Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          e9RbM2CH79vyMt6WlldIz/cImZt7RtoDZ2MbhnJAyEo=
Subject key identifier:   83:C0:A0:29:92:05:2E:B0:E4:F3:D2:C5:82:7B:15:10:6F:8A:B2:11
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2F94DDF43B13B39858C1FA3BD07939ED2A224AA4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa
Signing time:             Tue 25 Jul 2023 12:11:39 +0000
ROA not before:           Tue 25 Jul 2023 12:06:39 +0000
ROA not after:            Tue 23 Jul 2024 12:11:39 +0000
asID:                     25198
IP address blocks:        213.109.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:94:dd:f4:3b:13:b3:98:58:c1:fa:3b:d0:79:39:ed:2a:22:4a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 25 12:06:39 2023 GMT
            Not After : Jul 23 12:11:39 2024 GMT
        Subject: CN=83C0A02992052EB0E4F3D2C5827B15106F8AB211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:85:15:12:28:1e:fd:5d:05:ec:c7:5c:d2:69:
                    e8:4b:03:c4:ab:5a:78:e3:24:89:32:e3:bf:b0:b7:
                    08:43:f9:ed:bc:2b:20:55:b9:b9:86:a6:42:d3:c2:
                    06:b7:d9:d7:e7:e8:1d:a2:0c:e3:3f:69:8c:01:22:
                    e3:fc:3f:9d:6f:ef:be:31:a6:14:8c:3e:c4:76:40:
                    56:88:28:91:e6:59:b1:9a:2c:43:f2:82:40:c4:36:
                    78:2b:a4:f5:e7:06:6c:88:8a:17:84:d5:a7:b8:6e:
                    eb:0d:86:cc:e0:9e:66:bc:75:95:43:a2:dc:60:ff:
                    c2:a4:37:cc:ad:a7:30:0d:18:1a:a5:a0:a8:3c:34:
                    34:f3:f7:97:e7:a7:04:79:7b:6b:75:16:24:02:4c:
                    e5:5f:a9:67:0f:06:c7:0c:96:00:de:45:6c:cf:82:
                    d5:f7:74:dc:89:8d:67:f6:b4:65:f5:a0:5e:35:7f:
                    c3:82:cf:fc:d5:4b:d0:56:23:b7:8f:d7:87:e0:04:
                    92:10:5b:5e:e3:f6:25:a8:ee:0b:87:39:79:a1:1f:
                    c4:dd:6d:8a:41:9a:4c:74:bd:4f:17:3f:44:64:0d:
                    fb:b7:03:5c:10:ad:2f:93:0c:00:cc:2a:0b:6b:51:
                    3b:8f:f0:72:ee:b4:91:4c:e5:5d:6c:d9:61:12:93:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C0:A0:29:92:05:2E:B0:E4:F3:D2:C5:82:7B:15:10:6F:8A:B2:11
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:48:89:da:e7:e7:63:09:47:d1:54:9c:c0:c5:75:63:ae:4b:
         50:d5:b9:f7:11:d2:9e:fc:e1:a9:02:0b:30:04:14:02:f4:d6:
         2c:39:40:74:66:76:da:64:de:b3:7a:6b:61:97:74:4e:0b:6e:
         0d:08:86:d9:ac:15:78:4b:56:99:21:40:27:74:4a:a3:e6:17:
         0e:37:18:a4:e3:4e:6e:d4:52:ba:02:57:fa:02:d7:49:d4:14:
         1d:13:e1:37:2c:0c:5d:27:6a:c7:47:68:75:df:55:0a:e7:17:
         5c:f0:3d:d6:8f:9c:57:6b:64:73:ad:b1:d6:55:77:1d:d5:4c:
         01:73:f4:db:fc:98:8d:fb:37:11:72:1b:a1:af:97:5d:e1:0c:
         86:8b:24:fd:63:aa:71:95:cf:5c:b0:f1:f2:32:41:ca:ee:98:
         31:64:2e:d0:d7:df:ad:b1:69:08:fc:20:b3:97:fd:09:9e:08:
         a3:5f:de:de:58:57:bf:17:4f:0a:9e:ab:db:5e:99:ed:62:54:
         9c:cf:6d:ff:f8:d8:e8:7d:8b:b2:75:dc:62:03:d8:19:e2:a0:
         c8:69:61:d4:a3:1b:99:44:49:c9:79:75:54:ff:53:9d:fd:33:
         b1:92:38:5f:c4:38:ff:18:fc:0e:fd:42:4d:d8:f4:24:a8:54:
         d9:c0:18:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUL5Td9DsTs5hYwfo70Hk57SoiSqQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA3MjUxMjA2MzlaFw0yNDA3MjMxMjExMzlaMDMxMTAvBgNV
BAMTKDgzQzBBMDI5OTIwNTJFQjBFNEYzRDJDNTgyN0IxNTEwNkY4QUIyMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDChRUSKB79XQXsx1zSaehLA8Sr
WnjjJIky47+wtwhD+e28KyBVubmGpkLTwga32dfn6B2iDOM/aYwBIuP8P51v774x
phSMPsR2QFaIKJHmWbGaLEPygkDENngrpPXnBmyIiheE1ae4busNhszgnma8dZVD
otxg/8KkN8ytpzANGBqloKg8NDTz95fnpwR5e2t1FiQCTOVfqWcPBscMlgDeRWzP
gtX3dNyJjWf2tGX1oF41f8OCz/zVS9BWI7eP14fgBJIQW17j9iWo7guHOXmhH8Td
bYpBmkx0vU8XP0RkDfu3A1wQrS+TDADMKgtrUTuP8HLutJFM5V1s2WESk5b9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUg8CgKZIFLrDk89LFgnsVEG+KshEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVbagw
DQYJKoZIhvcNAQELBQADggEBAHdIidrn52MJR9FUnMDFdWOuS1DVufcR0p784akC
CzAEFAL01iw5QHRmdtpk3rN6a2GXdE4Lbg0IhtmsFXhLVpkhQCd0SqPmFw43GKTj
Tm7UUroCV/oC10nUFB0T4TcsDF0nasdHaHXfVQrnF1zwPdaPnFdrZHOtsdZVdx3V
TAFz9Nv8mI37NxFyG6Gvl13hDIaLJP1jqnGVz1yw8fIyQcrumDFkLtDX362xaQj8
ILOX/QmeCKNf3t5YV78XTwqeq9teme1iVJzPbf/42Oh9i7J13GID2BnioMhpYdSj
G5lEScl5dVT/U539M7GSOF/EOP8Y/A79Qk3Y9CSoVNnAGIc=
-----END CERTIFICATE-----