Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40244.roa
File:                     AS40244.roa (raw, json)
Hash identifier:          awYsnbqPl41n8jDM/KB7SJecr8WMjYxqQP7AAe9vo3k=
Subject key identifier:   7A:45:D3:87:AE:86:0A:90:CD:64:60:0F:97:B6:5E:FB:BE:F3:CA:16
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1893808F0D23E1A4BC59F318A81219C715CDABAC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40244.roa
Signing time:             Wed 31 Jan 2024 08:05:09 +0000
ROA not before:           Wed 31 Jan 2024 08:00:09 +0000
ROA not after:            Wed 29 Jan 2025 08:05:09 +0000
asID:                     40244
IP address blocks:        181.214.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:93:80:8f:0d:23:e1:a4:bc:59:f3:18:a8:12:19:c7:15:cd:ab:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:09 2024 GMT
            Not After : Jan 29 08:05:09 2025 GMT
        Subject: CN=7A45D387AE860A90CD64600F97B65EFBBEF3CA16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1b:83:b4:34:df:c8:a4:05:53:a3:0f:75:24:
                    54:92:00:ef:5e:1a:2b:29:bb:35:3c:2f:01:ba:f8:
                    2b:db:77:11:87:4a:ae:49:63:27:f8:ca:39:a5:78:
                    af:b4:83:25:8e:01:7c:a9:a1:8c:4f:4e:35:48:a2:
                    c5:fd:e4:2e:a1:3c:a4:cd:26:2a:52:6e:00:fe:7d:
                    b8:07:af:80:9b:44:e6:7d:67:cc:4a:fb:d7:ad:ea:
                    cd:5f:ae:a2:50:1c:bb:69:a9:d9:1e:8f:71:b9:2b:
                    60:99:f2:69:48:2a:aa:64:c8:ad:f5:b4:c4:3b:f6:
                    eb:69:4f:75:f0:ef:e2:77:22:c9:ef:68:dc:75:f2:
                    ac:57:3a:56:14:db:a8:1f:91:0f:3c:eb:0d:4f:fc:
                    b8:7c:e9:f0:c3:b4:ba:35:4d:cd:2e:dd:a6:3d:37:
                    8e:2f:6a:a6:6b:76:52:ca:9a:fd:93:14:56:ab:30:
                    e0:36:8d:6d:fb:6e:6d:6c:ae:09:79:c3:32:07:f5:
                    a9:3c:0b:ce:83:c3:4a:21:67:64:5d:de:e6:da:55:
                    31:76:a0:a6:32:db:e0:e0:30:2a:9d:2e:09:ae:45:
                    ae:46:ad:44:ee:ac:94:e5:5e:21:2c:11:37:e7:2f:
                    b2:9a:8c:26:11:cc:be:70:de:40:97:11:9f:cc:a1:
                    24:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:45:D3:87:AE:86:0A:90:CD:64:60:0F:97:B6:5E:FB:BE:F3:CA:16
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS40244.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:bc:8b:ae:c3:3f:04:7d:03:b8:4d:bd:73:e8:30:f2:f8:a5:
         07:52:28:4a:f6:ee:e3:be:8f:3a:4d:d7:e8:76:6e:60:db:8d:
         36:28:d5:a3:1e:c4:38:2e:89:18:8f:f3:e0:f1:c9:c5:0c:c1:
         dd:df:22:62:ec:a8:22:26:27:a4:8e:6d:40:ce:f0:ac:14:fe:
         e2:a9:9c:b2:e9:fd:84:2b:cc:e8:17:e4:39:b1:f3:52:ad:53:
         82:20:87:78:23:41:32:57:23:c1:56:f4:31:d3:1e:05:d8:46:
         e6:eb:48:73:52:37:c2:ba:0b:ab:e2:4d:b0:e8:90:ee:7f:dd:
         85:4a:16:19:f8:74:02:2a:63:ce:9c:2d:fd:e7:72:94:f4:95:
         82:99:ed:22:cb:f2:44:10:e4:a4:b2:99:f1:db:48:1b:16:26:
         e1:4f:fb:66:0d:2d:af:95:f6:4c:c7:ca:59:6b:d3:97:bf:5a:
         6c:45:82:b9:31:6b:e5:fb:65:b2:13:8f:d5:82:c6:2d:93:27:
         e5:09:4c:99:de:45:86:a1:5c:ea:8d:97:dc:cc:4d:e5:66:ba:
         ad:6c:fe:a8:61:88:62:6b:54:fc:69:ef:2e:0c:bb:2a:8d:52:
         46:c1:35:e0:e7:6d:0b:2d:3e:d0:45:e1:a3:2f:ba:27:92:2a:
         78:6a:ce:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGJOAjw0j4aS8WfMYqBIZxxXNq6wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMDlaFw0yNTAxMjkwODA1MDlaMDMxMTAvBgNV
BAMTKDdBNDVEMzg3QUU4NjBBOTBDRDY0NjAwRjk3QjY1RUZCQkVGM0NBMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmG4O0NN/IpAVTow91JFSSAO9e
GispuzU8LwG6+CvbdxGHSq5JYyf4yjmleK+0gyWOAXypoYxPTjVIosX95C6hPKTN
JipSbgD+fbgHr4CbROZ9Z8xK+9et6s1frqJQHLtpqdkej3G5K2CZ8mlIKqpkyK31
tMQ79utpT3Xw7+J3IsnvaNx18qxXOlYU26gfkQ886w1P/Lh86fDDtLo1Tc0u3aY9
N44vaqZrdlLKmv2TFFarMOA2jW37bm1srgl5wzIH9ak8C86Dw0ohZ2Rd3ubaVTF2
oKYy2+DgMCqdLgmuRa5GrUTurJTlXiEsETfnL7KajCYRzL5w3kCXEZ/MoSQDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUekXTh66GCpDNZGAPl7Ze+77zyhYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAyNDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11pUw
DQYJKoZIhvcNAQELBQADggEBACS8i67DPwR9A7hNvXPoMPL4pQdSKEr27uO+jzpN
1+h2bmDbjTYo1aMexDguiRiP8+DxycUMwd3fImLsqCImJ6SObUDO8KwU/uKpnLLp
/YQrzOgX5Dmx81KtU4Igh3gjQTJXI8FW9DHTHgXYRubrSHNSN8K6C6viTbDokO5/
3YVKFhn4dAIqY86cLf3ncpT0lYKZ7SLL8kQQ5KSymfHbSBsWJuFP+2YNLa+V9kzH
yllr05e/WmxFgrkxa+X7ZbITj9WCxi2TJ+UJTJneRYahXOqNl9zMTeVmuq1s/qhh
iGJrVPxp7y4MuyqNUkbBNeDnbQstPtBF4aMvuieSKnhqzpg=
-----END CERTIFICATE-----