Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa
File:                     AS25198.roa (raw, json)
Hash identifier:          wexB1BwEJMkUg7femu33oO/5rr/s7GLAnluKwgjoidU=
Subject key identifier:   C5:73:DB:3D:40:BA:BE:61:C0:C2:05:6B:D3:6E:46:36:F5:30:29:F5
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       03FFA931C3D9CB2AE64F0EB99F166C718696EB51
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa
Signing time:             Tue 25 Jun 2024 13:05:18 +0000
ROA not before:           Tue 25 Jun 2024 13:00:18 +0000
ROA not after:            Tue 24 Jun 2025 13:05:18 +0000
asID:                     25198
IP address blocks:        213.109.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ff:a9:31:c3:d9:cb:2a:e6:4f:0e:b9:9f:16:6c:71:86:96:eb:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 25 13:00:18 2024 GMT
            Not After : Jun 24 13:05:18 2025 GMT
        Subject: CN=C573DB3D40BABE61C0C2056BD36E4636F53029F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b9:dc:06:7d:d4:32:a5:0e:38:ac:a8:86:0d:
                    2b:92:d4:df:99:ea:20:c4:44:d6:f1:99:b7:3a:1f:
                    1e:eb:3c:7e:7c:64:45:1a:ce:5f:d1:d9:d9:65:e7:
                    61:72:81:06:87:e0:93:4b:7b:b6:68:f4:d2:dc:25:
                    45:88:7d:96:fd:65:df:35:4b:96:cd:0b:41:7c:ef:
                    39:e9:60:5f:88:fe:02:50:1c:a4:ba:2a:98:6f:91:
                    7d:b4:0c:fd:ee:dd:eb:31:70:9a:c9:ab:a5:8c:1c:
                    52:d0:75:2f:6a:5e:4a:0a:52:5c:2e:7d:bf:da:27:
                    33:ed:c9:f6:94:4e:87:7b:d1:93:98:37:18:8c:4b:
                    80:d7:b4:c6:0d:45:ff:26:68:73:45:47:65:0e:0d:
                    56:fb:a1:ad:9b:cb:d0:1c:b0:7a:94:49:24:13:1a:
                    5d:34:e4:45:0a:30:2e:47:e5:25:ab:0e:66:e0:77:
                    99:a7:3e:08:ea:0c:df:f6:d3:3b:2a:9f:d3:88:2f:
                    da:d8:e7:78:bc:d4:0e:80:ed:73:8e:57:68:34:29:
                    64:6d:3c:29:12:8a:90:08:31:a4:c3:ed:4b:05:19:
                    c1:4c:13:e6:4f:64:7a:92:50:c9:12:d3:c7:22:eb:
                    56:af:c7:91:61:91:7e:8e:2b:dc:87:e4:b6:5b:31:
                    50:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:73:DB:3D:40:BA:BE:61:C0:C2:05:6B:D3:6E:46:36:F5:30:29:F5
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25198.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:96:59:dd:5e:95:57:d0:f6:76:db:b4:85:96:ea:6d:02:49:
         1f:23:59:8f:c3:e5:03:0c:10:10:85:da:15:a4:d1:b1:27:cc:
         12:05:42:fa:b1:28:dd:99:d7:56:38:fd:f7:14:83:f2:da:a4:
         b3:d5:85:70:57:2f:d5:36:e5:90:1d:d9:37:0e:53:9d:3c:5a:
         9d:a5:6c:a8:b6:2a:a9:6b:38:89:e0:b0:07:ef:80:22:63:69:
         23:8d:60:be:31:d5:2e:7c:0c:0c:87:ff:b6:9a:33:cc:7e:61:
         a9:c5:63:33:5c:ac:e7:3a:e5:0e:c7:fb:23:6d:1c:5a:aa:be:
         c1:e4:a4:05:69:04:48:75:b1:ce:36:36:7b:a5:17:68:4f:47:
         00:df:26:e2:97:f3:77:60:fc:62:7a:ff:f2:3b:7b:22:f5:72:
         0e:e2:d6:1b:7f:09:cd:de:a4:e2:2e:f6:62:65:f7:39:cf:0a:
         92:4a:b5:14:e6:d8:42:49:97:20:2b:0f:cc:ac:f3:b8:98:44:
         76:df:74:a5:ed:82:c1:78:31:7b:27:d1:bd:bd:f2:17:0c:b1:
         59:f4:34:ae:30:4c:0b:0a:95:36:11:2d:37:8c:79:52:63:ea:
         71:8d:78:1c:f3:01:4b:e9:fa:06:0e:4c:fb:59:1c:98:4e:ea:
         9f:5e:6a:c9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUA/+pMcPZyyrmTw65nxZscYaW61EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MjUxMzAwMThaFw0yNTA2MjQxMzA1MThaMDMxMTAvBgNV
BAMTKEM1NzNEQjNENDBCQUJFNjFDMEMyMDU2QkQzNkU0NjM2RjUzMDI5RjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzudwGfdQypQ44rKiGDSuS1N+Z
6iDERNbxmbc6Hx7rPH58ZEUazl/R2dll52FygQaH4JNLe7Zo9NLcJUWIfZb9Zd81
S5bNC0F87znpYF+I/gJQHKS6KphvkX20DP3u3esxcJrJq6WMHFLQdS9qXkoKUlwu
fb/aJzPtyfaUTod70ZOYNxiMS4DXtMYNRf8maHNFR2UODVb7oa2by9AcsHqUSSQT
Gl005EUKMC5H5SWrDmbgd5mnPgjqDN/20zsqn9OIL9rY53i81A6A7XOOV2g0KWRt
PCkSipAIMaTD7UsFGcFME+ZPZHqSUMkS08ci61avx5FhkX6OK9yH5LZbMVD5AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxXPbPUC6vmHAwgVr025GNvUwKfUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjUxOTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVbagw
DQYJKoZIhvcNAQELBQADggEBAKCWWd1elVfQ9nbbtIWW6m0CSR8jWY/D5QMMEBCF
2hWk0bEnzBIFQvqxKN2Z11Y4/fcUg/LapLPVhXBXL9U25ZAd2TcOU508Wp2lbKi2
KqlrOIngsAfvgCJjaSONYL4x1S58DAyH/7aaM8x+YanFYzNcrOc65Q7H+yNtHFqq
vsHkpAVpBEh1sc42NnulF2hPRwDfJuKX83dg/GJ6//I7eyL1cg7i1ht/Cc3epOIu
9mJl9znPCpJKtRTm2EJJlyArD8ys87iYRHbfdKXtgsF4MXsn0b298hcMsVn0NK4w
TAsKlTYRLTeMeVJj6nGNeBzzAUvp+gYOTPtZHJhO6p9eask=
-----END CERTIFICATE-----