Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa
File:                     AS36352.roa (raw, json)
Hash identifier:          WlULyohRiWJqqoVGLb0GQlRWb3/ST6k4Nu9O7+yUF/A=
Subject key identifier:   0F:62:35:1F:CE:7E:9E:CE:2D:1D:A6:99:12:17:B2:7F:70:01:9A:1F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6B262E3370F468AD765D715442222EFB124539E2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa
Signing time:             Wed 01 Jan 2025 08:53:49 +0000
ROA not before:           Wed 01 Jan 2025 08:48:49 +0000
ROA not after:            Wed 31 Dec 2025 08:53:49 +0000
asID:                     36352
IP address blocks:        185.142.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:26:2e:33:70:f4:68:ad:76:5d:71:54:42:22:2e:fb:12:45:39:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:49 2025 GMT
            Not After : Dec 31 08:53:49 2025 GMT
        Subject: CN=0F62351FCE7E9ECE2D1DA6991217B27F70019A1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1f:71:f9:4a:41:f5:88:8a:e0:1c:e6:56:c7:
                    6c:74:7f:0e:d8:97:ee:99:d3:b6:59:58:5e:54:40:
                    83:cc:29:82:0b:55:d5:39:7f:7d:90:ac:6a:60:6c:
                    80:d2:7e:27:6e:31:ed:97:e2:cd:e0:de:5d:fe:a7:
                    14:4f:bd:e0:07:07:41:27:35:a1:e3:d3:fc:50:c7:
                    98:be:e6:d1:0e:13:3f:d7:42:1e:36:cc:2e:1a:6d:
                    31:4f:59:75:05:ac:39:80:2d:e4:b3:04:aa:43:ed:
                    cc:ef:24:c9:0d:05:69:e0:37:7f:6e:ec:98:01:d9:
                    da:fd:7c:fe:66:31:89:dd:5a:5d:f6:26:d2:78:a1:
                    fd:6f:c5:1c:b0:12:09:3f:a6:09:6a:ba:89:9c:25:
                    8b:55:df:d3:77:ab:75:c0:0c:8e:7d:ed:55:92:58:
                    5d:53:9d:2c:1d:c4:6d:3c:e2:53:3e:79:78:83:1f:
                    6c:22:3c:ca:08:3b:7a:0a:f2:53:9f:9c:ce:2c:60:
                    fe:c3:b7:b7:5a:7d:a2:cd:17:61:81:de:38:d0:86:
                    47:f8:62:0d:67:ef:47:d7:18:0f:b9:7d:42:9c:29:
                    0b:d7:55:f4:9e:f4:12:62:00:84:82:28:b4:91:de:
                    7b:61:64:ff:09:7e:db:2d:1c:16:bc:03:20:e0:cf:
                    74:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:62:35:1F:CE:7E:9E:CE:2D:1D:A6:99:12:17:B2:7F:70:01:9A:1F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS36352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:2f:d2:fc:33:99:69:00:eb:52:4d:eb:c4:46:17:e1:da:bb:
         bc:f5:8a:c3:f8:d3:75:08:95:47:34:a2:d3:b7:ad:80:a7:4e:
         c8:26:43:40:5d:81:18:4a:20:13:2c:b7:fb:08:fd:d4:e1:35:
         bb:1d:09:75:43:f4:6a:4d:77:a5:9f:48:4e:bf:a0:0e:34:15:
         9f:64:d0:2d:a4:b7:08:c6:27:07:b3:66:58:0b:42:2d:ed:29:
         b6:da:db:a9:68:2f:1a:48:23:b1:af:3c:61:01:6d:f2:f4:2c:
         9f:38:de:7c:e0:f6:0f:de:86:77:a9:a1:84:3a:af:05:27:6a:
         55:9e:75:e5:69:de:46:0f:68:a0:a6:17:05:77:2e:fe:6c:70:
         f7:d7:98:02:d3:38:c3:33:7b:bb:2c:ba:8a:bb:ac:6d:2a:96:
         5a:3e:bf:8d:9a:44:d5:7b:1f:5c:f5:4b:5f:22:1e:7e:af:0a:
         6f:5e:a6:a0:5f:32:a1:60:17:90:60:78:41:e4:74:83:41:99:
         c7:00:1e:54:59:40:b8:be:88:46:7b:b0:7f:3a:ba:5e:ed:2a:
         54:b5:aa:1e:0b:de:4f:cf:16:84:39:8b:17:8d:81:94:d9:7b:
         91:8c:cc:c4:9c:cd:c2:9c:a6:88:91:54:54:26:bd:1e:d9:15:
         42:b9:2b:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUayYuM3D0aK12XXFUQiIu+xJFOeIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NDlaFw0yNTEyMzEwODUzNDlaMDMxMTAvBgNV
BAMTKDBGNjIzNTFGQ0U3RTlFQ0UyRDFEQTY5OTEyMTdCMjdGNzAwMTlBMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2H3H5SkH1iIrgHOZWx2x0fw7Y
l+6Z07ZZWF5UQIPMKYILVdU5f32QrGpgbIDSfiduMe2X4s3g3l3+pxRPveAHB0En
NaHj0/xQx5i+5tEOEz/XQh42zC4abTFPWXUFrDmALeSzBKpD7czvJMkNBWngN39u
7JgB2dr9fP5mMYndWl32JtJ4of1vxRywEgk/pglquomcJYtV39N3q3XADI597VWS
WF1TnSwdxG084lM+eXiDH2wiPMoIO3oK8lOfnM4sYP7Dt7dafaLNF2GB3jjQhkf4
Yg1n70fXGA+5fUKcKQvXVfSe9BJiAISCKLSR3nthZP8JftstHBa8AyDgz3QNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUD2I1H85+ns4tHaaZEheyf3ABmh8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzYzNTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5jhkw
DQYJKoZIhvcNAQELBQADggEBAI0v0vwzmWkA61JN68RGF+Hau7z1isP403UIlUc0
otO3rYCnTsgmQ0BdgRhKIBMst/sI/dThNbsdCXVD9GpNd6WfSE6/oA40FZ9k0C2k
twjGJwezZlgLQi3tKbba26loLxpII7GvPGEBbfL0LJ843nzg9g/ehnepoYQ6rwUn
alWedeVp3kYPaKCmFwV3Lv5scPfXmALTOMMze7ssuoq7rG0qllo+v42aRNV7H1z1
S18iHn6vCm9epqBfMqFgF5BgeEHkdINBmccAHlRZQLi+iEZ7sH86ul7tKlS1qh4L
3k/PFoQ5ixeNgZTZe5GMzMSczcKcpoiRVFQmvR7ZFUK5Kw8=
-----END CERTIFICATE-----