Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
File:                     AS53356.roa (raw, json)
Hash identifier:          +A2TgxmudE5lZcRFm2/FBf8dKfE3397Wry1RqmemXqE=
Subject key identifier:   AF:62:2D:C5:24:AE:DD:49:E2:AE:74:13:A1:B9:96:4E:85:4D:AC:C3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       19BA67F538C54D324E614BDD1AD5B4829398D92A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa
Signing time:             Sat 18 Jan 2025 01:37:37 +0000
ROA not before:           Sat 18 Jan 2025 01:32:37 +0000
ROA not after:            Sat 17 Jan 2026 01:37:37 +0000
asID:                     53356
IP address blocks:        181.214.39.0/24 maxlen: 24
                          181.214.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:ba:67:f5:38:c5:4d:32:4e:61:4b:dd:1a:d5:b4:82:93:98:d9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 18 01:32:37 2025 GMT
            Not After : Jan 17 01:37:37 2026 GMT
        Subject: CN=AF622DC524AEDD49E2AE7413A1B9964E854DACC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:18:9b:b4:16:d4:e5:23:13:2b:f1:be:9c:80:
                    dd:b3:6d:9b:b5:9c:29:34:c7:2a:75:79:97:91:f5:
                    a0:e8:d0:be:12:bb:ec:52:96:82:f3:da:de:94:79:
                    fd:56:77:02:09:1a:e3:a8:64:34:d2:66:2c:65:f3:
                    1f:72:36:bd:1c:95:21:ec:86:44:c3:64:fc:d4:ea:
                    f5:ad:50:3b:85:ba:e7:b0:48:3d:06:a0:06:db:47:
                    47:fe:d1:0b:4d:b5:1c:af:70:8b:ff:8a:fd:77:ef:
                    f1:05:92:95:35:16:d7:15:fd:42:47:89:5d:fb:1d:
                    96:f2:ff:84:83:8b:e4:32:5a:0f:9e:74:ee:34:4f:
                    fa:c1:fe:37:6b:81:84:97:d3:90:a7:54:bb:8f:2a:
                    8a:41:1c:9f:c1:9e:90:c8:fc:22:13:1f:fd:62:e1:
                    81:f4:58:a7:5a:5d:f4:17:ad:57:55:6a:c7:4f:fd:
                    4b:3f:c6:af:a3:cc:77:c0:18:5f:c9:01:3e:26:65:
                    02:65:df:b3:76:44:6d:f7:e4:f4:fe:2a:52:2e:f2:
                    e3:67:5f:c6:69:23:f2:32:60:70:82:78:32:b5:80:
                    a1:b3:a3:31:0f:54:4a:1a:ef:c9:81:72:d8:99:21:
                    d0:15:91:35:5c:df:88:67:a3:7c:aa:59:1a:f7:3a:
                    39:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:62:2D:C5:24:AE:DD:49:E2:AE:74:13:A1:B9:96:4E:85:4D:AC:C3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS53356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.39.0/24
                  181.214.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:94:34:2f:59:f6:44:09:f9:aa:a9:00:6b:43:93:93:a5:54:
         56:d5:00:7b:5d:3e:01:de:3b:29:64:5b:db:c7:97:81:aa:e5:
         4c:19:97:f1:aa:12:de:67:78:dc:76:3c:74:31:ce:9a:cc:79:
         18:10:ba:4d:47:60:fc:bf:1b:e5:98:0a:36:e3:d7:ef:be:5d:
         e8:34:76:28:e8:f5:87:f6:08:d8:4e:d8:cd:80:fb:e0:f4:7c:
         80:3e:24:d8:83:31:20:1d:0b:e9:6c:61:bc:f8:82:18:f3:c0:
         e1:26:bd:64:f2:1b:e6:2c:9a:33:bb:9c:e2:1d:e6:bd:da:0d:
         ef:07:21:1c:9e:dd:25:cc:65:0b:e7:cf:74:0e:14:38:20:01:
         68:8b:81:ea:ed:0f:5e:6f:f0:cd:60:fa:cb:f6:3c:91:57:16:
         40:56:23:64:34:93:2a:de:03:85:ed:83:80:be:2b:62:64:06:
         48:f9:08:f2:68:2a:aa:ca:eb:b4:71:10:86:ad:03:51:08:31:
         12:78:59:f9:94:ba:3a:fe:4f:75:ff:4c:67:a1:69:55:d7:24:
         74:55:5a:d4:d4:70:1b:ed:3c:27:57:87:41:84:c7:37:5d:de:
         e7:dc:52:13:b7:59:24:6f:b7:f9:01:2c:a4:9e:96:68:ba:10:
         b2:64:55:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUGbpn9TjFTTJOYUvdGtW0gpOY2SowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTgwMTMyMzdaFw0yNjAxMTcwMTM3MzdaMDMxMTAvBgNV
BAMTKEFGNjIyREM1MjRBRURENDlFMkFFNzQxM0ExQjk5NjRFODU0REFDQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEGJu0FtTlIxMr8b6cgN2zbZu1
nCk0xyp1eZeR9aDo0L4Su+xSloLz2t6Uef1WdwIJGuOoZDTSZixl8x9yNr0clSHs
hkTDZPzU6vWtUDuFuuewSD0GoAbbR0f+0QtNtRyvcIv/iv137/EFkpU1FtcV/UJH
iV37HZby/4SDi+QyWg+edO40T/rB/jdrgYSX05CnVLuPKopBHJ/BnpDI/CITH/1i
4YH0WKdaXfQXrVdVasdP/Us/xq+jzHfAGF/JAT4mZQJl37N2RG335PT+KlIu8uNn
X8ZpI/IyYHCCeDK1gKGzozEPVEoa78mBctiZIdAVkTVc34hno3yqWRr3OjkHAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUr2ItxSSu3UnirnQTobmWToVNrMMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTMzNTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC11icD
BAC11jYwDQYJKoZIhvcNAQELBQADggEBALWUNC9Z9kQJ+aqpAGtDk5OlVFbVAHtd
PgHeOylkW9vHl4Gq5UwZl/GqEt5neNx2PHQxzprMeRgQuk1HYPy/G+WYCjbj1+++
Xeg0dijo9Yf2CNhO2M2A++D0fIA+JNiDMSAdC+lsYbz4ghjzwOEmvWTyG+YsmjO7
nOId5r3aDe8HIRye3SXMZQvnz3QOFDggAWiLgertD15v8M1g+sv2PJFXFkBWI2Q0
kyreA4Xtg4C+K2JkBkj5CPJoKqrK67RxEIatA1EIMRJ4WfmUujr+T3X/TGehaVXX
JHRVWtTUcBvtPCdXh0GExzdd3ufcUhO3WSRvt/kBLKSelmi6ELJkVds=
-----END CERTIFICATE-----