Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa
File:                     AS214326.roa (raw, json)
Hash identifier:          5YMZbyUi3J35rIqCpmqfaABfjK5d/zg2QLLJPeSUiDw=
Subject key identifier:   54:CC:2D:42:25:81:1A:A7:2A:D0:77:90:17:1A:1E:C6:D4:EA:16:3B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       24974F65141AE1968712D222C9937FA3AA776220
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa
Signing time:             Tue 02 Sep 2025 15:55:42 +0000
ROA not before:           Tue 02 Sep 2025 15:50:42 +0000
ROA not after:            Tue 01 Sep 2026 15:55:42 +0000
asID:                     214326
IP address blocks:        179.61.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:97:4f:65:14:1a:e1:96:87:12:d2:22:c9:93:7f:a3:aa:77:62:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  2 15:50:42 2025 GMT
            Not After : Sep  1 15:55:42 2026 GMT
        Subject: CN=54CC2D4225811AA72AD07790171A1EC6D4EA163B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ad:00:7f:cb:c6:93:ca:5a:c3:9b:68:96:a5:
                    02:36:a4:63:da:c2:bf:0a:e4:e8:2c:e2:70:10:f3:
                    91:e6:a7:c5:58:55:b2:36:b1:bf:5c:c5:64:32:e2:
                    c5:73:b7:46:36:8e:02:15:56:fe:8f:c3:c0:cf:cb:
                    63:38:91:92:be:de:8a:af:36:25:b1:b5:7d:a4:de:
                    92:a0:1c:51:51:e1:8f:26:5b:8e:38:77:dd:18:95:
                    fe:af:ef:ce:a8:53:9a:32:d2:82:0a:a0:d6:cf:0d:
                    d0:b8:a5:94:70:be:80:46:9d:78:9b:dc:c8:6f:3d:
                    44:31:b3:26:40:84:d3:f6:5f:b3:93:cc:9a:c5:5f:
                    98:3e:ed:f8:57:47:8a:e3:ec:45:db:67:a7:5e:0d:
                    70:2d:4d:a4:b7:d0:97:b2:13:2b:f9:c4:c4:b2:d7:
                    2e:50:82:4d:ed:95:e9:df:d5:c6:1e:27:4d:a6:80:
                    43:3f:45:a1:28:52:4b:ee:f6:b6:fa:f4:5a:85:63:
                    52:14:d6:bb:19:09:47:d3:fd:c6:db:8e:ca:e9:ca:
                    cf:98:c6:bf:30:2e:a6:9f:0f:45:d6:c1:e9:d4:68:
                    c1:7e:ae:d3:f9:52:9e:a3:14:a9:f5:16:de:4d:5d:
                    d2:f6:65:28:9d:eb:ad:f1:9e:8c:87:a2:3f:df:de:
                    be:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CC:2D:42:25:81:1A:A7:2A:D0:77:90:17:1A:1E:C6:D4:EA:16:3B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:2c:cc:f9:38:78:3f:04:fa:ae:3a:16:ec:39:aa:12:f3:f3:
         42:45:27:c9:9f:31:1b:1e:34:08:d2:df:67:ac:d2:ad:1e:36:
         5a:6f:8a:6e:54:84:5b:b9:0e:9c:f7:68:31:a7:bc:29:14:10:
         d1:2b:d3:ff:0b:30:c1:b7:b7:bb:69:57:7c:b2:30:2b:a1:68:
         28:39:b7:b8:6d:a1:64:3d:77:47:6c:fe:13:3f:d6:d4:2d:1b:
         5a:ea:f6:7c:ed:4c:11:8f:cf:8f:15:57:86:a6:91:67:e4:d0:
         e5:b7:c1:f3:a6:44:ec:76:07:11:d5:c7:89:ea:2f:f7:d8:cf:
         74:91:ae:fd:e6:c7:40:eb:1d:f5:f7:c3:f6:87:2b:b1:52:5f:
         78:47:77:8f:5d:07:e4:c0:bc:00:50:21:f7:43:a6:7e:ef:1c:
         97:8d:f0:f1:f5:a3:b8:3f:11:cd:c6:0e:01:57:3a:8b:6a:45:
         73:83:e8:77:1f:99:9a:80:55:e6:17:00:90:4e:1a:4c:01:73:
         66:a1:93:90:26:a5:22:1f:f6:36:4e:8a:1e:e3:3d:c0:97:85:
         de:5d:9f:e0:2d:22:7f:10:cb:b9:eb:a7:fe:29:4d:7d:f0:b0:
         f4:ae:37:50:1d:0a:54:dc:48:22:75:61:87:38:98:8a:b9:60:
         ef:11:b1:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJJdPZRQa4ZaHEtIiyZN/o6p3YiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDIxNTUwNDJaFw0yNjA5MDExNTU1NDJaMDMxMTAvBgNV
BAMTKDU0Q0MyRDQyMjU4MTFBQTcyQUQwNzc5MDE3MUExRUM2RDRFQTE2M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLrQB/y8aTylrDm2iWpQI2pGPa
wr8K5Ogs4nAQ85Hmp8VYVbI2sb9cxWQy4sVzt0Y2jgIVVv6Pw8DPy2M4kZK+3oqv
NiWxtX2k3pKgHFFR4Y8mW444d90Ylf6v786oU5oy0oIKoNbPDdC4pZRwvoBGnXib
3MhvPUQxsyZAhNP2X7OTzJrFX5g+7fhXR4rj7EXbZ6deDXAtTaS30JeyEyv5xMSy
1y5Qgk3tlenf1cYeJ02mgEM/RaEoUkvu9rb69FqFY1IU1rsZCUfT/cbbjsrpys+Y
xr8wLqafD0XWwenUaMF+rtP5Up6jFKn1Ft5NXdL2ZSid663xnoyHoj/f3r5TAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVMwtQiWBGqcq0HeQFxoextTqFjswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MzI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsz2u
MA0GCSqGSIb3DQEBCwUAA4IBAQCILMz5OHg/BPquOhbsOaoS8/NCRSfJnzEbHjQI
0t9nrNKtHjZab4puVIRbuQ6c92gxp7wpFBDRK9P/CzDBt7e7aVd8sjAroWgoObe4
baFkPXdHbP4TP9bULRta6vZ87UwRj8+PFVeGppFn5NDlt8HzpkTsdgcR1ceJ6i/3
2M90ka795sdA6x3198P2hyuxUl94R3ePXQfkwLwAUCH3Q6Z+7xyXjfDx9aO4PxHN
xg4BVzqLakVzg+h3H5magFXmFwCQThpMAXNmoZOQJqUiH/Y2Tooe4z3Al4XeXZ/g
LSJ/EMu566f+KU198LD0rjdQHQpU3EgidWGHOJiKuWDvEbFG
-----END CERTIFICATE-----