Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
File:                     AS265919.roa (raw, json)
Hash identifier:          IKblZhIP3eldqoTCUZPGaJDdN8TFtfOwXrz9d6Y3xEY=
Subject key identifier:   B1:D5:14:5A:BC:C3:DB:5E:F9:FB:98:7C:DB:8B:85:54:8A:FC:C3:72
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       41329C71A1B6A3ACC0968859CC2C8519C9F2DDA5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa
Signing time:             Fri 04 Apr 2025 14:54:00 +0000
ROA not before:           Fri 04 Apr 2025 14:49:00 +0000
ROA not after:            Fri 03 Apr 2026 14:54:00 +0000
asID:                     265919
IP address blocks:        191.96.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:32:9c:71:a1:b6:a3:ac:c0:96:88:59:cc:2c:85:19:c9:f2:dd:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  4 14:49:00 2025 GMT
            Not After : Apr  3 14:54:00 2026 GMT
        Subject: CN=B1D5145ABCC3DB5EF9FB987CDB8B85548AFCC372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:79:48:27:bf:f3:27:04:c9:78:9b:60:aa:c4:
                    ab:a0:6b:1f:b7:e2:97:d0:f8:6d:a5:c9:db:1c:9f:
                    98:f7:4f:f1:9d:e2:1e:a7:e0:f2:22:a0:df:5c:be:
                    fd:94:e3:e9:56:36:4e:b1:9f:a1:b4:c6:a8:9a:2b:
                    3c:a2:27:3f:e7:91:85:59:a3:95:9b:6b:35:42:7e:
                    c7:81:24:6d:1d:07:c9:56:fb:75:ba:3e:d0:74:44:
                    6d:30:1e:92:71:37:af:62:4f:84:b5:ee:54:34:96:
                    3b:11:0d:1c:7e:07:d7:22:10:f2:11:a2:57:99:63:
                    3a:71:85:83:d4:7c:4e:17:a5:88:cf:88:73:15:42:
                    22:b2:18:68:0b:20:96:79:31:3f:1e:3a:ee:b9:99:
                    8e:b0:0a:d8:42:23:8d:39:3e:ca:c0:ec:b0:f4:ae:
                    7f:5a:71:18:db:2d:1c:5c:8d:52:e3:97:e7:88:a9:
                    69:fb:2f:9c:ff:2d:78:e2:02:e6:3d:ee:90:8a:54:
                    50:ae:f6:0f:7c:a6:57:71:8e:b0:16:9d:09:b6:74:
                    18:e2:c1:9e:87:9c:d1:9d:b4:05:ac:be:ed:18:44:
                    4f:e5:07:62:10:01:6b:94:8d:8a:e6:62:c5:06:4f:
                    44:bd:a5:35:cb:f0:97:9f:ee:fd:b5:ec:f1:cd:5c:
                    16:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D5:14:5A:BC:C3:DB:5E:F9:FB:98:7C:DB:8B:85:54:8A:FC:C3:72
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS265919.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ea:ac:41:a5:6a:10:ed:72:2a:39:96:b5:69:2c:d7:80:4e:
         65:eb:77:e2:4a:ae:40:d6:dc:dc:8a:9c:95:10:24:33:56:8d:
         7d:4c:b1:fc:e0:0b:45:1a:40:df:56:8c:65:84:7d:aa:d1:9c:
         9c:bc:79:bf:7e:de:ab:f1:aa:03:1b:d2:c2:40:fe:06:e7:d6:
         12:f2:0b:1e:91:a1:26:f8:f7:e4:14:95:b8:57:96:e4:70:f9:
         44:b5:2e:e8:30:7a:3d:61:88:50:f8:18:eb:08:ec:02:84:84:
         b4:16:6a:c2:45:06:9c:dc:61:c6:e4:be:fb:eb:38:9a:5a:d1:
         aa:95:33:a1:08:6a:f0:70:c2:ee:8c:2e:4c:2f:42:0e:47:a8:
         67:74:71:c0:e1:09:f4:1c:c5:e2:69:cd:a1:30:5d:d8:28:fa:
         58:b3:22:9f:d7:bd:a7:c8:f3:ff:47:f1:ac:77:4f:ff:fc:b4:
         e6:ec:5e:83:68:79:f3:70:7a:dc:ad:c3:ae:96:22:f3:f2:a5:
         b1:d9:25:1d:82:b9:76:a2:28:65:c7:ea:db:71:bb:52:c8:83:
         41:3d:2b:91:e7:c2:28:6b:57:cf:04:fd:c6:3a:5a:40:45:fe:
         75:2c:00:48:33:db:1c:99:bf:de:4e:d4:1e:35:9c:21:a9:40:
         4e:ab:91:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQTKccaG2o6zAlohZzCyFGcny3aUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA0MDQxNDQ5MDBaFw0yNjA0MDMxNDU0MDBaMDMxMTAvBgNV
BAMTKEIxRDUxNDVBQkNDM0RCNUVGOUZCOTg3Q0RCOEI4NTU0OEFGQ0MzNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCieUgnv/MnBMl4m2CqxKugax+3
4pfQ+G2lydscn5j3T/Gd4h6n4PIioN9cvv2U4+lWNk6xn6G0xqiaKzyiJz/nkYVZ
o5WbazVCfseBJG0dB8lW+3W6PtB0RG0wHpJxN69iT4S17lQ0ljsRDRx+B9ciEPIR
oleZYzpxhYPUfE4XpYjPiHMVQiKyGGgLIJZ5MT8eOu65mY6wCthCI405PsrA7LD0
rn9acRjbLRxcjVLjl+eIqWn7L5z/LXjiAuY97pCKVFCu9g98pldxjrAWnQm2dBji
wZ6HnNGdtAWsvu0YRE/lB2IQAWuUjYrmYsUGT0S9pTXL8Jef7v217PHNXBbtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUsdUUWrzD2175+5h824uFVIr8w3IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY1OTE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2BR
MA0GCSqGSIb3DQEBCwUAA4IBAQA36qxBpWoQ7XIqOZa1aSzXgE5l63fiSq5A1tzc
ipyVECQzVo19TLH84AtFGkDfVoxlhH2q0ZycvHm/ft6r8aoDG9LCQP4G59YS8gse
kaEm+PfkFJW4V5bkcPlEtS7oMHo9YYhQ+BjrCOwChIS0FmrCRQac3GHG5L776zia
WtGqlTOhCGrwcMLujC5ML0IOR6hndHHA4Qn0HMXiac2hMF3YKPpYsyKf172nyPP/
R/Gsd0///LTm7F6DaHnzcHrcrcOuliLz8qWx2SUdgrl2oihlx+rbcbtSyINBPSuR
58Ioa1fPBP3GOlpARf51LABIM9scmb/eTtQeNZwhqUBOq5FJ
-----END CERTIFICATE-----