Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
File:                     AS267507.roa (raw, json)
Hash identifier:          OFVo9BCr3Hbf1NBDM3yhmpK78tpwkQO/TMWeHj9yoVE=
Subject key identifier:   05:84:56:8C:0A:18:C6:19:F0:F3:23:93:79:65:C1:E2:90:31:3C:03
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       572693F3F429C14AF94F281F10CE4B9528A83D88
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa
Signing time:             Mon 03 Mar 2025 12:24:55 +0000
ROA not before:           Mon 03 Mar 2025 12:19:55 +0000
ROA not after:            Mon 02 Mar 2026 12:24:55 +0000
asID:                     267507
IP address blocks:        191.96.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:26:93:f3:f4:29:c1:4a:f9:4f:28:1f:10:ce:4b:95:28:a8:3d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  3 12:19:55 2025 GMT
            Not After : Mar  2 12:24:55 2026 GMT
        Subject: CN=0584568C0A18C619F0F323937965C1E290313C03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:6b:cc:0f:4d:ac:d8:59:7c:3d:09:d6:4e:
                    73:ca:a6:22:19:31:5c:6d:91:ab:74:7f:0f:e2:6a:
                    06:7a:43:3f:82:39:fc:08:19:13:4a:7d:56:26:b7:
                    8d:f3:4c:7e:be:a7:e6:bd:c8:22:7f:4b:41:f0:75:
                    06:3c:10:ac:cb:18:8a:cd:af:3c:47:06:bf:9d:c4:
                    37:f3:08:fa:98:08:5f:3d:07:bc:f2:c3:24:94:68:
                    56:1a:bf:41:13:b8:b7:c2:be:99:9d:36:46:43:f8:
                    df:b1:67:4f:86:e9:29:e9:df:31:5c:a1:93:2b:3a:
                    b3:73:38:8d:f0:ec:c4:87:52:a0:66:23:80:a0:ca:
                    30:30:19:48:2d:d4:09:12:70:68:1d:ef:bc:16:2b:
                    0a:03:8f:00:23:93:40:62:a8:18:26:ae:8b:92:fd:
                    94:67:e1:f1:76:1c:0c:c3:b7:63:e9:42:d3:8c:21:
                    c7:6f:f5:68:3d:6d:e9:cf:a4:58:42:34:83:81:cf:
                    02:7b:26:f8:ba:7f:bb:68:2d:5a:69:d1:71:f4:33:
                    c8:97:b3:dc:d3:c6:18:c0:f1:59:14:63:a1:08:fa:
                    a9:fb:da:23:65:ce:24:72:6c:12:f5:42:93:ab:84:
                    2e:e5:c4:f2:09:58:9d:5b:04:55:6b:c3:81:e8:89:
                    ea:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:84:56:8C:0A:18:C6:19:F0:F3:23:93:79:65:C1:E2:90:31:3C:03
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS267507.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:5d:16:3d:01:9d:3c:c0:2e:6a:ed:02:41:ad:56:04:89:5e:
         01:90:98:c7:9b:b5:5a:69:1f:d5:79:a9:74:25:27:ae:e2:a5:
         ae:e2:32:1c:fa:7b:c0:96:c4:e1:bb:4f:fe:79:af:c8:5b:8a:
         c6:39:d6:a5:0f:cb:79:9c:d7:90:52:02:b4:da:19:a0:f0:56:
         e8:7b:14:d4:19:b7:99:dc:87:9e:ae:9c:b8:99:3a:5e:11:42:
         78:36:ca:94:21:51:72:1f:3d:e2:cf:fb:36:c8:ba:19:39:4f:
         18:6c:e1:f9:c1:60:00:19:90:d5:16:2b:3e:d3:61:f7:c7:92:
         dc:4b:f8:6b:c7:60:c7:19:b9:e4:63:38:d2:e0:e5:e4:47:7e:
         65:33:11:56:c1:bb:15:2b:c6:0f:71:5a:ab:30:af:e7:1c:09:
         ff:cc:f6:ac:27:d5:ce:0f:9a:c9:41:9e:fb:be:4d:61:2d:d2:
         5d:b9:b0:b8:dd:e3:a0:f3:26:4a:b5:3e:62:39:ac:fe:f1:35:
         51:5f:39:70:a0:96:11:14:7b:dc:25:c1:31:2e:5d:1e:df:30:
         79:b4:92:46:62:e7:9c:bc:b6:68:58:4e:93:a7:b2:25:09:69:
         05:68:61:c8:34:a3:1d:e8:c2:f7:4c:5f:04:e4:26:f5:1f:ab:
         72:88:3a:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVyaT8/QpwUr5TygfEM5LlSioPYgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMDMxMjE5NTVaFw0yNjAzMDIxMjI0NTVaMDMxMTAvBgNV
BAMTKDA1ODQ1NjhDMEExOEM2MTlGMEYzMjM5Mzc5NjVDMUUyOTAzMTNDMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIbWvMD02s2Fl8PQnWTnPKpiIZ
MVxtkat0fw/iagZ6Qz+COfwIGRNKfVYmt43zTH6+p+a9yCJ/S0HwdQY8EKzLGIrN
rzxHBr+dxDfzCPqYCF89B7zywySUaFYav0ETuLfCvpmdNkZD+N+xZ0+G6Snp3zFc
oZMrOrNzOI3w7MSHUqBmI4CgyjAwGUgt1AkScGgd77wWKwoDjwAjk0BiqBgmrouS
/ZRn4fF2HAzDt2PpQtOMIcdv9Wg9benPpFhCNIOBzwJ7Jvi6f7toLVpp0XH0M8iX
s9zTxhjA8VkUY6EI+qn72iNlziRybBL1QpOrhC7lxPIJWJ1bBFVrw4Hoieo/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBYRWjAoYxhnw8yOTeWXB4pAxPAMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjY3NTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AO
MA0GCSqGSIb3DQEBCwUAA4IBAQBAXRY9AZ08wC5q7QJBrVYEiV4BkJjHm7VaaR/V
eal0JSeu4qWu4jIc+nvAlsThu0/+ea/IW4rGOdalD8t5nNeQUgK02hmg8FboexTU
GbeZ3Ieerpy4mTpeEUJ4NsqUIVFyHz3iz/s2yLoZOU8YbOH5wWAAGZDVFis+02H3
x5LcS/hrx2DHGbnkYzjS4OXkR35lMxFWwbsVK8YPcVqrMK/nHAn/zPasJ9XOD5rJ
QZ77vk1hLdJdubC43eOg8yZKtT5iOaz+8TVRXzlwoJYRFHvcJcExLl0e3zB5tJJG
YuecvLZoWE6Tp7IlCWkFaGHINKMd6ML3TF8E5Cb1H6tyiDoS
-----END CERTIFICATE-----