Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214483.roa
File:                     AS214483.roa (raw, json)
Hash identifier:          8hw49LZqQKZ8UkIOBE6i1BsQGq6owmQH4n1G36mVjZ4=
Subject key identifier:   74:48:01:69:82:1F:B1:63:4B:05:59:2E:B5:5F:21:5D:D3:6A:F4:4A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6098C91F23F37D38898DC2EE25224D8A53D0FFA3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214483.roa
Signing time:             Tue 26 Nov 2024 14:48:01 +0000
ROA not before:           Tue 26 Nov 2024 14:43:01 +0000
ROA not after:            Tue 25 Nov 2025 14:48:01 +0000
asID:                     214483
IP address blocks:        181.214.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:35:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:98:c9:1f:23:f3:7d:38:89:8d:c2:ee:25:22:4d:8a:53:d0:ff:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 26 14:43:01 2024 GMT
            Not After : Nov 25 14:48:01 2025 GMT
        Subject: CN=74480169821FB1634B05592EB55F215DD36AF44A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f9:65:2c:79:09:d7:8f:bf:a6:38:6b:0d:15:
                    d6:85:17:0e:19:98:ce:3f:3c:66:35:19:aa:8b:80:
                    da:42:ca:b2:a9:9f:ed:3a:b6:a9:f2:d4:9f:d9:98:
                    23:82:79:9a:e8:a3:21:76:84:a7:16:da:79:93:63:
                    4e:57:e2:8b:bf:cc:3c:8b:80:90:36:e6:0b:fd:7a:
                    01:e3:4a:a8:cd:9f:9a:95:c3:f9:ab:d2:a1:86:9d:
                    13:7a:dc:8e:d9:b6:66:84:1b:ed:00:c2:ca:1a:72:
                    06:2e:72:6e:57:63:f1:3a:49:37:fd:33:7d:35:8b:
                    0c:76:2b:fe:77:05:a3:0d:e1:1b:c3:e6:53:fa:65:
                    f9:ad:13:cb:ef:cd:be:21:b5:27:8e:88:79:71:bf:
                    98:fa:a2:ad:11:3b:12:9a:34:0d:8d:1a:a3:67:2d:
                    73:47:d1:60:1c:a7:1d:ae:e9:7a:e7:d0:6b:ba:b6:
                    92:1c:b8:ee:0f:bb:38:7c:79:11:d6:10:72:84:73:
                    b7:6f:9b:f4:e1:f6:81:ba:c2:51:17:7a:79:9a:a9:
                    5a:79:1e:cf:a4:76:b0:ac:94:4c:98:0b:f3:d9:3d:
                    db:3c:11:01:a1:4f:05:66:0a:20:31:3b:8e:0f:25:
                    21:f9:70:0b:94:cb:f2:ad:6c:86:63:21:83:d1:92:
                    70:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:48:01:69:82:1F:B1:63:4B:05:59:2E:B5:5F:21:5D:D3:6A:F4:4A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6a:8c:0b:e0:b3:62:40:68:3f:d8:f5:70:3b:f0:2e:ef:23:
         02:37:68:32:0d:1a:80:8d:3f:c3:aa:13:71:d2:47:1b:4d:04:
         a8:ab:0a:89:e0:3d:c9:f2:e0:9f:60:df:6d:ab:63:64:ab:f5:
         75:bf:4f:d3:4f:1f:ff:23:0c:cc:c0:6d:6d:96:9c:ec:61:c7:
         f6:d9:8b:36:6f:fc:f2:36:bb:42:a0:41:07:97:a8:05:56:84:
         01:6d:7c:3c:d0:de:96:16:ed:e3:f0:0b:99:92:1d:d1:3e:c9:
         2b:81:de:45:df:e2:71:8c:d9:13:2f:68:91:14:63:fb:b0:d8:
         63:e5:a2:7d:eb:21:a3:dc:b3:dd:c3:aa:c2:34:b9:8f:cc:63:
         6d:da:6d:45:dc:88:f1:19:78:ae:df:8a:23:0a:bf:d7:77:a7:
         39:89:66:aa:3c:5f:09:2e:89:2b:65:65:f2:e1:ce:c9:c9:b8:
         98:08:69:04:5f:54:4d:98:f3:0c:a8:71:c1:d0:fa:f0:d8:aa:
         f2:c4:4b:14:b5:24:79:e8:bd:2f:7a:1e:c6:a8:b4:e5:ec:75:
         3c:a4:8f:c6:05:9a:e2:6f:03:97:35:43:37:57:cf:1c:6c:13:
         32:fc:9e:df:bc:fd:6d:56:48:fa:d8:f4:19:1c:01:49:ca:5c:
         cf:25:46:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYJjJHyPzfTiJjcLuJSJNilPQ/6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMjYxNDQzMDFaFw0yNTExMjUxNDQ4MDFaMDMxMTAvBgNV
BAMTKDc0NDgwMTY5ODIxRkIxNjM0QjA1NTkyRUI1NUYyMTVERDM2QUY0NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW+WUseQnXj7+mOGsNFdaFFw4Z
mM4/PGY1GaqLgNpCyrKpn+06tqny1J/ZmCOCeZrooyF2hKcW2nmTY05X4ou/zDyL
gJA25gv9egHjSqjNn5qVw/mr0qGGnRN63I7ZtmaEG+0AwsoacgYucm5XY/E6STf9
M301iwx2K/53BaMN4RvD5lP6ZfmtE8vvzb4htSeOiHlxv5j6oq0ROxKaNA2NGqNn
LXNH0WAcpx2u6Xrn0Gu6tpIcuO4Puzh8eRHWEHKEc7dvm/Th9oG6wlEXenmaqVp5
Hs+kdrCslEyYC/PZPds8EQGhTwVmCiAxO44PJSH5cAuUy/KtbIZjIYPRknDFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdEgBaYIfsWNLBVkutV8hXdNq9EowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYh
MA0GCSqGSIb3DQEBCwUAA4IBAQB4aowL4LNiQGg/2PVwO/Au7yMCN2gyDRqAjT/D
qhNx0kcbTQSoqwqJ4D3J8uCfYN9tq2Nkq/V1v0/TTx//IwzMwG1tlpzsYcf22Ys2
b/zyNrtCoEEHl6gFVoQBbXw80N6WFu3j8AuZkh3RPskrgd5F3+JxjNkTL2iRFGP7
sNhj5aJ96yGj3LPdw6rCNLmPzGNt2m1F3IjxGXiu34ojCr/Xd6c5iWaqPF8JLokr
ZWXy4c7JybiYCGkEX1RNmPMMqHHB0Prw2KryxEsUtSR56L0veh7GqLTl7HU8pI/G
BZribwOXNUM3V88cbBMy/J7fvP1tVkj62PQZHAFJylzPJUYA
-----END CERTIFICATE-----