Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          iLxH9DZF2U561kDw3c6Gg0E8FX1W4kP9jbbN5X2uaaQ=
Subject key identifier:   6F:39:FE:F7:18:A3:DE:29:6F:17:E1:3B:69:59:2F:71:86:CE:48:83
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7C4C636A7B8C310054389872DA28349B1DA3810D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa
Signing time:             Fri 23 May 2025 13:20:44 +0000
ROA not before:           Fri 23 May 2025 13:15:44 +0000
ROA not after:            Fri 22 May 2026 13:20:44 +0000
asID:                     25369
IP address blocks:        85.209.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:4c:63:6a:7b:8c:31:00:54:38:98:72:da:28:34:9b:1d:a3:81:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 23 13:15:44 2025 GMT
            Not After : May 22 13:20:44 2026 GMT
        Subject: CN=6F39FEF718A3DE296F17E13B69592F7186CE4883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c4:11:bb:43:57:bf:46:90:ca:4e:db:49:c6:
                    45:84:7d:d1:31:77:8f:70:ae:d2:b6:5f:e3:bb:4c:
                    30:80:42:38:ef:ce:7b:98:b9:db:35:b5:8e:a7:14:
                    4f:18:db:86:41:16:57:f5:89:a2:31:4e:f9:6a:b2:
                    e3:1d:94:82:37:cb:0a:6a:74:d4:dc:c0:cf:07:c6:
                    38:e7:20:94:23:f1:27:5b:e1:20:b3:5e:85:43:17:
                    7e:92:90:12:ce:f5:91:50:a8:75:6c:64:ee:79:ad:
                    8a:1a:3f:10:22:75:f9:f5:92:49:f9:81:e8:cf:24:
                    f8:fb:7c:77:7b:22:62:de:05:fd:ea:de:7e:db:cb:
                    60:c7:c3:a3:fc:72:44:08:7c:04:86:ad:41:b6:74:
                    51:ec:73:c3:ed:46:35:d2:e2:e8:a6:dc:72:e2:29:
                    d4:cc:43:4c:be:a8:c1:25:2a:93:06:02:e3:78:64:
                    0e:c0:42:1c:76:ca:6d:61:b1:28:c7:96:33:88:0f:
                    e0:35:02:67:14:6f:a4:b0:08:f7:bb:08:41:83:fb:
                    88:46:46:56:67:b1:b1:b5:3f:cc:2c:1e:38:95:0c:
                    7a:44:24:69:0e:38:90:ba:c8:ff:06:06:86:1a:b3:
                    9a:2a:d1:0a:a5:66:ea:64:c4:69:6a:85:56:71:42:
                    16:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:39:FE:F7:18:A3:DE:29:6F:17:E1:3B:69:59:2F:71:86:CE:48:83
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ca:ae:3c:66:1b:66:91:a3:9e:be:16:89:6a:29:14:01:98:
         e3:e2:83:d7:b5:b0:0e:91:e3:e2:e5:75:89:a2:35:17:1a:a0:
         24:1b:b7:24:53:5a:41:ed:8d:f5:b9:15:7d:1d:03:5f:a6:eb:
         22:f0:17:59:d7:3f:74:fc:3f:9f:fe:4c:bc:d6:59:93:d2:44:
         0b:28:03:51:20:d9:7c:1e:80:a9:33:cf:1e:8a:c3:e6:fa:5e:
         49:0b:df:c0:dc:1d:9e:00:65:98:69:6d:71:e7:a3:b8:22:19:
         a7:93:d0:5d:2e:77:98:ca:97:3d:9c:d4:a5:ac:44:5f:9a:cd:
         61:13:0f:5c:90:ad:33:44:0f:0c:31:42:ca:be:16:ae:33:c6:
         40:ec:47:aa:88:48:17:37:88:b8:23:b0:50:13:a6:bc:25:f7:
         2a:b4:fc:ae:00:e1:2a:7c:55:67:04:f4:75:e1:88:eb:21:b3:
         4e:43:42:8a:3f:43:18:a2:c7:26:3f:8a:c1:dc:6e:d0:37:a6:
         5f:19:d1:62:90:be:e1:0f:4d:b3:1d:55:cf:fe:d0:43:77:2b:
         eb:61:ff:6d:46:0d:96:cb:a6:6d:0b:18:75:5d:20:5e:f1:8c:
         02:d1:c0:5b:18:ef:c4:2b:d7:81:bd:0f:56:c5:70:5e:7a:14:
         a7:9b:d4:d0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfExjanuMMQBUOJhy2ig0mx2jgQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MjMxMzE1NDRaFw0yNjA1MjIxMzIwNDRaMDMxMTAvBgNV
BAMTKDZGMzlGRUY3MThBM0RFMjk2RjE3RTEzQjY5NTkyRjcxODZDRTQ4ODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChxBG7Q1e/RpDKTttJxkWEfdEx
d49wrtK2X+O7TDCAQjjvznuYuds1tY6nFE8Y24ZBFlf1iaIxTvlqsuMdlII3ywpq
dNTcwM8HxjjnIJQj8Sdb4SCzXoVDF36SkBLO9ZFQqHVsZO55rYoaPxAidfn1kkn5
gejPJPj7fHd7ImLeBf3q3n7by2DHw6P8ckQIfASGrUG2dFHsc8PtRjXS4uim3HLi
KdTMQ0y+qMElKpMGAuN4ZA7AQhx2ym1hsSjHljOID+A1AmcUb6SwCPe7CEGD+4hG
RlZnsbG1P8wsHjiVDHpEJGkOOJC6yP8GBoYas5oq0QqlZupkxGlqhVZxQhZjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUbzn+9xij3ilvF+E7aVkvcYbOSIMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABV0bEw
DQYJKoZIhvcNAQELBQADggEBALTKrjxmG2aRo56+FolqKRQBmOPig9e1sA6R4+Ll
dYmiNRcaoCQbtyRTWkHtjfW5FX0dA1+m6yLwF1nXP3T8P5/+TLzWWZPSRAsoA1Eg
2XwegKkzzx6Kw+b6XkkL38DcHZ4AZZhpbXHno7giGaeT0F0ud5jKlz2c1KWsRF+a
zWETD1yQrTNEDwwxQsq+Fq4zxkDsR6qISBc3iLgjsFATprwl9yq0/K4A4Sp8VWcE
9HXhiOshs05DQoo/QxiixyY/isHcbtA3pl8Z0WKQvuEPTbMdVc/+0EN3K+th/21G
DZbLpm0LGHVdIF7xjALRwFsY78Qr14G9D1bFcF56FKeb1NA=
-----END CERTIFICATE-----