Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa
File:                     AS62425.roa (raw, json)
Hash identifier:          tqdJ2hZRl9JvWeuSdK4ALOU4TE5F15bSnOAdH/KXRTQ=
Subject key identifier:   52:D9:58:46:A8:DA:E3:CB:EB:EA:1A:5F:F0:4D:67:5C:1A:73:FE:E1
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5C68BED97DB6C916CF99EAE6BB7907F63F64B90D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa
Signing time:             Fri 23 Jun 2023 12:00:34 +0000
ROA not before:           Fri 23 Jun 2023 11:55:34 +0000
ROA not after:            Fri 21 Jun 2024 12:00:34 +0000
asID:                     62425
IP address blocks:        181.214.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:68:be:d9:7d:b6:c9:16:cf:99:ea:e6:bb:79:07:f6:3f:64:b9:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 23 11:55:34 2023 GMT
            Not After : Jun 21 12:00:34 2024 GMT
        Subject: CN=52D95846A8DAE3CBEBEA1A5FF04D675C1A73FEE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b5:04:64:ae:77:79:38:c4:f6:36:74:6a:e0:
                    9f:74:5b:8b:39:00:c4:41:9a:d5:c4:59:a7:98:db:
                    ea:dd:1b:94:fb:7f:36:71:97:14:01:77:85:a9:e6:
                    43:ca:46:2f:57:4d:20:06:f1:3a:54:f8:2c:b3:10:
                    01:f1:aa:10:c3:c6:1b:e7:86:4b:62:01:a4:fd:b3:
                    c3:8c:99:4f:10:c4:85:01:84:85:0a:5b:18:18:a6:
                    d8:53:a6:62:f9:8e:3c:fd:c2:35:85:82:50:61:41:
                    4a:2a:5c:a6:31:b9:29:cf:dc:5d:5e:3d:b3:ee:97:
                    4c:bd:27:08:a4:61:51:6a:6d:ed:a9:65:9c:98:29:
                    43:31:c2:f4:e2:37:d4:c4:42:e0:69:56:96:c4:bd:
                    a5:5e:2c:a4:3b:58:b1:7a:ab:46:26:42:10:03:e3:
                    c5:ba:3a:23:04:7d:19:87:37:af:35:8d:fb:98:ba:
                    8a:eb:62:98:f9:9e:6c:07:4e:3f:25:7b:31:ce:64:
                    5c:88:49:18:5c:55:28:03:2b:b2:97:36:29:fb:de:
                    4d:3b:48:25:30:91:27:d4:a3:e5:97:16:2a:cd:cc:
                    ce:e9:d5:f5:c7:a3:1b:ae:41:8a:28:43:6c:d4:71:
                    13:b0:0c:4a:61:0a:65:11:3d:6c:c4:3b:7f:3d:02:
                    09:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D9:58:46:A8:DA:E3:CB:EB:EA:1A:5F:F0:4D:67:5C:1A:73:FE:E1
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS62425.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:43:a6:32:19:fe:c4:c4:c9:8f:d3:fc:5d:03:50:04:f8:9c:
         57:a3:17:92:2a:0e:7e:e3:b5:1d:b2:ae:40:e0:29:10:ce:20:
         a8:83:2e:9e:96:d3:c9:f3:5f:88:fc:9b:fc:a4:34:fe:08:d3:
         86:e0:83:25:ec:99:e0:68:ea:11:8d:30:0d:f3:47:6e:9a:a1:
         57:c4:cf:2a:ae:a7:03:07:a0:45:33:ce:29:dc:cb:9d:5f:a6:
         75:5c:fe:d3:99:d2:45:5d:0a:2a:97:7b:93:e2:e6:4e:4f:f7:
         bf:08:a7:32:17:cb:ec:49:75:02:d7:d0:4a:c8:a5:0f:40:23:
         1d:42:8d:d1:1d:9a:b5:08:f8:66:f5:e2:40:da:42:79:e7:e1:
         d2:f7:6f:86:ba:ab:93:0b:d2:53:75:e4:74:95:27:75:f1:14:
         83:b0:9d:1b:78:51:c6:80:9b:55:f4:b7:88:62:04:f0:1c:5b:
         80:43:d1:82:fa:e6:1e:02:55:62:43:83:34:25:25:57:e6:97:
         54:35:8a:e7:a5:af:6e:5b:92:3d:21:35:0a:20:35:d0:a1:44:
         08:25:ae:1e:90:6b:4b:41:d5:4b:10:6a:91:e4:05:26:50:52:
         92:91:dc:e6:7a:4b:48:e1:8b:32:1a:1f:66:97:c9:07:15:1f:
         49:ff:a5:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUXGi+2X22yRbPmermu3kH9j9kuQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA2MjMxMTU1MzRaFw0yNDA2MjExMjAwMzRaMDMxMTAvBgNV
BAMTKDUyRDk1ODQ2QThEQUUzQ0JFQkVBMUE1RkYwNEQ2NzVDMUE3M0ZFRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOtQRkrnd5OMT2NnRq4J90W4s5
AMRBmtXEWaeY2+rdG5T7fzZxlxQBd4Wp5kPKRi9XTSAG8TpU+CyzEAHxqhDDxhvn
hktiAaT9s8OMmU8QxIUBhIUKWxgYpthTpmL5jjz9wjWFglBhQUoqXKYxuSnP3F1e
PbPul0y9JwikYVFqbe2pZZyYKUMxwvTiN9TEQuBpVpbEvaVeLKQ7WLF6q0YmQhAD
48W6OiMEfRmHN681jfuYuorrYpj5nmwHTj8lezHOZFyISRhcVSgDK7KXNin73k07
SCUwkSfUo+WXFirNzM7p1fXHoxuuQYooQ2zUcROwDEphCmURPWzEO389AgmbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUtlYRqja48vr6hpf8E1nXBpz/uEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjI0MjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11pow
DQYJKoZIhvcNAQELBQADggEBAKdDpjIZ/sTEyY/T/F0DUAT4nFejF5IqDn7jtR2y
rkDgKRDOIKiDLp6W08nzX4j8m/ykNP4I04bggyXsmeBo6hGNMA3zR26aoVfEzyqu
pwMHoEUzzincy51fpnVc/tOZ0kVdCiqXe5Pi5k5P978IpzIXy+xJdQLX0ErIpQ9A
Ix1CjdEdmrUI+Gb14kDaQnnn4dL3b4a6q5ML0lN15HSVJ3XxFIOwnRt4UcaAm1X0
t4hiBPAcW4BD0YL65h4CVWJDgzQlJVfml1Q1iuelr25bkj0hNQogNdChRAglrh6Q
a0tB1UsQapHkBSZQUpKR3OZ6S0jhizIaH2aXyQcVH0n/peQ=
-----END CERTIFICATE-----