Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57935.roa
File:                     AS57935.roa (raw, json)
Hash identifier:          ZwsnJwEi9FJmwiU63UKoeh+E/U+LaDxHhy4hnTCZeeM=
Subject key identifier:   A2:DF:F1:68:5B:DD:CC:CE:38:8F:89:F1:A3:6D:49:72:55:21:67:82
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3B109600640EE9DE3680BC28D5A4A487D30C5450
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57935.roa
Signing time:             Fri 02 Feb 2024 11:55:34 +0000
ROA not before:           Fri 02 Feb 2024 11:50:34 +0000
ROA not after:            Fri 31 Jan 2025 11:55:34 +0000
asID:                     57935
IP address blocks:        185.137.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:10:96:00:64:0e:e9:de:36:80:bc:28:d5:a4:a4:87:d3:0c:54:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  2 11:50:34 2024 GMT
            Not After : Jan 31 11:55:34 2025 GMT
        Subject: CN=A2DFF1685BDDCCCE388F89F1A36D497255216782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:17:31:df:25:6a:f3:27:b5:cc:3a:21:6d:08:
                    99:e8:33:fd:1a:11:65:00:fc:58:37:aa:fd:23:25:
                    06:c4:a9:3e:27:df:c4:30:b7:81:8d:01:30:60:3c:
                    99:a8:1e:23:de:b6:01:bf:40:72:83:aa:68:8e:f2:
                    9d:06:86:c9:88:69:4e:b2:e0:63:1c:53:48:af:e4:
                    53:33:b8:ad:57:51:7c:46:17:ca:c1:67:cd:e4:c5:
                    e6:8c:fc:93:f3:55:c3:3a:86:f2:2c:45:02:e2:4b:
                    e4:74:e4:ba:73:a1:67:de:9c:75:71:58:db:04:92:
                    98:c4:d5:a2:21:74:45:a6:e1:59:32:7a:7e:3c:22:
                    2a:25:2a:e0:10:19:1c:af:38:29:ac:67:94:bc:4e:
                    54:15:df:90:85:99:a4:2f:3f:23:3e:76:09:43:b5:
                    e2:06:b0:40:b2:ae:8d:54:9e:ef:65:bc:27:45:04:
                    58:84:27:7a:a3:a0:6a:a2:dc:79:67:8c:b8:a0:36:
                    1f:b3:db:5d:72:79:3a:28:68:27:11:34:93:49:03:
                    d5:9c:ad:cd:5e:73:38:e6:ee:78:01:27:b8:d9:5f:
                    c7:a3:47:3b:90:68:a0:e3:91:49:e5:e9:9d:2e:f0:
                    85:e3:f2:09:1d:f4:b5:57:7c:4d:d9:6d:40:e0:4e:
                    e7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:DF:F1:68:5B:DD:CC:CE:38:8F:89:F1:A3:6D:49:72:55:21:67:82
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS57935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:f9:41:f8:8c:e2:0f:55:a3:ec:13:43:40:26:39:26:af:dc:
         17:c3:2e:3f:21:64:af:fa:cc:ad:fd:25:a2:d1:ab:7a:c5:1d:
         c5:26:b1:ed:7b:24:f7:67:8e:a8:45:0e:18:58:c7:cc:a4:6d:
         7c:61:9c:14:fa:66:4a:ea:41:ad:3c:77:05:4e:32:95:d8:58:
         7f:b0:37:fd:aa:6d:28:c6:f1:bc:9e:8a:e7:0b:33:21:fa:15:
         f9:19:f2:db:d0:97:99:52:42:f0:8f:73:e8:1d:a5:70:e6:ea:
         0f:30:6e:77:58:c0:45:7a:1d:82:58:ca:6c:8a:f0:35:d9:3d:
         2b:93:35:87:8b:48:5a:98:f0:e6:34:65:f5:36:86:7a:cd:50:
         59:ad:37:52:ab:37:3b:f7:7b:9c:a1:cd:3c:82:86:9c:06:4a:
         c7:77:2d:e2:34:ce:e5:1d:81:62:aa:66:81:83:4c:0c:38:80:
         78:d5:c8:7a:be:39:a3:ca:e7:88:40:45:93:5d:bf:aa:ab:2f:
         e5:35:12:8b:08:b1:86:5b:f2:dd:c0:93:ae:e1:96:a6:7d:e1:
         3e:b9:15:40:20:88:6e:e0:da:7c:fc:8d:44:f2:5d:d4:b4:07:
         b1:a1:fa:8e:4f:f4:fb:84:8c:b1:70:e2:05:b1:b4:a0:0e:bf:
         4a:00:af:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOxCWAGQO6d42gLwo1aSkh9MMVFAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMDIxMTUwMzRaFw0yNTAxMzExMTU1MzRaMDMxMTAvBgNV
BAMTKEEyREZGMTY4NUJERENDQ0UzODhGODlGMUEzNkQ0OTcyNTUyMTY3ODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaFzHfJWrzJ7XMOiFtCJnoM/0a
EWUA/Fg3qv0jJQbEqT4n38Qwt4GNATBgPJmoHiPetgG/QHKDqmiO8p0GhsmIaU6y
4GMcU0iv5FMzuK1XUXxGF8rBZ83kxeaM/JPzVcM6hvIsRQLiS+R05LpzoWfenHVx
WNsEkpjE1aIhdEWm4Vkyen48IiolKuAQGRyvOCmsZ5S8TlQV35CFmaQvPyM+dglD
teIGsECyro1Unu9lvCdFBFiEJ3qjoGqi3HlnjLigNh+z211yeTooaCcRNJNJA9Wc
rc1eczjm7ngBJ7jZX8ejRzuQaKDjkUnl6Z0u8IXj8gkd9LVXfE3ZbUDgTucdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUot/xaFvdzM44j4nxo21JclUhZ4IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTc5MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5iQ4w
DQYJKoZIhvcNAQELBQADggEBAJz5QfiM4g9Vo+wTQ0AmOSav3BfDLj8hZK/6zK39
JaLRq3rFHcUmse17JPdnjqhFDhhYx8ykbXxhnBT6ZkrqQa08dwVOMpXYWH+wN/2q
bSjG8byeiucLMyH6FfkZ8tvQl5lSQvCPc+gdpXDm6g8wbndYwEV6HYJYymyK8DXZ
PSuTNYeLSFqY8OY0ZfU2hnrNUFmtN1KrNzv3e5yhzTyChpwGSsd3LeI0zuUdgWKq
ZoGDTAw4gHjVyHq+OaPK54hARZNdv6qrL+U1EosIsYZb8t3Ak67hlqZ94T65FUAg
iG7g2nz8jUTyXdS0B7Gh+o5P9PuEjLFw4gWxtKAOv0oArwY=
-----END CERTIFICATE-----