Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59432.roa
File:                     AS59432.roa (raw, json)
Hash identifier:          wKI7qns7OdBl04u/Pwor1wL8AlaGpH0Fj5FSGYpgxbc=
Subject key identifier:   4E:A5:E2:6E:DD:CC:00:F0:71:CC:89:CF:CB:59:F3:B6:A7:7A:FD:AA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5ECEE65C03B3381B08EC57125CD01699662FF60D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59432.roa
Signing time:             Thu 27 Mar 2025 12:00:53 +0000
ROA not before:           Thu 27 Mar 2025 11:55:53 +0000
ROA not after:            Thu 26 Mar 2026 12:00:53 +0000
asID:                     59432
IP address blocks:        181.214.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ce:e6:5c:03:b3:38:1b:08:ec:57:12:5c:d0:16:99:66:2f:f6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 27 11:55:53 2025 GMT
            Not After : Mar 26 12:00:53 2026 GMT
        Subject: CN=4EA5E26EDDCC00F071CC89CFCB59F3B6A77AFDAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:89:b9:51:25:fc:97:10:f1:8f:2a:10:82:50:
                    3a:01:38:bf:b1:04:4b:a9:4f:d3:54:48:c0:8d:59:
                    7e:1f:44:6f:b1:7f:86:1f:56:c5:a1:0e:b9:39:dc:
                    c4:f3:4e:24:e3:a5:10:e4:7d:48:3d:7c:df:60:98:
                    5f:9e:40:09:bd:47:88:63:83:30:7f:ff:63:ed:77:
                    47:2b:e9:e2:27:ad:be:6b:9c:37:dc:04:b3:4d:a2:
                    50:37:cf:93:08:3f:16:7d:4e:47:c3:7d:2d:97:f6:
                    7a:d6:91:d0:1a:e1:fa:a3:87:02:0f:14:a4:9e:da:
                    ac:90:e3:a6:b1:a2:6d:dd:4e:68:69:89:4f:cf:3c:
                    a8:86:27:88:83:c5:3b:11:80:a8:ee:f5:06:b3:66:
                    e7:b1:7e:f6:0a:a8:03:a6:d9:db:d5:4c:79:fe:ef:
                    44:bc:1b:24:8a:ba:6d:b5:90:22:c4:9d:52:f0:57:
                    32:99:92:b1:e4:49:5b:60:80:a4:fb:fe:3a:fe:50:
                    42:86:7a:93:8d:51:cd:26:51:e2:c9:13:ab:44:7b:
                    f5:9a:99:15:cb:97:b8:99:88:a8:cd:29:39:ef:17:
                    cb:fd:bc:99:14:1b:22:43:40:8b:7d:12:07:aa:12:
                    17:6d:61:fb:d6:f1:e7:a2:2f:0f:b8:f7:69:31:20:
                    fd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A5:E2:6E:DD:CC:00:F0:71:CC:89:CF:CB:59:F3:B6:A7:7A:FD:AA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d2:d5:e2:b5:ca:6f:c2:13:82:da:7e:1a:37:ee:96:34:2c:
         8e:48:c5:3a:cf:f9:ff:4d:2b:83:a4:08:9f:95:6a:48:d1:a3:
         67:93:b7:8c:4d:fe:ae:34:35:8f:9a:48:28:aa:ba:bb:1d:d0:
         7a:e2:dc:a5:de:92:a0:39:d7:1b:24:92:ee:26:cb:53:1e:21:
         f7:3c:0d:7a:3d:ec:57:7c:38:c6:01:ed:9c:52:3f:69:be:7e:
         4d:9e:00:e1:a3:40:c1:07:5a:ee:f4:97:cc:ae:99:a8:4a:44:
         88:7c:4f:85:bf:04:2c:8b:bc:c9:1a:bf:58:61:ae:41:cc:f7:
         66:a1:0e:ed:cf:48:59:e4:1b:36:06:f2:19:0e:b0:a4:94:9e:
         2a:7c:96:2c:88:93:9c:6a:dc:3a:05:44:7d:5d:92:5e:45:c6:
         9f:46:c9:f1:c2:da:6c:da:dc:63:f4:26:1f:56:46:56:fd:1e:
         ed:a0:6b:ec:80:66:42:b4:9d:05:11:7d:54:42:f6:66:82:d7:
         aa:3f:d1:31:1f:ff:5e:68:c4:60:04:56:74:b1:48:46:75:7b:
         32:74:59:a2:27:83:c6:1e:6b:3b:8d:a5:c6:2e:3a:9c:c5:47:
         12:2f:19:5b:f7:27:2f:bf:75:7b:4e:22:b2:86:87:85:06:d3:
         2b:ac:df:e8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXs7mXAOzOBsI7FcSXNAWmWYv9g0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAzMjcxMTU1NTNaFw0yNjAzMjYxMjAwNTNaMDMxMTAvBgNV
BAMTKDRFQTVFMjZFRERDQzAwRjA3MUNDODlDRkNCNTlGM0I2QTc3QUZEQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1iblRJfyXEPGPKhCCUDoBOL+x
BEupT9NUSMCNWX4fRG+xf4YfVsWhDrk53MTzTiTjpRDkfUg9fN9gmF+eQAm9R4hj
gzB//2Ptd0cr6eInrb5rnDfcBLNNolA3z5MIPxZ9TkfDfS2X9nrWkdAa4fqjhwIP
FKSe2qyQ46axom3dTmhpiU/PPKiGJ4iDxTsRgKju9QazZuexfvYKqAOm2dvVTHn+
70S8GySKum21kCLEnVLwVzKZkrHkSVtggKT7/jr+UEKGepONUc0mUeLJE6tEe/Wa
mRXLl7iZiKjNKTnvF8v9vJkUGyJDQIt9EgeqEhdtYfvW8eeiLw+492kxIP2BAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTqXibt3MAPBxzInPy1nztqd6/aowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTk0MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11ikw
DQYJKoZIhvcNAQELBQADggEBAD/S1eK1ym/CE4Lafho37pY0LI5IxTrP+f9NK4Ok
CJ+VakjRo2eTt4xN/q40NY+aSCiqursd0Hri3KXekqA51xskku4my1MeIfc8DXo9
7Fd8OMYB7ZxSP2m+fk2eAOGjQMEHWu70l8yumahKRIh8T4W/BCyLvMkav1hhrkHM
92ahDu3PSFnkGzYG8hkOsKSUnip8liyIk5xq3DoFRH1dkl5Fxp9GyfHC2mza3GP0
Jh9WRlb9Hu2ga+yAZkK0nQURfVRC9maC16o/0TEf/15oxGAEVnSxSEZ1ezJ0WaIn
g8YeazuNpcYuOpzFRxIvGVv3Jy+/dXtOIrKGh4UG0yus3+g=
-----END CERTIFICATE-----