Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28414.roa
File:                     AS28414.roa (raw, json)
Hash identifier:          h75Fy2qqAf7guuEnP01FDqadfJO65Stylfdc4Y0zBYk=
Subject key identifier:   60:FE:32:10:55:41:05:B5:3B:A0:EA:AD:1F:C5:9E:F2:D0:2A:DB:1A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       576F3546A1EAC8C3E7FFFB737C712BBC64CD0383
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28414.roa
Signing time:             Mon 10 Jun 2024 21:05:25 +0000
ROA not before:           Mon 10 Jun 2024 21:00:25 +0000
ROA not after:            Mon 09 Jun 2025 21:05:25 +0000
asID:                     28414
IP address blocks:        191.96.145.0/24 maxlen: 24
                          191.96.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:6f:35:46:a1:ea:c8:c3:e7:ff:fb:73:7c:71:2b:bc:64:cd:03:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 10 21:00:25 2024 GMT
            Not After : Jun  9 21:05:25 2025 GMT
        Subject: CN=60FE3210554105B53BA0EAAD1FC59EF2D02ADB1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a7:71:fb:e3:c5:83:2b:8b:7b:0d:e4:9d:5f:
                    10:42:26:b7:f9:cf:ca:c5:08:3e:f8:b9:9f:74:54:
                    f1:7c:94:2e:08:ea:b0:df:11:ed:3b:6e:47:a5:3f:
                    e1:6f:2a:e4:82:f9:e0:15:4e:f9:eb:a7:de:29:39:
                    ca:d7:8c:40:51:72:89:78:16:68:2a:73:cd:30:0d:
                    84:da:6c:f8:eb:28:b5:0c:cc:3e:d6:ea:f1:43:a5:
                    ab:40:d1:19:08:10:47:05:00:1e:9a:0f:8e:dd:47:
                    70:43:dd:45:1d:4d:54:fc:14:49:3b:5c:93:c3:2f:
                    92:e5:c4:d1:58:64:d7:5c:f9:fa:5e:1d:5b:d5:3e:
                    1e:a6:55:50:43:d3:bb:23:76:0d:30:dc:d1:7d:48:
                    8e:dd:7e:16:9d:2c:a6:bc:94:58:39:69:5a:f2:0c:
                    02:8a:94:19:a3:24:b9:a3:6f:5c:9a:88:c4:42:ef:
                    7f:00:e8:58:06:cc:38:7a:4e:4c:c2:38:26:10:71:
                    4d:71:bb:30:8e:0f:f4:af:9b:f7:d4:11:a5:19:e5:
                    4b:9e:ed:83:2a:21:a0:e5:67:f0:00:e0:d9:df:e3:
                    e1:a8:ed:76:cb:7c:d9:f5:9e:61:70:2e:e2:e8:a6:
                    3e:6d:61:43:80:e6:7d:ce:94:77:e5:15:18:7c:ac:
                    f2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FE:32:10:55:41:05:B5:3B:A0:EA:AD:1F:C5:9E:F2:D0:2A:DB:1A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS28414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.145.0/24
                  191.96.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ad:d0:31:d0:32:67:e5:c5:15:2d:60:fd:55:42:e2:e0:d6:
         b4:85:11:bf:4f:e6:5e:d9:d4:50:d3:d3:8d:71:a4:5f:0b:0e:
         e8:b0:15:97:e4:c3:4b:72:90:54:2c:a0:d2:08:c6:2d:59:78:
         c7:df:79:07:e2:a3:fe:5b:f6:db:2a:89:dd:0c:a6:70:1a:c4:
         b7:6f:43:36:3b:c2:fc:bd:83:75:76:b6:91:fe:26:d5:1a:82:
         66:ce:8d:f6:c2:0d:c7:be:8a:87:c1:52:60:bb:ae:cd:c9:4b:
         ee:1b:da:63:03:22:3a:6f:eb:f2:a3:ca:6d:66:a1:45:f9:0f:
         9e:b7:7f:8d:aa:29:36:7b:ae:0a:40:92:4e:9b:cf:af:8e:c6:
         b4:be:fc:e2:55:1e:66:7c:c6:ce:9b:e3:dc:74:8e:cc:e9:67:
         9f:e0:8e:48:a2:9e:85:92:1a:a8:87:60:20:fd:63:bd:36:2c:
         66:30:7e:54:64:bb:ec:7c:44:6b:a1:e1:70:00:6b:01:8a:70:
         3b:af:b9:f2:b7:2d:28:cb:72:7d:6a:a1:ef:c6:a5:39:de:c4:
         13:0b:2b:f8:62:37:f4:69:ab:35:a6:de:48:a2:8f:db:bf:3b:
         18:07:29:1c:a1:af:c6:29:c1:bb:cc:8f:e6:63:31:e4:e0:f1:
         46:c2:36:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUV281RqHqyMPn//tzfHErvGTNA4MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA2MTAyMTAwMjVaFw0yNTA2MDkyMTA1MjVaMDMxMTAvBgNV
BAMTKDYwRkUzMjEwNTU0MTA1QjUzQkEwRUFBRDFGQzU5RUYyRDAyQURCMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHp3H748WDK4t7DeSdXxBCJrf5
z8rFCD74uZ90VPF8lC4I6rDfEe07bkelP+FvKuSC+eAVTvnrp94pOcrXjEBRcol4
Fmgqc80wDYTabPjrKLUMzD7W6vFDpatA0RkIEEcFAB6aD47dR3BD3UUdTVT8FEk7
XJPDL5LlxNFYZNdc+fpeHVvVPh6mVVBD07sjdg0w3NF9SI7dfhadLKa8lFg5aVry
DAKKlBmjJLmjb1yaiMRC738A6FgGzDh6TkzCOCYQcU1xuzCOD/Svm/fUEaUZ5Uue
7YMqIaDlZ/AA4Nnf4+Go7XbLfNn1nmFwLuLopj5tYUOA5n3OlHflFRh8rPLDAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUYP4yEFVBBbU7oOqtH8We8tAq2xowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjg0MTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC/YJED
BAC/YL4wDQYJKoZIhvcNAQELBQADggEBAEKt0DHQMmflxRUtYP1VQuLg1rSFEb9P
5l7Z1FDT041xpF8LDuiwFZfkw0tykFQsoNIIxi1ZeMffeQfio/5b9tsqid0MpnAa
xLdvQzY7wvy9g3V2tpH+JtUagmbOjfbCDce+iofBUmC7rs3JS+4b2mMDIjpv6/Kj
ym1moUX5D563f42qKTZ7rgpAkk6bz6+OxrS+/OJVHmZ8xs6b49x0jszpZ5/gjkii
noWSGqiHYCD9Y702LGYwflRku+x8RGuh4XAAawGKcDuvufK3LSjLcn1qoe/GpTne
xBMLK/hiN/RpqzWm3kiij9u/OxgHKRyhr8YpwbvMj+ZjMeTg8UbCNoY=
-----END CERTIFICATE-----