Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          6+X0Yo11oIhmjRSMGHfcSCQ2jxZsDt4Rz2inpei+XU4=
Subject key identifier:   35:88:35:9D:00:10:07:D1:C3:D0:02:02:1F:0B:C5:25:25:1C:93:82
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5A6F6663830C0EB25F95F9CD9BE9EFB1E17AB93E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
Signing time:             Wed 03 Apr 2024 00:00:08 +0000
ROA not before:           Tue 02 Apr 2024 23:55:08 +0000
ROA not after:            Wed 02 Apr 2025 00:00:08 +0000
asID:                     397630
IP address blocks:        181.214.57.0/24 maxlen: 24
                          191.101.77.0/24 maxlen: 24
                          191.101.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:6f:66:63:83:0c:0e:b2:5f:95:f9:cd:9b:e9:ef:b1:e1:7a:b9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  2 23:55:08 2024 GMT
            Not After : Apr  2 00:00:08 2025 GMT
        Subject: CN=3588359D001007D1C3D002021F0BC525251C9382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:22:7a:95:ff:aa:6b:95:da:80:e8:15:29:8a:
                    4b:2c:20:21:9f:39:c9:eb:1b:f3:5d:1f:84:c8:77:
                    b3:5e:80:28:e6:41:4d:6e:5f:96:f4:b4:3c:57:96:
                    4b:b7:79:90:ad:e5:90:1e:03:30:92:6f:25:74:c0:
                    6c:52:b6:92:8a:91:4d:12:ce:04:f5:f3:af:74:0b:
                    f0:ab:b8:56:b7:c3:d6:bc:62:f5:53:a3:41:7e:4e:
                    f7:33:f5:d0:5d:b6:10:0c:d5:9a:cf:7e:5f:47:90:
                    33:07:c1:83:e7:d5:10:24:98:0c:1a:73:dd:9c:4d:
                    4a:88:94:b0:0b:7f:9f:f0:e8:22:e0:9f:c5:f9:49:
                    cb:91:d9:f1:44:ed:f0:6f:2c:20:97:55:16:b6:d0:
                    6b:d6:d3:9a:38:87:68:b6:94:1c:a2:b1:9e:99:49:
                    d7:8d:6d:22:cd:bf:2e:ba:6e:ee:94:33:a0:9e:60:
                    55:53:d6:aa:cd:f9:d1:2f:06:d8:e0:7a:3a:8f:8c:
                    14:f5:c2:64:23:2d:6f:38:e0:73:09:92:01:de:37:
                    d3:99:c6:e5:35:32:66:af:f9:a9:81:00:3c:2b:91:
                    a9:3c:a1:0e:bd:62:7d:2a:95:70:c0:7d:be:eb:d7:
                    3b:e3:d8:c8:70:7c:50:46:bd:d9:a5:fc:84:b0:6f:
                    42:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:88:35:9D:00:10:07:D1:C3:D0:02:02:1F:0B:C5:25:25:1C:93:82
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.57.0/24
                  191.101.77.0/24
                  191.101.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:9c:c5:7b:73:26:3a:40:bf:09:8e:19:08:b9:ef:5c:88:a7:
         69:96:ce:53:71:37:5b:54:d4:8c:aa:3d:f6:34:1d:76:01:91:
         0c:99:8b:7f:f0:c8:ff:d0:4c:fc:bd:57:ce:82:24:cb:8e:2f:
         26:43:4c:5f:28:fa:c0:78:22:dd:a5:b8:1e:68:f9:4c:2a:78:
         98:f4:c1:ea:40:9a:66:80:5c:dd:5d:1e:b5:c7:9a:3b:dc:b5:
         1e:0c:d7:9d:3b:ba:a6:66:fc:1c:79:55:dd:ce:45:9e:d1:1b:
         1f:af:8f:2f:83:9c:22:7f:3f:2d:c9:74:e1:30:5c:3d:0e:5d:
         80:7a:78:64:29:2e:c6:9b:bd:e7:1f:b5:9d:3d:15:cc:55:6d:
         72:aa:a6:f6:7d:80:1a:87:c0:1a:8f:8d:2b:a5:68:8d:ac:28:
         53:53:83:e0:b7:18:ef:48:83:cd:bb:01:b2:8d:81:1b:30:bf:
         84:0e:44:5d:4d:33:46:c3:c6:ba:de:88:4c:1b:36:e8:f6:02:
         a6:a1:66:25:8e:bf:23:ae:d6:62:dc:08:3f:22:3f:ee:f9:e2:
         e0:9c:a7:eb:fa:ee:3f:a9:9c:7f:7d:f2:5c:60:b0:2d:c1:e0:
         e7:33:44:f2:e0:ec:80:a2:fd:2d:45:d4:f7:fc:a1:69:3f:42:
         e0:04:78:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUWm9mY4MMDrJflfnNm+nvseF6uT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MDIyMzU1MDhaFw0yNTA0MDIwMDAwMDhaMDMxMTAvBgNV
BAMTKDM1ODgzNTlEMDAxMDA3RDFDM0QwMDIwMjFGMEJDNTI1MjUxQzkzODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbInqV/6prldqA6BUpikssICGf
OcnrG/NdH4TId7NegCjmQU1uX5b0tDxXlku3eZCt5ZAeAzCSbyV0wGxStpKKkU0S
zgT18690C/CruFa3w9a8YvVTo0F+Tvcz9dBdthAM1ZrPfl9HkDMHwYPn1RAkmAwa
c92cTUqIlLALf5/w6CLgn8X5ScuR2fFE7fBvLCCXVRa20GvW05o4h2i2lByisZ6Z
SdeNbSLNvy66bu6UM6CeYFVT1qrN+dEvBtjgejqPjBT1wmQjLW844HMJkgHeN9OZ
xuU1Mmav+amBADwrkak8oQ69Yn0qlXDAfb7r1zvj2MhwfFBGvdml/ISwb0LbAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUNYg1nQAQB9HD0AICHwvFJSUck4IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAtdY5
AwQAv2VNAwQAv2V7MA0GCSqGSIb3DQEBCwUAA4IBAQAfnMV7cyY6QL8JjhkIue9c
iKdpls5TcTdbVNSMqj32NB12AZEMmYt/8Mj/0Ez8vVfOgiTLji8mQ0xfKPrAeCLd
pbgeaPlMKniY9MHqQJpmgFzdXR61x5o73LUeDNedO7qmZvwceVXdzkWe0Rsfr48v
g5wifz8tyXThMFw9Dl2AenhkKS7Gm73nH7WdPRXMVW1yqqb2fYAah8Aaj40rpWiN
rChTU4PgtxjvSIPNuwGyjYEbML+EDkRdTTNGw8a63ohMGzbo9gKmoWYljr8jrtZi
3Ag/Ij/u+eLgnKfr+u4/qZx/ffJcYLAtweDnM0Ty4OyAov0tRdT3/KFpP0LgBHiy
-----END CERTIFICATE-----