47:84:34:32:a9:08:65:bf:
                    30:f5:73:f9:9f:d6:48:f6:15:00:62:8a:82:82:c3:
                    b1:4b:a5:b2:bb:c9:2d:13:b6:92:42:53:d0:e5:08:
                    e4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6E:B0:15:FA:41:26:D4:B5:94:B2:3B:3C:72:12:8F:32:6B:41:D5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213168.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4e:2d:d4:90:29:48:ce:09:81:7a:e2:9e:6b:94:e6:8b:14:
         cd:57:5a:6c:d2:ed:57:b6:d7:f7:3c:c7:65:7a:b6:6c:da:aa:
         71:3f:cd:f1:b3:24:9e:32:62:4d:87:c2:ca:90:15:3d:65:f5:
         c4:7e:17:89:73:b0:98:29:eb:3f:0e:9a:0b:e3:61:8c:7d:1a:
         71:cc:cc:8f:0a:39:ca:0c:ac:6c:54:51:e5:a7:25:90:96:76:
         07:16:ec:85:0c:de:e0:72:30:5c:4b:c1:3a:8b:9e:98:18:12:
         3a:14:a1:2c:b1:80:cc:7b:2c:25:34:39:9b:5a:6f:37:c3:5b:
         c1:aa:8d:bb:6d:19:96:15:f6:f5:4e:5f:eb:bb:b7:dc:64:e7:
         e9:45:89:72:88:9f:22:60:05:14:ba:1c:8b:b5:fe:e7:d3:d5:
         56:e9:84:97:b9:c7:c8:3f:b0:54:6c:1a:0d:33:da:7b:a1:44:
         7f:bc:e0:d6:e1:1a:39:34:94:49:81:c4:1a:db:57:08:02:88:
         c9:ac:4f:8a:59:77:49:40:93:c9:42:7a:e7:10:fa:9f:20:4f:
         b1:07:b7:ad:67:87:ce:9c:1a:51:7f:60:b3:30:d7:51:e1:08:
         f2:9d:cb:5b:72:6a:0b:ee:73:ac:d8:16:43:59:2d:46:d9:e0:
         97:78:8e:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXOwlZwrfydIg1uTjM5uEJ9n/8pUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMDQxMTIzMzNaFw0yNTAyMDIxMTI4MzNaMDMxMTAvBgNV
BAMTKEI0NkVCMDE1RkE0MTI2RDRCNTk0QjIzQjNDNzIxMjhGMzI2QjQxRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjdiOzb9Lgy51zwDAcBg5KGDqj
3ikYZ1raFAIi58+ZutSN95+ZrcjO8sNvqcvXpS3+ubA3WI45NanAoayHQolGxh0T
fmyySyJ59Jr++b3JwkJQf5FORgJB9he6NMNkwJqjoXTG80RPxKt4cB+FgsaR3dXL
xwXOA0D2Ljsre82NuZiM6hDA3m78Z7Mdzbwm8v0catlGllAsx8I/e7WxGSMzkiXG
UfPuJ5A652m2FDuTlJ6ioK3okQTFQBRSiG2+gXnUoLEfCFehg5ylvTZQAbyDWAbv
4K0hRWpHhDQyqQhlvzD1c/mf1kj2FQBiioKCw7FLpbK7yS0TtpJCU9DlCORDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtG6wFfpBJtS1lLI7PHISjzJrQdUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzMTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbF
MA0GCSqGSIb3DQEBCwUAA4IBAQAYTi3UkClIzgmBeuKea5TmixTNV1ps0u1Xttf3
PMdlerZs2qpxP83xsySeMmJNh8LKkBU9ZfXEfheJc7CYKes/DpoL42GMfRpxzMyP
CjnKDKxsVFHlpyWQlnYHFuyFDN7gcjBcS8E6i56YGBI6FKEssYDMeywlNDmbWm83
w1vBqo27bRmWFfb1Tl/ru7fcZOfpRYlyiJ8iYAUUuhyLtf7n09VW6YSXucfIP7BU
bBoNM9p7oUR/vODW4Ro5NJRJgcQa21cIAojJrE+KWXdJQJPJQnrnEPqfIE+xB7et
Z4fOnBpRf2CzMNdR4QjynctbcmoL7nOs2BZDWS1G2eCXeI4D
-----END CERTIFICATE-----