Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
File:                     AS57814.roa (raw, json)
Hash identifier:          7/dtmGBF0JJJdb0eX2KNgBaWDRaIy0hoT6eTBc2glrw=
Subject key identifier:   AC:E8:78:E9:43:14:F3:AA:BD:F1:BA:0F:FF:7C:0F:A9:CA:B0:66:B7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       33E3C80F384B9030F2B9FEFEB7AD9499E105425D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa
Signing time:             Thu 15 May 2025 09:54:08 +0000
ROA not before:           Thu 15 May 2025 09:49:08 +0000
ROA not after:            Thu 14 May 2026 09:54:08 +0000
asID:                     57814
IP address blocks:        45.95.20.0/24 maxlen: 24
                          109.106.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e3:c8:0f:38:4b:90:30:f2:b9:fe:fe:b7:ad:94:99:e1:05:42:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 15 09:49:08 2025 GMT
            Not After : May 14 09:54:08 2026 GMT
        Subject: CN=ACE878E94314F3AABDF1BA0FFF7C0FA9CAB066B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:83:ff:28:09:39:95:55:ca:d2:d9:20:71:a8:
                    db:3f:f4:1a:66:fa:f8:62:25:9b:64:5d:2c:0a:6d:
                    9c:15:8c:67:86:47:74:77:ee:26:7e:85:05:82:87:
                    24:d1:40:e4:6d:49:3d:6c:fb:8f:b4:c7:f2:f1:9c:
                    40:e6:a9:ff:42:33:0e:0e:e8:43:9e:f5:2d:e6:6d:
                    c7:ca:75:dc:0d:b6:59:ce:47:df:ab:a8:d1:55:db:
                    65:11:b7:6e:e8:db:19:c1:91:dd:84:b9:84:8b:ee:
                    66:d6:4a:03:4d:b9:75:49:73:9d:fd:04:2d:75:d2:
                    8d:50:3d:b2:fb:77:78:40:ac:6c:d8:f7:5c:8d:d1:
                    32:41:cc:5c:30:1a:75:73:e3:32:cc:2f:0a:c7:8a:
                    e9:29:2d:ce:87:58:6f:cd:99:b2:1a:93:1c:0b:36:
                    bc:81:82:ce:3d:46:bc:2c:b8:91:99:54:62:c3:ec:
                    39:b7:8c:16:06:74:7e:a5:65:56:ba:fd:58:a3:e5:
                    2f:86:10:cd:20:81:13:01:b9:85:16:44:c0:5d:56:
                    6c:e4:5f:f1:bd:ce:15:d4:f8:12:d9:25:3e:f2:9c:
                    59:f5:25:2e:1b:f5:b6:43:3b:31:c0:b1:76:a0:1e:
                    d1:9b:f6:de:6d:e4:55:7e:58:02:2c:ae:09:94:d1:
                    2d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E8:78:E9:43:14:F3:AA:BD:F1:BA:0F:FF:7C:0F:A9:CA:B0:66:B7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57814.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.20.0/24
                  109.106.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:ca:ff:d3:28:75:b8:d5:81:5d:d9:9f:66:b3:70:72:22:17:
         be:2f:8a:b4:78:da:25:1c:2f:df:27:5c:8e:c4:b1:86:e7:27:
         d8:16:2f:7c:67:f2:d4:6b:ab:a6:8d:6c:47:4d:36:ed:d6:f4:
         fd:8c:02:b3:73:94:0b:e4:9c:ba:9e:43:af:f0:d9:a6:b3:4f:
         a9:75:ae:25:27:b0:1e:c8:18:81:53:de:a9:2a:37:9f:4f:5a:
         59:f8:b4:12:98:94:85:ef:5e:d2:f6:8e:07:08:43:00:ad:3b:
         ff:86:2e:9e:ec:36:49:c5:80:4e:a1:03:aa:49:2e:9b:b2:85:
         3c:ab:10:74:a2:7b:32:1a:f4:10:90:55:6a:90:19:36:53:02:
         5c:2c:96:da:98:ae:b5:e0:d2:86:8d:7a:da:ad:2a:ec:79:f7:
         c0:de:f9:90:f8:44:a6:1d:68:c0:1c:75:08:53:21:23:ae:0e:
         da:da:7d:34:60:3d:51:e7:25:44:ad:08:47:e2:26:6b:ba:89:
         00:31:5e:4d:9c:06:95:5e:df:a0:52:32:8c:ff:62:18:3e:ab:
         e7:e2:59:c8:f0:a9:34:58:2c:a8:5f:5f:95:b5:e9:5c:19:5a:
         3e:a2:cc:0c:2f:3f:1c:f4:b4:c2:37:36:46:41:2d:5c:4d:8d:
         d1:7c:e7:74
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUM+PIDzhLkDDyuf7+t62UmeEFQl0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MTUwOTQ5MDhaFw0yNjA1MTQwOTU0MDhaMDMxMTAvBgNV
BAMTKEFDRTg3OEU5NDMxNEYzQUFCREYxQkEwRkZGN0MwRkE5Q0FCMDY2QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhg/8oCTmVVcrS2SBxqNs/9Bpm
+vhiJZtkXSwKbZwVjGeGR3R37iZ+hQWChyTRQORtST1s+4+0x/LxnEDmqf9CMw4O
6EOe9S3mbcfKddwNtlnOR9+rqNFV22URt27o2xnBkd2EuYSL7mbWSgNNuXVJc539
BC110o1QPbL7d3hArGzY91yN0TJBzFwwGnVz4zLMLwrHiukpLc6HWG/NmbIakxwL
NryBgs49RrwsuJGZVGLD7Dm3jBYGdH6lZVa6/Vij5S+GEM0ggRMBuYUWRMBdVmzk
X/G9zhXU+BLZJT7ynFn1JS4b9bZDOzHAsXagHtGb9t5t5FV+WAIsrgmU0S2hAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUrOh46UMU86q98boP/3wPqcqwZrcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc4MTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAtXxQD
BABtagAwDQYJKoZIhvcNAQELBQADggEBAIzK/9ModbjVgV3Zn2azcHIiF74virR4
2iUcL98nXI7EsYbnJ9gWL3xn8tRrq6aNbEdNNu3W9P2MArNzlAvknLqeQ6/w2aaz
T6l1riUnsB7IGIFT3qkqN59PWln4tBKYlIXvXtL2jgcIQwCtO/+GLp7sNknFgE6h
A6pJLpuyhTyrEHSiezIa9BCQVWqQGTZTAlwsltqYrrXg0oaNetqtKux598De+ZD4
RKYdaMAcdQhTISOuDtrafTRgPVHnJUStCEfiJmu6iQAxXk2cBpVe36BSMoz/Yhg+
q+fiWcjwqTRYLKhfX5W16VwZWj6izAwvPxz0tMI3NkZBLVxNjdF853Q=
-----END CERTIFICATE-----