Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          WfhFd3t/PmHHcUlNyapZ6cmODZm9VlrSEzxJrV7VMcA=
Subject key identifier:   AE:DA:57:7F:FF:CA:E2:83:6A:3B:30:6D:BD:CC:54:E7:19:9B:C5:B3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       22D306E10B01FDC6640FD94EE8EF430F90F2C5F8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Thu 06 Feb 2025 17:02:59 +0000
ROA not before:           Thu 06 Feb 2025 16:57:59 +0000
ROA not after:            Thu 05 Feb 2026 17:02:59 +0000
asID:                     214025
IP address blocks:        179.61.182.0/24 maxlen: 24
                          179.61.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d3:06:e1:0b:01:fd:c6:64:0f:d9:4e:e8:ef:43:0f:90:f2:c5:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  6 16:57:59 2025 GMT
            Not After : Feb  5 17:02:59 2026 GMT
        Subject: CN=AEDA577FFFCAE2836A3B306DBDCC54E7199BC5B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:30:1c:15:9f:a6:f1:23:e8:ce:c2:98:70:da:
                    a6:6c:00:5a:96:ad:0b:eb:30:a9:d9:07:47:2b:4c:
                    64:14:47:a8:e4:7e:b3:15:15:dd:ec:0c:21:d6:31:
                    bc:ed:c6:e1:00:c3:b7:7f:99:03:b4:2a:d0:91:06:
                    52:67:9e:c0:45:b7:4a:20:64:28:95:e5:34:7d:36:
                    fe:ba:0d:49:34:55:07:98:ad:e2:d6:d2:26:f1:82:
                    24:f3:c0:7b:8c:9e:5c:47:37:d6:63:63:d4:2a:7d:
                    2f:48:2c:f4:34:42:5f:c9:4d:ee:9c:35:d3:79:56:
                    61:cf:41:89:62:66:08:20:16:f0:57:ff:62:21:f0:
                    80:6a:3f:17:ef:38:3b:ee:3c:41:b6:ae:d7:2b:78:
                    73:1a:81:e6:cd:e1:fc:bb:d2:c2:71:a0:4e:29:4d:
                    dc:34:15:9b:b0:75:03:82:2a:4a:bd:d1:15:86:f0:
                    35:db:9f:07:f6:ab:e6:10:68:70:53:98:c2:f6:29:
                    5e:16:d0:69:68:e8:87:9f:e7:ff:d7:f9:48:30:36:
                    71:5b:da:16:b4:f1:28:89:11:aa:93:33:d5:b6:28:
                    79:c3:46:b5:dc:83:92:74:f1:f5:0e:7b:b1:1f:73:
                    cf:4d:e7:53:60:fb:0a:a3:07:0d:82:96:d6:d0:20:
                    ab:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DA:57:7F:FF:CA:E2:83:6A:3B:30:6D:BD:CC:54:E7:19:9B:C5:B3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.182.0/24
                  179.61.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:4d:5c:6b:a5:35:ab:ed:da:33:8d:1b:95:38:cd:e4:ed:06:
         73:b3:8c:b3:49:25:d0:a2:08:5e:20:96:9c:92:1a:32:61:41:
         3e:d0:2a:23:90:4c:49:f9:db:65:58:42:8d:53:57:98:f1:d7:
         aa:c8:ab:a4:8c:29:77:b1:80:b8:26:a0:05:00:97:3c:59:1c:
         5c:ce:ed:46:63:d7:c0:1b:01:21:32:f6:31:81:c2:2b:4e:36:
         35:ad:bf:04:b4:13:97:18:65:5c:da:38:c6:5f:dd:1e:58:bb:
         cd:3c:d3:4a:02:79:0a:f8:b4:a6:70:ee:73:c6:8f:3b:43:21:
         9f:a8:06:f4:ad:e5:4e:83:a9:ea:09:ea:51:e9:01:d6:f8:d0:
         14:bb:a9:af:3e:8e:f2:9c:95:54:51:8d:8a:d6:e8:3f:44:5e:
         52:d0:40:16:e1:f0:8f:fc:07:ed:81:8b:a2:d6:c1:68:10:24:
         9b:c7:39:67:6f:af:b6:d7:5b:99:9a:7a:9e:14:40:fb:55:e4:
         a6:9c:08:8a:d4:12:99:e4:b0:ab:4d:eb:dc:11:1d:79:dd:f5:
         a4:df:c3:0c:f0:1c:7e:90:e2:59:56:fe:38:33:40:74:a4:5c:
         89:45:56:e9:68:09:e2:d5:5c:92:8b:22:da:ec:dd:23:2c:83:
         f7:20:f1:e1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUItMG4QsB/cZkD9lO6O9DD5DyxfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMDYxNjU3NTlaFw0yNjAyMDUxNzAyNTlaMDMxMTAvBgNV
BAMTKEFFREE1NzdGRkZDQUUyODM2QTNCMzA2REJEQ0M1NEU3MTk5QkM1QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIMBwVn6bxI+jOwphw2qZsAFqW
rQvrMKnZB0crTGQUR6jkfrMVFd3sDCHWMbztxuEAw7d/mQO0KtCRBlJnnsBFt0og
ZCiV5TR9Nv66DUk0VQeYreLW0ibxgiTzwHuMnlxHN9ZjY9QqfS9ILPQ0Ql/JTe6c
NdN5VmHPQYliZgggFvBX/2Ih8IBqPxfvODvuPEG2rtcreHMagebN4fy70sJxoE4p
Tdw0FZuwdQOCKkq90RWG8DXbnwf2q+YQaHBTmML2KV4W0Glo6Ief5//X+UgwNnFb
2ha08SiJEaqTM9W2KHnDRrXcg5J08fUOe7Efc89N51Ng+wqjBw2CltbQIKv5AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUrtpXf//K4oNqOzBtvcxU5xmbxbMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz22
AwQAsz25MA0GCSqGSIb3DQEBCwUAA4IBAQC0TVxrpTWr7dozjRuVOM3k7QZzs4yz
SSXQogheIJackhoyYUE+0CojkExJ+dtlWEKNU1eY8deqyKukjCl3sYC4JqAFAJc8
WRxczu1GY9fAGwEhMvYxgcIrTjY1rb8EtBOXGGVc2jjGX90eWLvNPNNKAnkK+LSm
cO5zxo87QyGfqAb0reVOg6nqCepR6QHW+NAUu6mvPo7ynJVUUY2K1ug/RF5S0EAW
4fCP/AftgYui1sFoECSbxzlnb6+211uZmnqeFED7VeSmnAiK1BKZ5LCrTevcER15
3fWk38MM8Bx+kOJZVv44M0B0pFyJRVbpaAni1VySiyLa7N0jLIP3IPHh
-----END CERTIFICATE-----