Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa
File:                     AS55201.roa (raw, json)
Hash identifier:          iZqOoHNvrJqwiP+R5Xpr9uDiJeOyXVzipa5pKj/k8h8=
Subject key identifier:   14:CE:95:BD:D5:95:0F:70:06:0C:10:20:4D:41:47:06:71:1D:A2:A2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3D592FB8D045F80256F1A79CC44E8F7B53DA9DCF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa
Signing time:             Wed 19 Mar 2025 19:51:38 +0000
ROA not before:           Wed 19 Mar 2025 19:46:38 +0000
ROA not after:            Wed 18 Mar 2026 19:51:38 +0000
asID:                     55201
IP address blocks:        181.215.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:59:2f:b8:d0:45:f8:02:56:f1:a7:9c:c4:4e:8f:7b:53:da:9d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 19:46:38 2025 GMT
            Not After : Mar 18 19:51:38 2026 GMT
        Subject: CN=14CE95BDD5950F70060C10204D414706711DA2A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fb:36:e8:a1:48:b7:ab:c7:af:82:b5:e2:d5:
                    3d:f5:1b:16:e3:f6:23:44:60:51:78:ee:e5:8f:32:
                    ae:87:10:29:2e:70:34:a9:b1:a3:a0:75:36:4e:57:
                    a2:7f:aa:a9:8c:58:e4:af:8a:8b:31:59:5b:af:85:
                    99:56:a6:ae:fa:35:68:1c:2f:40:df:3d:2a:9d:71:
                    88:f0:0a:6c:ad:c0:5f:7f:76:d4:e7:a3:fe:97:18:
                    87:93:60:6f:53:a8:01:14:86:62:19:fe:21:e3:60:
                    39:85:3f:97:78:19:2d:a0:c4:e5:8d:16:5b:26:cd:
                    f4:a9:d8:55:c5:b4:10:61:72:75:fc:b5:ed:67:91:
                    7d:df:9b:d3:4d:75:07:3e:ea:af:73:53:a3:56:70:
                    70:1c:6b:ad:61:1c:1e:5c:f9:05:be:9d:11:83:87:
                    54:97:44:ce:59:6e:4a:2d:f1:bb:ff:18:ae:9e:09:
                    bc:5a:f1:74:f2:b7:c1:7f:ad:e5:f1:d9:b1:3a:02:
                    4f:52:9e:01:7c:67:d3:c6:03:3d:89:1c:42:b3:a8:
                    48:e7:c2:35:9f:b7:99:7e:64:a9:55:d8:b4:15:0a:
                    50:5a:0e:12:5d:93:0f:af:20:10:84:6a:56:01:73:
                    6b:f2:78:16:91:42:e4:43:b5:b7:58:d0:88:f9:e4:
                    c7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:CE:95:BD:D5:95:0F:70:06:0C:10:20:4D:41:47:06:71:1D:A2:A2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS55201.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ba:24:1e:9a:a9:98:72:e1:d1:55:09:72:c3:c6:b6:92:42:
         37:86:1f:f4:1f:ac:c6:47:57:f7:b1:c5:dc:3c:1b:6e:23:29:
         66:b4:83:2d:62:8b:76:f8:7a:c5:6f:11:03:b3:fe:24:24:01:
         7a:ba:da:1c:eb:4f:43:f4:22:26:c6:91:83:35:ec:3f:d8:b2:
         71:0f:db:98:cd:db:48:4d:07:99:d2:0c:79:5b:1d:73:fe:8a:
         e6:82:bd:b0:66:80:68:ff:9f:df:68:30:11:7d:b0:d6:16:41:
         44:1a:d3:76:3e:0b:a5:4c:cc:9f:e4:ed:eb:f4:7b:b6:5a:bc:
         6b:18:9e:82:c3:02:aa:8c:4e:c9:95:d3:84:b2:f8:bc:96:11:
         e0:6c:22:d5:69:0c:5f:91:e8:68:55:f9:68:d1:3a:b9:55:c7:
         ec:30:8f:f5:25:66:e6:35:c6:ff:5e:1d:96:e5:a8:67:74:5d:
         da:20:6b:be:76:97:fd:8c:e2:50:81:52:2b:9d:cf:f8:16:28:
         11:31:e2:00:4d:65:7a:78:00:f5:33:ca:dc:71:58:85:bf:5d:
         a8:e8:36:3b:22:14:24:65:0c:98:9f:55:7d:b5:10:14:21:3e:
         de:46:51:0f:c6:5e:51:f1:2d:ec:a5:c9:25:f0:67:24:94:2a:
         b5:ce:c4:99
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPVkvuNBF+AJW8aecxE6Pe1Panc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMTkxOTQ2MzhaFw0yNjAzMTgxOTUxMzhaMDMxMTAvBgNV
BAMTKDE0Q0U5NUJERDU5NTBGNzAwNjBDMTAyMDRENDE0NzA2NzExREEyQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq+zbooUi3q8evgrXi1T31Gxbj
9iNEYFF47uWPMq6HECkucDSpsaOgdTZOV6J/qqmMWOSviosxWVuvhZlWpq76NWgc
L0DfPSqdcYjwCmytwF9/dtTno/6XGIeTYG9TqAEUhmIZ/iHjYDmFP5d4GS2gxOWN
FlsmzfSp2FXFtBBhcnX8te1nkX3fm9NNdQc+6q9zU6NWcHAca61hHB5c+QW+nRGD
h1SXRM5Zbkot8bv/GK6eCbxa8XTyt8F/reXx2bE6Ak9SngF8Z9PGAz2JHEKzqEjn
wjWft5l+ZKlV2LQVClBaDhJdkw+vIBCEalYBc2vyeBaRQuRDtbdY0Ij55MfjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUFM6VvdWVD3AGDBAgTUFHBnEdoqIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTUyMDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC118ww
DQYJKoZIhvcNAQELBQADggEBAGa6JB6aqZhy4dFVCXLDxraSQjeGH/QfrMZHV/ex
xdw8G24jKWa0gy1ii3b4esVvEQOz/iQkAXq62hzrT0P0IibGkYM17D/YsnEP25jN
20hNB5nSDHlbHXP+iuaCvbBmgGj/n99oMBF9sNYWQUQa03Y+C6VMzJ/k7ev0e7Za
vGsYnoLDAqqMTsmV04Sy+LyWEeBsItVpDF+R6GhV+WjROrlVx+wwj/UlZuY1xv9e
HZblqGd0Xdoga752l/2M4lCBUiudz/gWKBEx4gBNZXp4APUzytxxWIW/XajoNjsi
FCRlDJifVX21EBQhPt5GUQ/GXlHxLeylySXwZySUKrXOxJk=
-----END CERTIFICATE-----