Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa
File:                     AS214132.roa (raw, json)
Hash identifier:          Qk0mVcI4EfC7Wi+rUiZqICVwjEsYOEqP+7mKjOEqnW8=
Subject key identifier:   AB:32:BB:59:FB:63:F7:3D:7F:C6:A9:9B:A6:BA:7E:0B:9D:5E:73:E5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0AAF0A5860C61525BE20353B5B976E6B980B025D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa
Signing time:             Thu 04 Sep 2025 16:55:00 +0000
ROA not before:           Thu 04 Sep 2025 16:50:00 +0000
ROA not after:            Thu 03 Sep 2026 16:55:00 +0000
asID:                     214132
IP address blocks:        185.170.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:af:0a:58:60:c6:15:25:be:20:35:3b:5b:97:6e:6b:98:0b:02:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  4 16:50:00 2025 GMT
            Not After : Sep  3 16:55:00 2026 GMT
        Subject: CN=AB32BB59FB63F73D7FC6A99BA6BA7E0B9D5E73E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2c:86:07:d1:e1:5c:35:1b:4e:df:0d:2e:27:
                    39:af:b5:bd:81:95:fb:92:08:bc:e7:51:b6:37:ad:
                    11:c2:99:c8:63:0a:a0:0a:c5:9f:05:a4:b1:c3:11:
                    b4:cd:d3:21:1f:c2:32:23:f4:e0:c3:91:4d:4f:8b:
                    e5:24:b5:0f:41:b9:ea:e1:49:93:d2:06:f8:c3:9b:
                    52:05:2a:1f:a1:84:39:30:22:9d:10:63:4c:7e:f5:
                    26:19:3b:69:02:c6:ba:96:44:e6:45:b3:ca:26:74:
                    33:db:a1:bf:a8:5e:4f:83:9a:85:bf:10:c6:a1:e8:
                    1d:1c:0e:ab:14:91:01:3a:c9:4a:ff:2c:93:d6:15:
                    38:68:d0:da:f8:3e:7d:2d:d3:2c:55:e0:93:c0:f7:
                    80:91:68:1e:b3:12:53:80:3c:05:70:ca:5b:0c:0e:
                    fd:4c:1c:1f:79:ad:ce:2e:2a:d5:6e:1b:89:3c:49:
                    a3:cc:b9:57:24:0a:0a:b2:a5:ce:13:94:53:c9:77:
                    a9:eb:07:f2:e4:1e:41:a8:8d:88:b2:ab:8f:d9:6a:
                    67:43:cd:83:7b:dd:58:99:81:3b:5f:1c:6f:95:ce:
                    28:29:9c:72:8a:a1:69:7b:b0:a1:37:07:2e:d5:26:
                    48:ea:fb:d1:68:15:a2:be:74:f1:dc:e1:dc:d3:6a:
                    52:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:32:BB:59:FB:63:F7:3D:7F:C6:A9:9B:A6:BA:7E:0B:9D:5E:73:E5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:43:ee:f6:ea:ff:5d:4e:e2:70:5f:1e:f5:83:1b:c0:6f:91:
         55:10:af:64:55:67:da:28:dc:c4:70:72:a7:84:81:dd:ab:85:
         21:08:6f:96:99:6a:b0:5e:b6:6d:e8:35:14:c0:54:eb:c8:f7:
         69:63:59:a2:bf:62:f1:da:7e:bc:46:c4:ab:e3:62:bc:52:97:
         cf:f3:32:72:cf:85:11:76:e6:48:7c:68:3c:cb:f4:50:40:db:
         19:f7:8c:89:44:35:8f:14:f6:06:7b:61:cb:ec:51:0c:0b:f8:
         5d:21:51:72:88:88:dd:54:e1:dc:aa:42:d7:28:42:95:37:28:
         91:73:1d:05:81:69:56:46:3e:26:cd:6a:3b:93:c2:91:1c:55:
         e1:88:2b:f5:bc:e5:9d:50:b9:4c:fd:59:09:35:7d:2e:06:6a:
         a3:94:4d:64:f7:50:67:42:92:c8:4d:27:c1:c6:37:4b:c8:e1:
         05:ac:ad:16:03:4f:71:a3:fa:58:c9:85:9c:9d:2f:f0:e6:fb:
         98:1e:82:0a:bc:ef:0a:d8:1a:d6:3d:93:22:51:53:38:24:ba:
         90:64:16:82:eb:8e:eb:44:09:2a:12:8c:ab:a7:fb:77:1e:18:
         80:42:93:02:45:42:d4:68:67:26:d9:7b:5a:31:ef:d6:6e:52:
         03:83:cb:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCq8KWGDGFSW+IDU7W5dua5gLAl0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDQxNjUwMDBaFw0yNjA5MDMxNjU1MDBaMDMxMTAvBgNV
BAMTKEFCMzJCQjU5RkI2M0Y3M0Q3RkM2QTk5QkE2QkE3RTBCOUQ1RTczRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeLIYH0eFcNRtO3w0uJzmvtb2B
lfuSCLznUbY3rRHCmchjCqAKxZ8FpLHDEbTN0yEfwjIj9ODDkU1Pi+UktQ9Buerh
SZPSBvjDm1IFKh+hhDkwIp0QY0x+9SYZO2kCxrqWROZFs8omdDPbob+oXk+DmoW/
EMah6B0cDqsUkQE6yUr/LJPWFTho0Nr4Pn0t0yxV4JPA94CRaB6zElOAPAVwylsM
Dv1MHB95rc4uKtVuG4k8SaPMuVckCgqypc4TlFPJd6nrB/LkHkGojYiyq4/ZamdD
zYN73ViZgTtfHG+VzigpnHKKoWl7sKE3By7VJkjq+9FoFaK+dPHc4dzTalKTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqzK7Wftj9z1/xqmbprp+C51ec+UwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuao7
MA0GCSqGSIb3DQEBCwUAA4IBAQBJQ+726v9dTuJwXx71gxvAb5FVEK9kVWfaKNzE
cHKnhIHdq4UhCG+WmWqwXrZt6DUUwFTryPdpY1miv2Lx2n68RsSr42K8UpfP8zJy
z4URduZIfGg8y/RQQNsZ94yJRDWPFPYGe2HL7FEMC/hdIVFyiIjdVOHcqkLXKEKV
NyiRcx0FgWlWRj4mzWo7k8KRHFXhiCv1vOWdULlM/VkJNX0uBmqjlE1k91BnQpLI
TSfBxjdLyOEFrK0WA09xo/pYyYWcnS/w5vuYHoIKvO8K2BrWPZMiUVM4JLqQZBaC
647rRAkqEoyrp/t3HhiAQpMCRULUaGcm2XtaMe/WblIDg8vy
-----END CERTIFICATE-----